[PATCH] text backport of fix for tmpfs oops from 2.6.0 final to 2.4.23

From: James McMechan
Date: Tue Dec 30 2003 - 02:13:02 EST

Next message: Tomas Szepe: "Re: [NEW FEATURE]Partitions on loop device for 2.6"
Previous message: Murray J. Root: "Re: 2.6.0 kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stupid free mail program appears to have converted
my message into a octet stream, this should work
even if it is kind of strange. Travel without a good
connection is painful, Hopefully this is readable.

Ok, here is a backport of the patch that went into 2.6.0
to fix the problem where the tmpfs/shmfs dcache could be
oopsed by any user doing a dirseek to offset 2.
This occurs because the when the seek is at the cursor
and then the cursor is deleted, the list_add_tail
tries to attach to the end of the list and gets the
old pointers (poisoned on 2.6) from the list_del.
This fix just deletes the cursor before going over the
list since it can not be a member of the list and should
not be counted, delete it before counting over the list.

--- linux-2.4.23/fs/readdir.c 2002-08-02 17:39:45.000000000 -0700
+++ build-2.4.23-skas/fs/readdir.c 2003-12-23 17:18:37.000000000 -0800
@@ -69,6 +69,7 @@
loff_t n = file->f_pos - 2;

spin_lock(&dcache_lock);
+ list_del(&cursor->d_child);
p = file->f_dentry->d_subdirs.next;
while (n && p != &file->f_dentry->d_subdirs) {
struct dentry *next;
@@ -77,7 +78,6 @@
n--;
p = p->next;
}
- list_del(&cursor->d_child);
list_add_tail(&cursor->d_child, p);
spin_unlock(&dcache_lock);
}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tomas Szepe: "Re: [NEW FEATURE]Partitions on loop device for 2.6"
Previous message: Murray J. Root: "Re: 2.6.0 kernel panic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]