bug in quota code + patch

Andries.Brouwer@cwi.nl
Tue, 29 Oct 1996 23:31:29 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Albert Cahalan: "new tool"
Previous message: Aaron M. Ucko: "Re: Question about pipe implementation"

The quota code has the following bad bug, no doubt responsible
for the kernel crashes related to umount that people have been
reporting:
lookup_vfsmnt() keeps a pointer mru_vfsmnt for performance
reasons. When remove_vfsmount() disallocates a vfsmount structure,
this pointer is not killed, so that later on lookup_vfsmnt()
may return a pointer to random memory. Chaos is the result.

I conjecture that the following patch will solve these problems.
(Do not use quota myself.)

Andries

--- /nb/linux/linux-2.0.23/linux/fs/super.c Fri Sep 20 22:54:46 1996
+++ super.c Tue Oct 29 23:16:17 1996
@@ -146,6 +146,8 @@
if (vfsmnttail->mnt_dev == dev)
vfsmnttail = lptr;
}
+ if (tofree == mru_vfsmnt)
+ mru_vfsmnt = NULL;
kfree(tofree->mnt_devname);
kfree(tofree->mnt_dirname);
kfree_s(tofree, sizeof(struct vfsmount));

Next message: Albert Cahalan: "new tool"
Previous message: Aaron M. Ucko: "Re: Question about pipe implementation"