In message <200207190354.WAA05241@ccure.karaya.com> you write:
> The kern_mount(&tmpfs_fs_type) in init_shmem_fs can fail, leaving shm_mnt
> NULL. A subsequent shmget will enter shmem_file_setup, which will blindly
> dereference shm_mnt. EIO was my best guess as to the appropriate errno.
I think the bug is checking the return value at all. This code cannot
be a module (at least without significant furthur work), despite the
fact that someone nicely wrote an exitfunction for it.
And if the initialization fails at boot, we're screwed anyway.
> --- orig/mm/shmem.c Mon Feb 25 12:50:45 2002
> +++ um/mm/shmem.c Thu Jul 18 22:16:11 2002
> @@ -1455,6 +1455,9 @@
> if (!vm_enough_memory((size) >> PAGE_CACHE_SHIFT))
> return ERR_PTR(-ENOMEM);
>
> + if(shm_mnt == NULL)
> + return ERR_PTR(-EIO);
> +
> this.name = name;
> this.len = strlen(name);
> this.hash = 0; /* will go */
Rusty.
-- Anyone who quotes me in their sig is an idiot. -- Rusty Russell. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Jul 23 2002 - 22:00:29 EST