Re: [PATCH] 2.6.22-rc6-mm1: hugetlbfs handle empty options string

From: Randy Dunlap
Date: Tue Jul 10 2007 - 17:07:34 EST


On Tue, 10 Jul 2007 15:59:00 -0400 Lee Schermerhorn wrote:

> [PATCH] 2.6.22-rc6-mm1 - hugetlbfs handle empty options string
>
> I was seeing a null pointer deref in fs/super.c:vfs_kern_mount().
> Some file system get_sb() handler was returning NULL mnt_sb with
> a non-negative return value. I also noticed a "hugetlbfs: Bad
> mount option:" message in the log.
>
> Turns out that hugetlbfs_parse_options() was not checking for an
> empty option string after call to strsep(). On failure,
> hugetlbfs_parse_options() returns 1. hugetlbfs_fill_super() just
> passed this return code back up the call stack where
> vfs_kern_mount() missed the error and proceeded with a NULL mnt_sb.
>
> Apparently introduced by patch:
> hugetlbfs-use-lib-parser-fix-docs.patch
>
> The problem was exposed by this line in my fstab:
>
> none /huge hugetlbfs defaults 0 0
>
> It can also be demonstrated by invoking mount of hugetlbfs
> directly with no options or a bogus option.
>
> This patch:
>
> 1) adds the check for empty option to hugetlbfs_parse_options(),
> 2) enhances the error message to bracket any unrecognized
> option with quotes ,
> 3) modifies hugetlbfs_parse_options() to return -EINVAL on any
> unrecognized option,
> 4) adds a BUG_ON() to vfs_kern_mount() to catch any get_sb()
> handler that returns a NULL mnt->mnt_sb with a return value
> >= 0.
>
> Signed-off-by: Lee Schermerhorn <lee.schermerhorn@xxxxxx>
>
> fs/hugetlbfs/inode.c | 8 +++++---
> fs/super.c | 1 +
> 2 files changed, 6 insertions(+), 3 deletions(-)

Argh. Thanks.

Acked-by: Randy Dunlap <randy.dunlap@xxxxxxxxxx>

---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/