Re: Kernel oops (bug) in fs/buffers.c:create_empty_buffers
From: Andrew Morton
Date: Sun Jul 06 2008 - 16:31:19 EST
On Sun, 6 Jul 2008 13:23:02 -0700 Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
> Hi,
>
> caught this one on kerneloops.org:
> http://www.kerneloops.org/searchweek.php?search=create_empty_buffers
>
> void create_empty_buffers(struct page *page,
> unsigned long blocksize, unsigned long b_state)
> {
> struct buffer_head *bh, *head, *tail;
>
> head = alloc_page_buffers(page, blocksize, 1);
> bh = head;
> do {
> bh->b_state |= b_state;
> tail = bh;
> bh = bh->b_this_page;
> } while (bh);
>
>
> turns out, alloc_page_buffers() can fail and return NULL (for AIO for
> example)... yet this code blindly dereferences the result, getting a
> predictable NULL pointer fault.
>
> It's not directly clear what to do about... make this function return
> the failure to the caller?
isofs has a habit of returning impossible block sizes and the
while ((offset -= size) >= 0) {
consequently loops zero times and alloc_page_buffers() returns null.
Someone was having a look at it - maybe Jan?
I assume that the kernloops.org records link back to the original
report somewhere but I can't find it?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/