Re: [PATCH] check shm mount succeeded in shmem_file_setup

Rusty Russell (rusty@rustcorp.com.au)
Fri, 19 Jul 2002 17:53:06 +1000


In message <200207190354.WAA05241@ccure.karaya.com> you write:
> The kern_mount(&tmpfs_fs_type) in init_shmem_fs can fail, leaving shm_mnt
> NULL. A subsequent shmget will enter shmem_file_setup, which will blindly
> dereference shm_mnt. EIO was my best guess as to the appropriate errno.

I think the bug is checking the return value at all. This code cannot
be a module (at least without significant furthur work), despite the
fact that someone nicely wrote an exitfunction for it.

And if the initialization fails at boot, we're screwed anyway.

> --- orig/mm/shmem.c Mon Feb 25 12:50:45 2002
> +++ um/mm/shmem.c Thu Jul 18 22:16:11 2002
> @@ -1455,6 +1455,9 @@
> if (!vm_enough_memory((size) >> PAGE_CACHE_SHIFT))
> return ERR_PTR(-ENOMEM);
>
> + if(shm_mnt == NULL)
> + return ERR_PTR(-EIO);
> +
> this.name = name;
> this.len = strlen(name);
> this.hash = 0; /* will go */

Rusty.

--
  Anyone who quotes me in their sig is an idiot. -- Rusty Russell.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/