bug in blkdev <-> VFS interaction. (oops)

Tigran Aivazian (tigran@veritas.com)
Sun, 6 Aug 2000 20:06:41 +0100 (BST)

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.

---1463811838-1592699821-965586854=:954
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.21.0008061956581.954@saturn.homenet>

Hi Alexander,

I have just found an interesting bug. Try mounting read/write a
write-protected floppy in 2.4.0-test6-pre5 (probably also other
kernels). The oops is attached.

The reason is quite clear. When blkdev_get() calls block device open
routine it passes a fake_inode as 'inode' argument and therefore it's
inode->i_sb is not set because it is not known yet (sb=read_super()
happens later than blkdev_get() in get_sb_bdev()). Now, the device open
routine, for example drivers/block/floppy.c:floppy_open() is free to call
permission(inode, mask) on that inode which will in turn do
IS_RDONLY(inode) which dereferences inode->i_sb->s_flags off NULL
inode->i_sb - hence the oops.

So, it looks like to get a bdev we need to blkdev_get it which needs a
superblock but to get a superblock we need a bdev. What do we do?

Regards,
Tigran

---1463811838-1592699821-965586854=:954
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME=oops
Content-ID: <Pine.LNX.4.21.0008061934140.954@saturn.homenet>
Content-Description: oops in 2.4.0-test6-pre5
Content-Disposition: ATTACHMENT; FILENAME=oops
Content-Transfer-Encoding: BASE64

a3N5bW9vcHMgMC43YyBvbiBpNjg2IDIuNC4wLXRlc3Q2LiAgT3B0aW9ucyB1
c2VkDQogICAgIC1WIChkZWZhdWx0KQ0KICAgICAtayAvcHJvYy9rc3ltcyAo
ZGVmYXVsdCkNCiAgICAgLWwgL3Byb2MvbW9kdWxlcyAoZGVmYXVsdCkNCiAg
ICAgLW8gL2xpYi9tb2R1bGVzLzIuNC4wLXRlc3Q2LyAoZGVmYXVsdCkNCiAg
ICAgLW0gL3Vzci9zcmMvbGludXgvU3lzdGVtLm1hcCAoZGVmYXVsdCkNCg0K
V2FybmluZzogWW91IGRpZCBub3QgdGVsbCBtZSB3aGVyZSB0byBmaW5kIHN5
bWJvbCBpbmZvcm1hdGlvbi4gIEkgd2lsbA0KYXNzdW1lIHRoYXQgdGhlIGxv
ZyBtYXRjaGVzIHRoZSBrZXJuZWwgYW5kIG1vZHVsZXMgdGhhdCBhcmUgcnVu
bmluZw0KcmlnaHQgbm93IGFuZCBJJ2xsIHVzZSB0aGUgZGVmYXVsdCBvcHRp
b25zIGFib3ZlIGZvciBzeW1ib2wgcmVzb2x1dGlvbi4NCklmIHRoZSBjdXJy
ZW50IGtlcm5lbCBhbmQvb3IgbW9kdWxlcyBkbyBub3QgbWF0Y2ggdGhlIGxv
ZywgeW91IGNhbiBnZXQNCm1vcmUgYWNjdXJhdGUgb3V0cHV0IGJ5IHRlbGxp
bmcgbWUgdGhlIGtlcm5lbCB2ZXJzaW9uIGFuZCB3aGVyZSB0byBmaW5kDQpt
YXAsIG1vZHVsZXMsIGtzeW1zIGV0Yy4gIGtzeW1vb3BzIC1oIGV4cGxhaW5z
IHRoZSBvcHRpb25zLg0KDQpSZWFkaW5nIE9vcHMgcmVwb3J0IGZyb20gdGhl
IHRlcm1pbmFsDQpVbmFibGUgdG8gaGFuZGxlIGtlcm5lbCBOVUxMIHBvaW50
ZXIgZGVyZWZlcmVuY2UgYXQgdmlydHVhbCBhZGRyZXNzIDAwMDAwMDIwDQpj
MDEzY2FkZg0KKnBkZSA9IDAwMDAwMDAwDQpPb3BzOiAwMDAwDQpDUFU6ICAg
IDENCkVJUDogICAgMDAxMDpbPGMwMTNjYWRmPl0NClVzaW5nIGRlZmF1bHRz
IGZyb20ga3N5bW9vcHMgLXQgZWxmMzItaTM4NiAtYSBpMzg2DQpFRkxBR1M6
IDAwMDEwMjAyDQplYXg6IDAwMDAwMDAwICAgZWJ4OiAwMDAwYzFmZiAgIGVj
eDogZjc3N2M1NjAgICBlZHg6IDAwMDAwMDAyDQplc2k6IDAwMDAwMDAwICAg
ZWRpOiBmNzc3YzU2MCAgIGVicDogMDAwMDAwMDAgICBlc3A6IGY3NzM5ZGM4
DQpkczogMDAxOCAgIGVzOiAwMDE4ICAgc3M6IDAwMTgNClByb2Nlc3MgbW91
bnQgKHBpZDogNzY0LCBzdGFja3BhZ2U9Zjc3MzkwMDApDQpTdGFjazogMDAw
MDAyMDAgMDAwMDAwMDAgZjc3N2M1NjAgMDAwMDAwMDAgYzAxODc2NDYgZjc3
N2M1NjAgMDAwMDAwMDIgMDAwMDAyMDANCiAgICAgICAwMDAwMDAwMCBmNzc3
YzU2MCBmN2M5NGQ2MCAwMDAwMDAwMCAwMDAwMDAwMCAwMDAwMDAwMCBjMDEz
OWI1ZiBmNzc3YzU2MA0KICAgICAgIGY3NzM5ZTljIDAwMDAwMDAxIGZmZmZm
ZmYzIDAwMDAwMjAwIGY3Yzk0ZDYwIGY3NzM5ZTljIGY3NzM5ZTJjIGY3Yzk0
ZDc4DQpDYWxsIFRyYWNlOiBbPGMwMTg3NjQ2Pl0gWzxjMDEzOWI1Zj5dIFs8
YzAxMzc3NDU+XSBbPGMwMTM4MzUwPl0gWzxjMDEzODE1ND5dIFs8YzAxMzg1
MWY+XSBbPGMwMTBhZDJjPl0NCkNvZGU6IGY2IDQwIDIwIDAxIDc0IDJiIDg5
IGQ4IDI1IDAwIGYwIDAwIDAwIDNkIDAwIDgwIDAwIDAwIDc0IDBlDQoNCj4+
RUlQOyBjMDEzY2FkZiA8cGVybWlzc2lvbitjZi8xOGM+ICAgPD09PT09DQpU
cmFjZTsgYzAxODc2NDYgPGZsb3BweV9vcGVuKzMyMi80MDg+DQpUcmFjZTsg
YzAxMzliNWYgPGJsa2Rldl9nZXQrZGYvMTI0Pg0KVHJhY2U7IGMwMTM3NzQ1
IDxnZXRfc2JfYmRlditmOS8xOTQ+DQpUcmFjZTsgYzAxMzgzNTAgPGRvX21v
dW50KzFhYy8yY2M+DQpUcmFjZTsgYzAxMzgxNTQgPGNvcHlfbW91bnRfb3B0
aW9ucys1MC9hMD4NClRyYWNlOyBjMDEzODUxZiA8c3lzX21vdW50K2FmLzEy
MD4NClRyYWNlOyBjMDEwYWQyYyA8c3lzdGVtX2NhbGwrMzQvMzg+DQpDb2Rl
OyAgYzAxM2NhZGYgPHBlcm1pc3Npb24rY2YvMThjPg0KMDAwMDAwMDAgPF9F
SVA+Og0KQ29kZTsgIGMwMTNjYWRmIDxwZXJtaXNzaW9uK2NmLzE4Yz4gICA8
PT09PT0NCiAgIDA6ICAgZjYgNDAgMjAgMDEgICAgICAgICAgICAgICB0ZXN0
YiAgJDB4MSwweDIwKCVlYXgpICAgPD09PT09DQpDb2RlOyAgYzAxM2NhZTMg
PHBlcm1pc3Npb24rZDMvMThjPg0KICAgNDogICA3NCAyYiAgICAgICAgICAg
ICAgICAgICAgIGplICAgICAzMSA8X0VJUCsweDMxPiBjMDEzY2IxMCA8cGVy
bWlzc2lvbisxMDAvMThjPg0KQ29kZTsgIGMwMTNjYWU1IDxwZXJtaXNzaW9u
K2Q1LzE4Yz4NCiAgIDY6ICAgODkgZDggICAgICAgICAgICAgICAgICAgICBt
b3YgICAgJWVieCwlZWF4DQpDb2RlOyAgYzAxM2NhZTcgPHBlcm1pc3Npb24r
ZDcvMThjPg0KICAgODogICAyNSAwMCBmMCAwMCAwMCAgICAgICAgICAgIGFu
ZCAgICAkMHhmMDAwLCVlYXgNCkNvZGU7ICBjMDEzY2FlYyA8cGVybWlzc2lv
bitkYy8xOGM+DQogICBkOiAgIDNkIDAwIDgwIDAwIDAwICAgICAgICAgICAg
Y21wICAgICQweDgwMDAsJWVheA0KQ29kZTsgIGMwMTNjYWYxIDxwZXJtaXNz
aW9uK2UxLzE4Yz4NCiAgMTI6ICAgNzQgMGUgICAgICAgICAgICAgICAgICAg
ICBqZSAgICAgMjIgPF9FSVArMHgyMj4gYzAxM2NiMDEgPHBlcm1pc3Npb24r
ZjEvMThjPg0KDQoNCjEgd2FybmluZyBpc3N1ZWQuICBSZXN1bHRzIG1heSBu
b3QgYmUgcmVsaWFibGUuDQo=
---1463811838-1592699821-965586854=:954--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/