Подробности
[В начало]
Проблема в реализации № F0002
Краткое описание
ext4: разыменование нулевого указателя в ext4_calculate_overhead()
Подробное описание
Вызов memset() в функции ext4_calculate_overhead() перед проверкой указателя на NULL может привести к падению, если предыдущее выделение памяти закончится безуспешно.
Пример
[17412.234392] BUG: unable to handle kernel NULL pointer dereference at (null) [17412.236324] IP: [<ffffffffa0361e57>] ext4_calculate_overhead+0x67/0x210 [ext4] [17412.236761] PGD 7d312067 PUD 7d8b9067 PMD 0 [17412.236761] Oops: 0002 [#1] SMP [17412.236761] CPU 0 [17412.236761] Modules linked in: ext4 jbd2 vesafb ppdev snd_intel8x0 psmouse joydev parport_pc snd_ac97_codec ac97_bus serio_raw mac_hid snd_pcm snd_timer snd i2c_piix4 soundcore snd_page_alloc lp parport reiserfs usbhid hid e1000 btrfs zlib_deflate libcrc32c [17412.236761] [17412.236761] Pid: 22798, comm: fault_sim Tainted: G W O 3.2.0-36-generic #57 innotek GmbH VirtualBox [17412.236761] RIP: 0010:[<ffffffffa0361e57>] [<ffffffffa0361e57>] ext4_calculate_overhead+0x67/0x210 [ext4] [17412.236761] RSP: 0018:ffff880036d4bc28 EFLAGS: 00010246 [17412.236761] RAX: 0000000000000000 RBX: ffff880079ce7400 RCX: 0000000000000200 [17412.236761] RDX: 0000000000001000 RSI: 0000000000000000 RDI: 0000000000000000 [17412.236761] RBP: ffff880036d4bc68 R08: 000000000000ffff R09: 000000000000ffff [17412.236761] R10: 0000000000000001 R11: 0000000000000002 R12: ffff88007affac00 [17412.236761] R13: 0000000000000000 R14: ffff88007affac00 R15: 0000000000000004 [17412.236761] FS: 00007f6193004740(0000) GS:ffff880082c00000(0000) knlGS:0000000000000000 [17412.236761] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [17412.236761] CR2: 0000000000000000 CR3: 000000007c597000 CR4: 00000000000006f0 [17412.236761] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [17412.236761] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [17412.236761] Process fault_sim (pid: 22798, threadinfo ffff880036d4a000, task ffff88007ebb4500) [17412.236761] Stack: [17412.236761] ffff880036d4bc38 ffff88007af7f000 ffff880036d4bc68 ffff88007affac00 [17412.236761] ffff88007affac00 ffff88007af7f000 ffff880079ce7400 ffff880063cc5548 [17412.236761] ffff880036d4bd28 ffffffffa0363483 ffff88007fc25ab8 ffff88007affac00 [17412.236761] Call Trace: [17412.236761] [<ffffffffa0363483>] ext4_fill_super+0x1483/0x1a70 [ext4] [17412.236761] [<ffffffff8117c3f6>] mount_bdev+0x1c6/0x210 [17412.236761] [<ffffffffa0362000>] ? ext4_calculate_overhead+0x210/0x210 [ext4] [17412.236761] [<ffffffffa03543d5>] ext4_mount+0x15/0x20 [ext4] [17412.236761] [<ffffffff8117cf83>] mount_fs+0x43/0x1b0 [17412.236761] [<ffffffff811978fa>] vfs_kern_mount+0x6a/0xc0 [17412.236761] [<ffffffff81198e04>] do_kern_mount+0x54/0x110 [17412.236761] [<ffffffff8119a964>] do_mount+0x1a4/0x260 [17412.236761] [<ffffffff8119ae40>] sys_mount+0x90/0xe0 [17412.236761] [<ffffffff81614302>] system_call_fastpath+0x16/0x1b [17412.236761] Code: 89 c7 ba 00 10 00 00 0f 85 8b 01 00 00 40 f6 c7 02 0f 85 96 01 ... [17412.236761] RIP [<ffffffffa0361e57>] ext4_calculate_overhead+0x67/0x210 [ext4] [17412.236761] RSP <ffff880036d4bc28> [17412.236761] CR2: 0000000000000000 [17412.261444] ---[ end trace d1e88ed83705ddd2 ]---
Компонент
linux-kernel 3.7
Принято
https://lkml.org/lkml/2012/11/28/354
commit
Статус
Исправлено в kernel 3.8-rc1
[В начало]
»