mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-06-24 07:00:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4625eb826de4f6774ee602c442ba23b686bdcc7
linux/fs
History
J. Bruce Fields e4625eb826 nfsd: use of unitialized list head on error exit in nfs4recover.c 
Thanks to Matthew Dodd for this bug report:

A file label issue while running SELinux in MLS mode provoked the
following bug, which is a result of use before init on a 'struct list_head'.

In nfsd4_list_rec_dir() if the call to dentry_open() fails the 'goto
out' skips INIT_LIST_HEAD() which results in the normally improbable
case where list_entry() returns NULL.

Trace follows.

NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
SELinux:  Context unconfined_t:object_r:var_lib_nfs_t:s0 is not valid
(left unmapped).
type=1400 audit(1227298063.609:282): avc:  denied  { read } for
pid=1890 comm="rpc.nfsd" name="v4recovery" dev=dm-0 ino=148726
scontext=system_u:system_r:nfsd_t:s0-s15:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s15:c0.c1023 tclass=dir
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: [<c050894e>] list_del+0x6/0x60
*pde = 0d9ce067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: nfsd lockd nfs_acl auth_rpcgss exportfs autofs4
sunrpc ipv6 dm_multipath scsi_dh ppdev parport_pc sg parport floppy
ata_piix pata_acpi ata_generic libata pcnet32 i2c_piix4 mii pcspkr
i2c_core dm_snapshot dm_zero dm_mirror dm_log dm_mod BusLogic sd_mod
scsi_mod crc_t10dif ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last
unloaded: microcode]

Pid: 1890, comm: rpc.nfsd Not tainted (2.6.27.5-37.fc9.i686 #1)
EIP: 0060:[<c050894e>] EFLAGS: 00010217 CPU: 0
EIP is at list_del+0x6/0x60
EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: cd99e480
ESI: cf9caed8 EDI: 00000000 EBP: cf9caebc ESP: cf9caeb8
  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process rpc.nfsd (pid: 1890, ti=cf9ca000 task=cf4de580 task.ti=cf9ca000)
Stack: 00000000 cf9caef0 d0a9f139 c0496d04 d0a9f217 fffffff3 00000000
00000000
        00000000 00000000 cf32b220 00000000 00000008 00000801 cf9caefc
d0a9f193
        00000000 cf9caf08 d0a9b6ea 00000000 cf9caf1c d0a874f2 cf9c3004
00000008
Call Trace:
  [<d0a9f139>] ? nfsd4_list_rec_dir+0xf3/0x13a [nfsd]
  [<c0496d04>] ? do_path_lookup+0x12d/0x175
  [<d0a9f217>] ? load_recdir+0x0/0x26 [nfsd]
  [<d0a9f193>] ? nfsd4_recdir_load+0x13/0x34 [nfsd]
  [<d0a9b6ea>] ? nfs4_state_start+0x2a/0xc5 [nfsd]
  [<d0a874f2>] ? nfsd_svc+0x51/0xff [nfsd]
  [<d0a87f2d>] ? write_svc+0x0/0x1e [nfsd]
  [<d0a87f48>] ? write_svc+0x1b/0x1e [nfsd]
  [<d0a87854>] ? nfsctl_transaction_write+0x3a/0x61 [nfsd]
  [<c04b6a4e>] ? sys_nfsservctl+0x116/0x154
  [<c04975c1>] ? putname+0x24/0x2f
  [<c04975c1>] ? putname+0x24/0x2f
  [<c048d49f>] ? do_sys_open+0xad/0xb7
  [<c048d337>] ? filp_close+0x50/0x5a
  [<c048d4eb>] ? sys_open+0x1e/0x26
  [<c0403cca>] ? syscall_call+0x7/0xb
  [<c064007b>] ? init_cyrix+0x185/0x490
  =======================
Code: 75 e1 8b 53 08 8d 4b 04 8d 46 04 e8 75 00 00 00 8b 53 10 8d 4b 0c
8d 46 0c e8 67 00 00 00 5b 5e 5f 5d c3 90 90 55 89 e5 53 89 c3 <8b> 40
04 8b 00 39 d8 74 16 50 53 68 3e d6 6f c0 6a 30 68 78 d6
EIP: [<c050894e>] list_del+0x6/0x60 SS:ESP 0068:cf9caeb8
---[ end trace a89c4ad091c4ad53 ]---

Cc: Matthew N. Dodd <Matthew.Dodd@spart.com>
Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
2008-11-24 10:36:09 -06:00
..
9p
9p: fix format warning
2008-10-22 18:48:45 -05:00
adfs
vfs: Use const for kernel parser table
2008-10-13 10:10:37 -07:00
affs
vfs: Use const for kernel parser table
2008-10-13 10:10:37 -07:00
afs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
autofs
vfs: Use const for kernel parser table
2008-10-13 10:10:37 -07:00
autofs4
autofs4: add miscellaneous device for ioctls
2008-10-16 11:21:39 -07:00
befs
befs: annotate fs32 on tests for superblock endianness
2008-10-16 11:21:46 -07:00
bfs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
cifs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
2008-10-23 10:43:36 -07:00
coda
[PATCH] move executable checking into ->permission()
2008-10-23 05:13:25 -04:00
configfs
[PATCH] assorted path_lookup() -> kern_path() conversions
2008-10-23 05:12:52 -04:00
cramfs
cramfs: fix named-pipe handling
2008-08-20 15:40:32 -07:00
debugfs
integrity: special fs magic
2008-10-13 09:47:43 +11:00
devpts
vfs: Use const for kernel parser table
2008-10-13 10:10:37 -07:00
dlm
dlm: choose better identifiers
2008-09-05 09:51:30 -05:00
ecryptfs
[PATCH] assorted path_lookup() -> kern_path() conversions
2008-10-23 05:12:52 -04:00
efs
[PATCH] switch all filesystems over to d_obtain_alias
2008-10-23 05:13:01 -04:00
exportfs
[PATCH] prepare vfs_readdir() callers to returning filldir result
2008-10-23 05:13:10 -04:00
ext2
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
ext3
ext3: Fix duplicate entries returned from getdents() system call
2008-10-25 22:37:44 -04:00
ext4
ext4: Fix duplicate entries returned from getdents() system call
2008-10-25 22:37:55 -04:00
fat
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
freevxfs
fs/freevxfs/: proper externs
2008-04-29 08:06:00 -07:00
fuse
[PATCH] switch all filesystems over to d_obtain_alias
2008-10-23 05:13:01 -04:00
gfs2
[PATCH] switch all filesystems over to d_obtain_alias
2008-10-23 05:13:01 -04:00
hfs
[PATCH] move executable checking into ->permission()
2008-10-23 05:13:25 -04:00
hfsplus
[PATCH] move executable checking into ->permission()
2008-10-23 05:13:25 -04:00
hostfs
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
hpfs
[PATCH] hpfs: cleanup ->setattr
2008-10-23 05:12:58 -04:00
hppfs
[patch] hppfs: remove hppfs_permission
2008-07-26 20:53:07 -04:00
hugetlbfs
vfs: Use const for kernel parser table
2008-10-13 10:10:37 -07:00
isofs
[PATCH] switch all filesystems over to d_obtain_alias
2008-10-23 05:13:01 -04:00
jbd
jbd: abort instead of waiting for nonexistent transactions
2008-10-23 08:55:02 -07:00
jbd2
fs/Kconfig: move ext2, ext3, ext4, JBD, JBD2 out
2008-10-20 11:43:59 -07:00
jffs2
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
jfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
lockd
nfsd: clean up grace period on early exit
2008-11-24 10:12:48 -06:00
minix
SL*B: drop kmem cache argument from constructor
2008-07-26 12:00:07 -07:00
msdos
fatfs: add UTC timestamp option
2008-07-25 10:53:34 -07:00
ncpfs
[PATCH] don't pass nameidata to __ncp_lookup_validate()
2008-07-26 20:53:37 -04:00
nfs
[PATCH] move executable checking into ->permission()
2008-10-23 05:13:25 -04:00
nfs_common
nfsd
nfsd: use of unitialized list head on error exit in nfs4recover.c
2008-11-24 10:36:09 -06:00
nls
remove CONFIG_KMOD from fs
2008-10-17 02:38:36 +11:00
ntfs
[PATCH] switch all filesystems over to d_obtain_alias
2008-10-23 05:13:01 -04:00
ocfs2
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
omfs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
openpromfs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
partitions
[PATCH] sanitize blkdev_get() and friends
2008-10-21 07:49:06 -04:00
proc
Merge branch 'proc' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc
2008-10-23 12:04:37 -07:00
qnx4
SL*B: drop kmem cache argument from constructor
2008-07-26 12:00:07 -07:00
ramfs
Ramfs and Ram Disk pages are unevictable
2008-10-20 08:50:26 -07:00
reiserfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
romfs
romfs_readpage: don't report errors for pages beyond i_size
2008-07-30 14:30:34 -07:00
smbfs
[PATCH] sanitize ->permission() prototype
2008-07-26 20:53:14 -04:00
sysfs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
sysv
SL*B: drop kmem cache argument from constructor
2008-07-26 12:00:07 -07:00
ubifs
Merge branch 'linux-next' of git://git.infradead.org/ubifs-2.6
2008-10-20 09:19:03 -07:00
udf
[PATCH] get rid of on-stack dentry in udf
2008-10-23 05:13:15 -04:00
ufs
[PATCH] fix ->llseek for more directories
2008-10-23 05:13:21 -04:00
vfat
fatfs: add UTC timestamp option
2008-07-25 10:53:34 -07:00
xfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
aio.c
[PATCH] f_count may wrap around
2008-07-26 20:53:40 -04:00
anon_inodes.c
flag parameters: NONBLOCK in anon_inode_getfd
2008-07-24 10:47:28 -07:00
attr.c
[patch] vfs: make security_inode_setattr() calling consistent
2008-10-23 05:13:27 -04:00
bad_inode.c
[PATCH] sanitize ->permission() prototype
2008-07-26 20:53:14 -04:00
binfmt_aout.c
tracehook: exec
2008-07-26 12:00:08 -07:00
binfmt_elf_fdpic.c
binfmt_elf_fdpic: Update for cputime changes.
2008-10-20 20:17:18 -07:00
binfmt_elf.c
Merge branch 'v28-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
2008-10-20 13:19:56 -07:00
binfmt_em86.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_flat.c
uclinux: fix gzip header parsing in binfmt_flat.c
2008-10-16 11:21:29 -07:00
binfmt_misc.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_script.c
Allow recursion in binfmt_script and binfmt_misc
2008-10-16 11:21:38 -07:00
binfmt_som.c
binfmt_som.c: add MODULE_LICENSE
2008-10-16 11:21:38 -07:00
bio-integrity.c
block: Introduce integrity data ownership flag
2008-10-09 08:56:21 +02:00
bio.c
block: mark bio_split_pool static
2008-10-09 08:57:05 +02:00
block_dev.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
buffer.c
fs: buffer lock use lock bitops
2008-10-20 08:52:32 -07:00
char_dev.c
[PATCH] tidy up chrdev_open
2008-10-23 05:12:59 -04:00
compat_binfmt_elf.c
x86: compat_binfmt_elf
2008-01-30 13:31:46 +01:00
compat_ioctl.c
remove unused #include <linux/dirent.h>'s
2008-07-25 10:53:34 -07:00
compat.c
select: deal with math overflow from borderline valid userland data
2008-10-26 11:22:08 -07:00
dcache.c
[PATCH] fs: add a sanity check in d_free
2008-10-23 05:17:12 -04:00
dcookies.c
d_path: Make d_path() use a struct path
2008-02-14 21:17:09 -08:00
direct-io.c
Remove Andrew Morton's old email accounts
2008-10-16 11:21:32 -07:00
dnotify.c
[PATCH] split linux/file.h
2008-05-01 13:08:16 -04:00
dquot.c
[PATCH] switch quota_on-related stuff to kern_path()
2008-10-23 05:12:44 -04:00
drop_caches.c
vfs: skip inodes without pages to free in drop_pagecache_sb()
2008-04-29 08:06:05 -07:00
eventfd.c
flag parameters: check magic constants
2008-07-24 10:47:29 -07:00
eventpoll.c
epoll: avoid double-inserts in case of EFAULT
2008-10-26 12:09:49 -07:00
exec.c
coredump: format_corename: don't append .%pid if multi-threaded
2008-10-20 08:52:39 -07:00
fcntl.c
[PATCH] clean dup2() up a bit
2008-08-01 11:25:24 -04:00
fifo.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
file_table.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
file.c
[PATCH] merge locate_fd() and get_unused_fd()
2008-08-01 11:25:23 -04:00
filesystems.c
proc: move /proc/filesystems to fs/filesystems.c
2008-10-23 14:27:09 +04:00
fs-writeback.c
Remove Andrew Morton's old email accounts
2008-10-16 11:21:32 -07:00
generic_acl.c
inode.c
fs/inode.c: properly init address_space->writeback_index
2008-08-15 08:35:44 -07:00
inotify_user.c
inotify: fix lock ordering wrt do_page_fault's mmap_sem
2008-10-02 15:53:13 -07:00
inotify.c
inotify: remove debug code
2008-02-06 10:41:07 -08:00
internal.h
[PATCH] move a bunch of declarations to fs/internal.h
2008-04-21 23:11:01 -04:00
ioctl.c
provide generic_block_fiemap() only with BLOCK=y
2008-10-12 11:44:37 -07:00
ioprio.c
fix setpriority(PRIO_PGRP) thread iterator breakage
2008-08-20 15:40:32 -07:00
Kconfig
[patch 1/3] FS_MBCACHE: don't needlessly make it built-in
2008-10-23 05:13:26 -04:00
Kconfig.binfmt
add CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS
2008-10-20 08:52:39 -07:00
libfs.c
[PATCH] new helper: d_obtain_alias
2008-10-23 05:13:00 -04:00
locks.c
Merge branch 'proc' of git://git.kernel.org/pub/scm/linux/kernel/git/adobriyan/proc
2008-10-23 12:04:37 -07:00
Makefile
Configure out AIO support
2008-10-16 11:21:51 -07:00
mbcache.c
vfs: fix possible deadlock in ext2, ext3, ext4 when using xattrs
2008-04-15 19:35:41 -07:00
mpage.c
Remove Andrew Morton's old email accounts
2008-10-16 11:21:32 -07:00
namei.c
[PATCH] move executable checking into ->permission()
2008-10-23 05:13:25 -04:00
namespace.c
[RFC PATCH] touch_mnt_namespace when the mount flags change
2008-10-23 05:13:23 -04:00
nfsctl.c
Introduce path_put()
2008-02-14 21:13:33 -08:00
no-block.c
open.c
[PATCH] introduce fmode_t, do annotations
2008-10-21 07:47:06 -04:00
pipe.c
[PATCH] reuse xxx_fifo_fops for xxx_pipe_fops
2008-07-26 20:53:06 -04:00
pnode.c
[patch 7/7] vfs: mountinfo: show dominating group id
2008-04-23 00:05:09 -04:00
pnode.h
[patch 7/7] vfs: mountinfo: show dominating group id
2008-04-23 00:05:09 -04:00
posix_acl.c
quota_v1.c
quota: move function-macros from quota.h to quotaops.h
2008-07-25 10:53:35 -07:00
quota_v2.c
quota: move function-macros from quota.h to quotaops.h
2008-07-25 10:53:35 -07:00
quota.c
quota: cleanup loop in sync_dquots()
2008-07-25 10:53:35 -07:00
read_write.c
[PATCH] generic_file_llseek tidyups
2008-10-23 05:12:59 -04:00
read_write.h
readdir.c
[PATCH] prepare vfs_readdir() callers to returning filldir result
2008-10-23 05:13:10 -04:00
select.c
select: deal with math overflow from borderline valid userland data
2008-10-26 11:22:08 -07:00
seq_file.c
seq_file: add seq_cpumask_list(), seq_nodemask_list()
2008-10-20 08:52:39 -07:00
signalfd.c
flag parameters: check magic constants
2008-07-24 10:47:29 -07:00
splice.c
Don't allow splice() to files opened with O_APPEND
2008-10-09 14:26:38 -07:00
stack.c
stat.c
[PATCH] sanitize __user_walk_fd() et.al.
2008-07-26 20:53:34 -04:00
super.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/viro/bdev
2008-10-23 10:23:07 -07:00
sync.c
SYNC_FILE_RANGE_WRITE may and will block. Document that.
2008-07-24 10:47:17 -07:00
timerfd.c
hrtimer: convert timerfd to the new hrtimer apis
2008-09-05 21:35:09 -07:00
utimes.c
[PATCH] sanitize __user_walk_fd() et.al.
2008-07-26 20:53:34 -04:00
xattr_acl.c
xattr.c
[PATCH] sanitize __user_walk_fd() et.al.
2008-07-26 20:53:34 -04:00