On 06/02/15 23:50, Andreas Gruenbacher wrote:
Andrew,
3.18.5 kernel crashing on acl deletion:
null pointer dereference in fs/gfs2/acl.c:76
this bug seems to exist since commit 2646a1f6 from October 2009.
The if-statement originates in 2646a1f6 but the bug was introduced by
the deletion of a NULL check in e01580bf9e which was in December 2013.
fix we're using currently:
---
fs/gfs2/acl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/gfs2/acl.c b/fs/gfs2/acl.c
index 3088e2a..8339754 100644
--- a/fs/gfs2/acl.c
+++ b/fs/gfs2/acl.c
@@ -73,7 +73,7 @@ int gfs2_set_acl(struct inode *inode, struct posix_acl
*acl, int type)
BUG_ON(name == NULL);
- if (acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode)))
+ if ((acl) && (acl->a_count > GFS2_ACL_MAX_ENTRIES(GFS2_SB(inode))))
return -E2BIG;
if (type == ACL_TYPE_ACCESS) {
Except for the extra parentheses this seems correct, thank you.
Agreed. Good catch.
Thanks,
Andy