On Thu 11-09-14 19:52:09, Heinrich Schuchardt wrote:
> Hello Sasha,
>
> I have CCed Jan, because he has been the only one working on this
> file in the last 18 months.
>
> A failure path in which group->inotify_data.user is not yet assigned
> starts here:
>
> static struct fsnotify_group
On Thu 11-09-14 19:52:09, Heinrich Schuchardt wrote:
Hello Sasha,
I have CCed Jan, because he has been the only one working on this
file in the last 18 months.
A failure path in which group-inotify_data.user is not yet assigned
starts here:
static struct fsnotify_group
On 09/11/2014 04:43 PM, Andrew Morton wrote:
> On Tue, 29 Jul 2014 09:25:14 -0400 Sasha Levin wrote:
>
>> > On some failure paths we may attempt to free user context even
>> > if it wasn't assigned yet. This will cause a NULL ptr deref
>> > and a kernel BUG.
> Are you able to identify "some
On Tue, 29 Jul 2014 09:25:14 -0400 Sasha Levin wrote:
> On some failure paths we may attempt to free user context even
> if it wasn't assigned yet. This will cause a NULL ptr deref
> and a kernel BUG.
Are you able to identify "some failure paths"? I spent some time
grepping, but it's a pain.
Hello Sasha,
I have CCed Jan, because he has been the only one working on this file
in the last 18 months.
A failure path in which group->inotify_data.user is not yet assigned
starts here:
static struct fsnotify_group *inotify_new_group(unsigned int max_events)
{
...
oevent =
On 09/11/2014 04:43 PM, Andrew Morton wrote:
On Tue, 29 Jul 2014 09:25:14 -0400 Sasha Levin sasha.le...@oracle.com wrote:
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel BUG.
Are you able to identify
Hello Sasha,
I have CCed Jan, because he has been the only one working on this file
in the last 18 months.
A failure path in which group-inotify_data.user is not yet assigned
starts here:
static struct fsnotify_group *inotify_new_group(unsigned int max_events)
{
...
oevent =
On Tue, 29 Jul 2014 09:25:14 -0400 Sasha Levin sasha.le...@oracle.com wrote:
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel BUG.
Are you able to identify some failure paths? I spent some time
grepping,
Ping?
On 09/03/2014 05:31 PM, Sasha Levin wrote:
> Ping? This is a NULL ptr deref that userspace can trigger.
>
> On 07/29/2014 09:25 AM, Sasha Levin wrote:
>> On some failure paths we may attempt to free user context even
>> if it wasn't assigned yet. This will cause a NULL ptr deref
>> and a
Ping?
On 09/03/2014 05:31 PM, Sasha Levin wrote:
Ping? This is a NULL ptr deref that userspace can trigger.
On 07/29/2014 09:25 AM, Sasha Levin wrote:
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel
Ping? This is a NULL ptr deref that userspace can trigger.
On 07/29/2014 09:25 AM, Sasha Levin wrote:
> On some failure paths we may attempt to free user context even
> if it wasn't assigned yet. This will cause a NULL ptr deref
> and a kernel BUG.
>
> Signed-off-by: Sasha Levin
> ---
>
Ping? This is a NULL ptr deref that userspace can trigger.
On 07/29/2014 09:25 AM, Sasha Levin wrote:
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel BUG.
Signed-off-by: Sasha Levin
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel BUG.
Signed-off-by: Sasha Levin
---
fs/notify/inotify/inotify_fsnotify.c |6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git
On some failure paths we may attempt to free user context even
if it wasn't assigned yet. This will cause a NULL ptr deref
and a kernel BUG.
Signed-off-by: Sasha Levin sasha.le...@oracle.com
---
fs/notify/inotify/inotify_fsnotify.c |6 --
1 file changed, 4 insertions(+), 2 deletions(-)
14 matches
Mail list logo