commit 226291aa4641fa13cb5dec3bcb3379faa83009e2 upstream This should apply to all stable trees. Ack'd by maintainer (see below).
----- Forwarded message from Joel Becker <[email protected]> ----- Date: Thu, 6 Jan 2011 16:12:51 -0800 From: Joel Becker <[email protected]> To: dann frazier <[email protected]> Subject: Re: [Ocfs2-devel] [PATCH] [OCFS2] ocfs2_connection_find() returns pointer to bad structure User-Agent: Mutt/1.5.20 (2009-06-14) On Thu, Jan 06, 2011 at 05:09:32PM -0700, dann frazier wrote: > On Thu, Nov 18, 2010 at 03:45:27PM -0800, Joel Becker wrote: > > On Thu, Nov 18, 2010 at 03:03:09PM -0700, dann frazier wrote: > > > If ocfs2_live_connection_list is empty, ocfs2_connection_find() will > > > return > > > a pointer to the LIST_HEAD, cast as a ocfs2_live_connection. This can > > > cause > > > an oops when ocfs2_control_send_down() dereferences c->oc_conn: > > > > > > Call Trace: > > > [<ffffffffa00c2a3c>] ocfs2_control_message+0x28c/0x2b0 > > > [ocfs2_stack_user] > > > [<ffffffffa00c2a95>] ocfs2_control_write+0x35/0xb0 [ocfs2_stack_user] > > > [<ffffffff81143a88>] vfs_write+0xb8/0x1a0 > > > [<ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0 > > > [<ffffffff811442f1>] sys_write+0x51/0x80 > > > [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b > > > > > > Fix by explicitly returning NULL if no match is found. > > > > > > Signed-off-by: dann frazier <[email protected]> > > > > This patch is now in the fixes branch of ocfs2.git. > > hm.. I probably should've cc'd stable w/ this one. Would you approve > of me sending it that way? Go for it. Joel -- "In a crisis, don't hide behind anything or anybody. They're going to find you anyway." - Paul "Bear" Bryant Joel Becker Senior Development Manager Oracle E-mail: [email protected] Phone: (650) 506-8127 ----- End forwarded message ----- _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
