** Description changed: + == SRU Justification == + + A NULL pointer will be triggered by ocfs2_fallocate() as it will + invoke __ocfs2_change_file_space() with a NULL as the file argument. + This may result in filesystem corruption. + + == Fix == + + This patch has already been submitted upstreams and has been added to + the -mm tree (https://lkml.org/lkml/2012/6/20/686). The fix is a + simple NULL check in the __ocfs2_change_file_space() function. + + == Impact == + + Possible filesystem corruption when using fallocate operation. + + == Test Case == + + After setting up an ocfs2 node, mount a filesystem and simply execute: + + $ fallocate -l 1600m /mnt/test + + ======================================================================= + My system always keeps freezing on me when I want to access a clean (fscked) ocfs2 volume on which I extracted some emails: This is the error: May 29 18:47:14 mail2 kernel: [ 65.604413] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 May 29 18:47:14 mail2 kernel: [ 65.604751] IP: [<ffffffffa02e169a>] __ocfs2_change_file_space+0x5da/0x710 [ocfs2] May 29 18:47:14 mail2 kernel: [ 65.605092] PGD 0 May 29 18:47:14 mail2 kernel: [ 65.605238] Oops: 0000 [#1] SMP May 29 18:47:14 mail2 kernel: [ 65.605462] CPU 0 May 29 18:47:14 mail2 kernel: [ 65.605554] Modules linked in: ocfs2 quota_tree pcnet32 vmblock(O) vmsync(O) vmhgfs(O) ip_vs nf_conntrack libcrc32c ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs dm_round_robin ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ext2 ppdev vmw_balloon psmouse dm_multipath serio_raw parport_pc vmci(O) shpchp i2c_piix4 mac_hid lp parport mptsas mptscsih vmxnet3 mptbase scsi_transport_sas floppy vmxnet(O) May 29 18:47:14 mail2 kernel: [ 65.609622] May 29 18:47:14 mail2 kernel: [ 65.609724] Pid: 3805, comm: deliver Tainted: G O 3.2.0-24-generic #38-Ubuntu VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform May 29 18:47:14 mail2 kernel: [ 65.610322] RIP: 0010:[<ffffffffa02e169a>] [<ffffffffa02e169a>] __ocfs2_change_file_space+0x5da/0x710 [ocfs2] May 29 18:47:14 mail2 kernel: [ 65.610709] RSP: 0018:ffff88003cdbbe48 EFLAGS: 00010246 May 29 18:47:14 mail2 kernel: [ 65.610900] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff88003d4e2c00 May 29 18:47:14 mail2 kernel: [ 65.611137] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 May 29 18:47:14 mail2 kernel: [ 65.611542] RBP: ffff88003cdbbec8 R08: 4000000000000000 R09: ffff88003d4e2c00 May 29 18:47:14 mail2 kernel: [ 65.611944] R10: ffff880036f38030 R11: 0000000000000001 R12: ffff88003b8b9000 May 29 18:47:14 mail2 kernel: [ 65.612348] R13: ffff880029a6aff8 R14: ffff880029a6b098 R15: 0000000000000184 May 29 18:47:14 mail2 kernel: [ 65.612761] FS: 00007fc91036a700(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 May 29 18:47:14 mail2 kernel: [ 65.613349] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 29 18:47:14 mail2 kernel: [ 65.613717] CR2: 0000000000000038 CR3: 000000003c234000 CR4: 00000000000006f0 May 29 18:47:14 mail2 kernel: [ 65.614149] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 29 18:47:14 mail2 kernel: [ 65.614582] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 May 29 18:47:14 mail2 kernel: [ 65.614982] Process deliver (pid: 3805, threadinfo ffff88003cdba000, task ffff8800367144d0) May 29 18:47:14 mail2 kernel: [ 65.615578] Stack: May 29 18:47:14 mail2 kernel: [ 65.615853] 000000000000fc03 0000000000969da9 ffff880036f38030 0000000000000000 May 29 18:47:14 mail2 kernel: [ 65.616687] 0000000000000184 4030582a00000001 ffff880029a6af18 ffff88003cdbbed8 May 29 18:47:14 mail2 kernel: [ 65.617514] 0000000000000000 ffff880029a0f3a8 0000000030ad64a1 ffff88003c2c4b00 May 29 18:47:14 mail2 kernel: [ 65.625257] Call Trace: May 29 18:47:14 mail2 kernel: [ 65.625595] [<ffffffffa02e1849>] ocfs2_fallocate+0x79/0x80 [ocfs2] May 29 18:47:14 mail2 kernel: [ 65.626005] [<ffffffff81176712>] do_fallocate+0xf2/0x160 May 29 18:47:14 mail2 kernel: [ 65.626368] [<ffffffff811767cb>] sys_fallocate+0x4b/0x70 May 29 18:47:14 mail2 kernel: [ 65.626744] [<ffffffff81664d82>] system_call_fastpath+0x16/0x1b May 29 18:47:14 mail2 kernel: [ 65.627116] Code: 55 68 4c 89 ee 49 89 55 78 48 8b 55 c8 49 89 45 60 49 89 45 70 4c 89 d7 e8 f4 4a 00 00 85 c0 89 c3 4c 8b 55 90 78 22 48 8b 7d 98 <f7> 47 38 00 10 10 00 74 05 41 80 4a 14 01 4c 89 d6 4c 89 e7 e8 May 29 18:47:14 mail2 kernel: [ 65.636086] RIP [<ffffffffa02e169a>] __ocfs2_change_file_space+0x5da/0x710 [ocfs2] May 29 18:47:14 mail2 kernel: [ 65.636748] RSP <ffff88003cdbbe48> May 29 18:47:14 mail2 kernel: [ 65.637059] CR2: 0000000000000038 May 29 18:47:14 mail2 kernel: [ 65.637433] ---[ end trace cdb37187fc6b43af ]--- - - And this is probably the upstream reference: + And this is probably the upstream reference: fallocate() was oopsing on ocfs2 because we were passing in a NULL file pointer. Signed-off-by: Sunil Mushran <sunil.mushran at oracle.com> --- - fs/ocfs2/file.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) + fs/ocfs2/file.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index 061591a..8f30e74 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -2012,7 +2012,7 @@ static long ocfs2_fallocate(struct file *file, int mode, loff_t offset, - sr.l_start = (s64)offset; - sr.l_len = (s64)len; - + sr.l_start = (s64)offset; + sr.l_len = (s64)len; + - return __ocfs2_change_file_space(NULL, inode, offset, cmd, &sr, + return __ocfs2_change_file_space(file, inode, offset, cmd, &sr, - change_size); - } - - -- + change_size); + } + + -- 1.7.7.6 Source: http://oss.oracle.com/pipermail/ocfs2-devel/2012-January/008464.html - --- + --- AlsaDevices: - total 0 - crw-rw---T 1 root audio 116, 1 Mai 29 18:50 seq - crw-rw---T 1 root audio 116, 33 Mai 29 18:50 timer + total 0 + crw-rw---T 1 root audio 116, 1 Mai 29 18:50 seq + crw-rw---T 1 root audio 116, 33 Mai 29 18:50 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.0.1-0ubuntu6 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 12.04 HibernationDevice: RESUME=UUID=b3794f2e-be61-47f9-9de4-6c30dfcb534f InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120325) Lsusb: - Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub - Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub + Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub + Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: VMware, Inc. VMware Virtual Platform Package: linux (not installed) PciMultimedia: - + ProcEnviron: - TERM=xterm - LANG=de_DE.UTF-8 - SHELL=/bin/bash + TERM=xterm + LANG=de_DE.UTF-8 + SHELL=/bin/bash ProcFB: - + ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.2.0-24-generic root=/dev/mapper/base-root ro recovery nomodeset ProcVersionSignature: Ubuntu 3.2.0-24.38-generic 3.2.16 RelatedPackageVersions: - linux-restricted-modules-3.2.0-24-generic N/A - linux-backports-modules-3.2.0-24-generic N/A - linux-firmware 1.79 + linux-restricted-modules-3.2.0-24-generic N/A + linux-backports-modules-3.2.0-24-generic N/A + linux-firmware 1.79 RfKill: Error: [Errno 2] No such file or directory Tags: precise Uname: Linux 3.2.0-24-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: - + dmi.bios.date: 04/15/2011 dmi.bios.vendor: Phoenix Technologies LTD dmi.bios.version: 6.00 dmi.board.name: 440BX Desktop Reference Platform dmi.board.vendor: Intel Corporation dmi.board.version: None dmi.chassis.asset.tag: No Asset Tag dmi.chassis.type: 1 dmi.chassis.vendor: No Enclosure dmi.chassis.version: N/A dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd04/15/2011:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A: dmi.product.name: VMware Virtual Platform dmi.product.version: None dmi.sys.vendor: VMware, Inc.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1006012 Title: Kernel OOPS in ocfs2_fallocate() To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1006012/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
