2009/8/4 Erez Zadok <[email protected]>:
> In message <[email protected]>, "[email protected]" writes:
>> Bart van der Meulen wrote:
>> >> [<c0120b14>] do_page_fault+0x224/0x5c0
>> >> [<c04bc302>] error_code+0x72/0x78
>> >> [<c019f07a>] notify_change+0x2da/0x310
>> >> [<c0188b37>] do_truncate+0x67/0x90
>> >> [<c0188cb5>] do_sys_ftruncate+0x155/0x170
>> >> [<c0188ceb>] sys_ftruncate64+0x1b/0x20
>> >> [<c0105412>] sysenter_past_esp+0x5f/0x85
>>
>> This might be related to my unlink+ftruncate bug, which
>> is easily reproducible:
>> https://bugzilla.filesystems.org/show_bug.cgi?id=633
>>
>> > Can somebody give me some pointers on how to debug the problem further?
>>
>> strace the application to confirm that it calls unlink
>> and then ftruncate on the same file descriptor.
>>
>> Pascal
>
> I love easily reproducible oopses. :-)
>
> Please try the patch below, which is also available from here:
>
> https://bugzilla.fsl.cs.sunysb.edu/attachment.cgi?id=235
>
> The fix adds special handling to unlinked but open inodes, on which the user
> tries to setattr. Special handling is needed because this inode no longer
> has a name in the namespace (i.e., no dentry).
>
> Cheers,
> Erez.
>
Hi,
The null-pointer dereference error still occurs,
from fs/unionfs/inode.c
909: err = -EINVAL;
910: goto out;
911: }
912: lower_inode = unionfs_lower_inode(inode);
=> unionfs_lower_inode returns null, bstart(inode) = -1
913:
914: /* check if user has permission to change lower inode */
915: err = inode_change_ok(lower_inode, ia);
916: if (err)
917: goto out;
918:
919: /* copyup if the file is on a read only branch */
920: if (is_robranch_super(dentry->d_sb, bstart)
921: || __is_rdonly(lower_inode)) {
=> null pointer dereference inside __is_rdonly
922: /* check if we have a branch to copy up to */
923: if (bstart <= 0) {
914: err = -EACCES;
_______________________________________________
unionfs mailing list: http://unionfs.filesystems.org/
[email protected]
http://www.fsl.cs.sunysb.edu/mailman/listinfo/unionfs
