755788 – [fs/dcache] d_alloc_name(NULL, "/") introduces null pointer stack dump

Bug 755788 - [fs/dcache] d_alloc_name(NULL, "/") introduces null pointer stack dump

Summary: [fs/dcache] d_alloc_name(NULL, "/") introduces null pointer stack dump

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	16
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Kernel Maintainer List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-22 03:26 UTC by siukoon
Modified:	2011-11-22 14:41 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-11-22 14:11:22 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description siukoon 2011-11-22 03:26:58 UTC

Description of problem:
d_alloc_name(NULL, "/") is working in kernel 2.6.39 or before, because d_alloc will handle NULL parent gracefully.  It will INIT_LIST_HEAD(&dentry->d_u.d_child) also.
However, in the latest source (e.g. 2.6.41 for FC15 and 3.1.1 for FC16), d_alloc_name(NULL, "/") tries to pass parent->sb to __d_alloc while parent is NULL.  Therefore, it will introduce null pointer exception.

Version-Release number of selected component (if applicable):
FC16 kernel-3.1.1-2.fc16
FC15 kernel-2.6.41.1-1.fc15

How reproducible:
In userspace, call d_alloc_name(NULL, "/").

Steps to Reproduce:
1. Compile the program.
2. Run it.
3. Check dmesg.
  
Actual results:
[   10.593715] RIP: 0010:[<ffffffff8113b60b>]  [<ffffffff8113b60b>] d_alloc+0xf/0x51
[   10.594043] Call Trace:
[   10.594047]  [<ffffffff8113b6ae>] d_alloc_name+0x61/0x63
[   10.594052]  [<ffffffffa0204dfd>] HgfsReadSuper+0x227/0x28f [vmhgfs]

Expected results:
No warning and a dummy dentry is created.

Additional info:
Use case: vmtools vmhgfs vmhgfs-only/filesystem.c HgfsReadSuper
In case d_alloc_name does not expect NULL parent, it is nice to have d_alloc_name handling it gracefully.

Comment 1 Josh Boyer 2011-11-22 13:57:17 UTC

You should report this to the upstream kernel developers.

Comment 2 Josh Boyer 2011-11-22 14:11:22 UTC

I'm pretty sure this was done intentionally by commit a4464dbc0ca6a3ab8e9d1206bc05059dae2a559d anyway.  Since vmhgfs is out-of-tree,  it needs to be converted to the new scheme.  VMWare should look into that.

Comment 3 siukoon 2011-11-22 14:41:32 UTC

Thanks for the quick advice.

Note You need to log in before you can comment on or make changes to this bug.