On Mon, Nov 17, 2003 at 01:21:14PM +0000, Jim Minter wrote:
> I'm getting a kernel oops indicating a null pointer dereference in
> xfs_alloc_lookup(). The symptoms are similar in many respects to those
> indicated at
> http://lists.insecure.org/lists/linux-kernel/2003/Sep/6937.html. There
> doesn't seem to be any follow-up to that article, however.
That one is quite different. That's a 2.6 kernel, and memory
allocation there is done quite differently. Not sure why that
one didn't land in my mailbox, but that one is xfs_trans_alloc
allocating with __GFP_NOFAIL set, and its returned NULL. So,
on first pass that looks like it might be a VM issue. Its on
a relatively old 2.6 now too, so possibly its been resolved by
other folks already.
> What seems to be happening is xfs_alloc_lookup() calls
> xfs_btree_read_bufs() to get a new buffer. xfs_btree_read_bufs() returns a
> null bp, but doesn't return an error. xfs_alloc_lookup(), doesn't check to
> see if bp is null, attempts to dereference it and oopses.
Yes, thats does indeed look like it. The simple "put NULL checks
all over the place" is not going to be the right fix though, we
should be indicating to pagebuf that an allocation is not allowed
to fail, and I think it should be making use of support/kmem code
in some places that its not. That's going to take some detailed
analysis though, I'll need to spend some time on that.
> Does anyone have any comments/ideas on this? Are there any obvious
> work-arounds? Is the problem simply the lack of null-checking in
Unfortunately no obvious work-arounds.
Thanks Jim.
cheers.
--
Nathan
|