Bug 11831

Summary: NULL pointer derefence since 2.6.27 in (e)poll
Product: Other Reporter: Rafael J. Wysocki (rjw)
Component: OtherAssignee: other_other
Status: CLOSED CODE_FIX    
Severity: normal CC: davidel
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 2.6.27 Subsystem:
Regression: Yes Bisected commit-id:
Bug Depends on:    
Bug Blocks: 11167    

Description Rafael J. Wysocki 2008-10-25 06:10:42 UTC 
Subject    : NULL pointer derefence since 2.6.27 in (e)poll
Submitter  : "Ben Castricum" <lk0810@bencastricum.nl>
Date       : 2008-10-19 11:02
References : http://marc.info/?l=linux-kernel&m=122441506419398&w=4
Handled-By : Davide Libenzi <davidel@xmailserver.org>
Patch      : http://marc.info/?l=linux-kernel&m=122428548613067&w=2

This entry is being used for tracking a regression from 2.6.26.  Please don't
close it until the problem is fixed in the mainline.
Comment 1 Chuck Ebbert 2008-10-25 16:48:40 UTC 
static unsigned int sock_poll(struct file *file, poll_table *wait)
{
        struct socket *sock;

        /*
         *      We can't return errors to poll, so it's either yes or no.
         */
        sock = file->private_data;
        return sock->ops->poll(file, sock, wait);
}

sock->ops is NULL
Comment 2 Davide Libenzi 2008-10-25 17:26:33 UTC 
A patch has already been sent to Andrew:

http://lkml.org/lkml/2008/10/17/491
Comment 3 Ben Castricum 2008-10-26 02:08:07 UTC 
I've been running the patch for some time now and the bug hasn't appeared anymore. The patch seems to fix it.
Comment 4 Rafael J. Wysocki 2008-10-26 11:39:27 UTC 
References : http://www.kerneloops.org/searchweek.php?search=ep_poll_callback