Bug 48431
Summary: | [PATCH]ext4_fill_super() reports success even if ext4_mb_init() fails | ||
---|---|---|---|
Product: | File System | Reporter: | Eugene A. Shatokhin (eugene.shatokhin) |
Component: | ext4 | Assignee: | fs_ext4 (fs_ext4) |
Status: | RESOLVED CODE_FIX | ||
Severity: | normal | CC: | alan, florian |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 3.6 | Subsystem: | |
Regression: | No | Bisected commit-id: | |
Attachments: | The patch to fix the problem |
Patches should be sent with a Signed-off-by: line to the relevant list (See Documentation/SubmittingPatches) In this case linux-ext4@vger.kernel.org You don't need to be subscribed to submit to it. A patch referencing this bug report has been merged in Linux v3.8-rc1: commit 07aa2ea13814ea60d12f7330b6d5ccfdb0c3ba4d Author: Lukas Czerner <lczerner@redhat.com> Date: Thu Nov 8 15:16:54 2012 -0500 ext4: fix error handling in ext4_fill_super() |
Created attachment 82361 [details] The patch to fix the problem If ext4_mb_init() called from ext4_fill_super() (fs/ext4/super.c:3980 in the current ext4 git tree) fails and returns error code, ext4_fill_super() still returns 0. This happens because the return value of ext4_mb_init() is not assigned to 'ret' in the error path. So the previous value of 'ret' (0) is returned from ext4_fill_super(). This problem leads to a kernel oops in mount_fs() when the latter tries to access the struct dentry that the mount() callback returns ("sb = root->d_sb;" in fs/super.c:1180). The problem has been revealed with the help of the fault simulation facilities provided by KEDR Framework. Attached is a trivial patch that fixes the problem.