Bug 11831 - NULL pointer derefence since 2.6.27 in (e)poll
Summary: NULL pointer derefence since 2.6.27 in (e)poll
Status: CLOSED CODE_FIX
Alias: None
Product: Other
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: other_other
URL:
Keywords:
Depends on:
Blocks: Regressions-2.6.26
  Show dependency tree
 
Reported: 2008-10-25 06:10 UTC by Rafael J. Wysocki
Modified: 2008-10-26 13:17 UTC (History)
1 user (show)

See Also:
Kernel Version: 2.6.27
Subsystem:
Regression: Yes
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Rafael J. Wysocki 2008-10-25 06:10:42 UTC 
Subject    : NULL pointer derefence since 2.6.27 in (e)poll
Submitter  : "Ben Castricum" <lk0810@bencastricum.nl>
Date       : 2008-10-19 11:02
References : http://marc.info/?l=linux-kernel&m=122441506419398&w=4
Handled-By : Davide Libenzi <davidel@xmailserver.org>
Patch      : http://marc.info/?l=linux-kernel&m=122428548613067&w=2

This entry is being used for tracking a regression from 2.6.26.  Please don't
close it until the problem is fixed in the mainline.
Comment 1 Chuck Ebbert 2008-10-25 16:48:40 UTC 
static unsigned int sock_poll(struct file *file, poll_table *wait)
{
        struct socket *sock;

        /*
         *      We can't return errors to poll, so it's either yes or no.
         */
        sock = file->private_data;
        return sock->ops->poll(file, sock, wait);
}

sock->ops is NULL
Comment 2 Davide Libenzi 2008-10-25 17:26:33 UTC 
A patch has already been sent to Andrew:

http://lkml.org/lkml/2008/10/17/491
Comment 3 Ben Castricum 2008-10-26 02:08:07 UTC 
I've been running the patch for some time now and the bug hasn't appeared anymore. The patch seems to fix it.
Comment 4 Rafael J. Wysocki 2008-10-26 11:39:27 UTC 
References : http://www.kerneloops.org/searchweek.php?search=ep_poll_callback
Note You need to log in before you can comment on or make changes to this bug.