[thirdparty/kernel/stable-queue.git] / releases / 2.6.36.4 / nilfs2-fix-crash-after-one-superblock-became-unavailable.patch

From 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 Mon Sep 17 00:00:00 2001
From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Date: Fri, 21 Jan 2011 16:40:31 +0900
Subject: nilfs2: fix crash after one superblock became unavailable

From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>

commit 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 upstream.

Fixes the following kernel oops in nilfs_setup_super() which could
arise if one of two super-blocks is unavailable.

> BUG: unable to handle kernel NULL pointer dereference at   (null)
> Pid: 3529, comm: mount.nilfs2 Not tainted 2.6.37 #1 /
> EIP: 0060:[<c03196bc>] EFLAGS: 00010202 CPU: 3
> EIP is at memcpy+0xc/0x1b
> Call Trace:
>  [<f953720e>] ? nilfs_setup_super+0x6c/0xa5 [nilfs2]
>  [<f95369e9>] ? nilfs_get_root_dentry+0x81/0xcb [nilfs2]
>  [<f9537a08>] ? nilfs_mount+0x4f9/0x62c [nilfs2]
>  [<c02745cf>] ? kstrdup+0x36/0x3f
>  [<f953750f>] ? nilfs_mount+0x0/0x62c [nilfs2]
>  [<c0293940>] ? vfs_kern_mount+0x4d/0x12c
>  [<c02a5100>] ? get_fs_type+0x76/0x8f
>  [<c0293a68>] ? do_kern_mount+0x33/0xbf
>  [<c02a784a>] ? do_mount+0x2ed/0x714
>  [<c02a6171>] ? copy_mount_options+0x28/0xfc
>  [<c02a7ce3>] ? sys_mount+0x72/0xaf
>  [<c0473085>] ? syscall_call+0x7/0xb

Reported-by: Wakko Warner <wakko@animx.eu.org>
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
Tested-by: Wakko Warner <wakko@animx.eu.org>
LKML-Reference: <20110121024918.GA29598@animx.eu.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 fs/nilfs2/super.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/nilfs2/super.c
+++ b/fs/nilfs2/super.c
@@ -733,7 +733,8 @@ static int nilfs_setup_super(struct nilf
 		cpu_to_le16(le16_to_cpu(sbp[0]->s_state) & ~NILFS_VALID_FS);
 	sbp[0]->s_mtime = cpu_to_le64(get_seconds());
 	/* synchronize sbp[1] with sbp[0] */
-	memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
+	if (sbp[1])
+		memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
 	return nilfs_commit_super(sbi, NILFS_SB_COMMIT_ALL);
 }
Commit	Line	Data
21bbe2c0 GKH	1	From 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 Mon Sep 17 00:00:00 2001
	2	From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
	3	Date: Fri, 21 Jan 2011 16:40:31 +0900
	4	Subject: nilfs2: fix crash after one superblock became unavailable
	5
	6	From: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
	7
	8	commit 0ca7a5b9ac5d301845dd6382ff25a699b6263a81 upstream.
	9
	10	Fixes the following kernel oops in nilfs_setup_super() which could
	11	arise if one of two super-blocks is unavailable.
	12
	13	> BUG: unable to handle kernel NULL pointer dereference at (null)
	14	> Pid: 3529, comm: mount.nilfs2 Not tainted 2.6.37 #1 /
	15	> EIP: 0060:[<c03196bc>] EFLAGS: 00010202 CPU: 3
	16	> EIP is at memcpy+0xc/0x1b
	17	> Call Trace:
	18	> [<f953720e>] ? nilfs_setup_super+0x6c/0xa5 [nilfs2]
	19	> [<f95369e9>] ? nilfs_get_root_dentry+0x81/0xcb [nilfs2]
	20	> [<f9537a08>] ? nilfs_mount+0x4f9/0x62c [nilfs2]
	21	> [<c02745cf>] ? kstrdup+0x36/0x3f
	22	> [<f953750f>] ? nilfs_mount+0x0/0x62c [nilfs2]
	23	> [<c0293940>] ? vfs_kern_mount+0x4d/0x12c
	24	> [<c02a5100>] ? get_fs_type+0x76/0x8f
	25	> [<c0293a68>] ? do_kern_mount+0x33/0xbf
	26	> [<c02a784a>] ? do_mount+0x2ed/0x714
	27	> [<c02a6171>] ? copy_mount_options+0x28/0xfc
	28	> [<c02a7ce3>] ? sys_mount+0x72/0xaf
	29	> [<c0473085>] ? syscall_call+0x7/0xb
	30
	31	Reported-by: Wakko Warner <wakko@animx.eu.org>
	32	Signed-off-by: Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp>
	33	Tested-by: Wakko Warner <wakko@animx.eu.org>
	34	LKML-Reference: <20110121024918.GA29598@animx.eu.org>
	35	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	36
	37	---
	38	fs/nilfs2/super.c \| 3 ++-
	39	1 file changed, 2 insertions(+), 1 deletion(-)
	40
	41	--- a/fs/nilfs2/super.c
	42	+++ b/fs/nilfs2/super.c
	43	@@ -733,7 +733,8 @@ static int nilfs_setup_super(struct nilf
	44	cpu_to_le16(le16_to_cpu(sbp[0]->s_state) & ~NILFS_VALID_FS);
	45	sbp[0]->s_mtime = cpu_to_le64(get_seconds());
	46	/* synchronize sbp[1] with sbp[0] */
	47	- memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
	48	+ if (sbp[1])
	49	+ memcpy(sbp[1], sbp[0], nilfs->ns_sbsize);
	50	return nilfs_commit_super(sbi, NILFS_SB_COMMIT_ALL);
	51	}
	52