1
linux/fs
Vasily Tarasov 701e054e0c [PATCH] mounstats NULL pointer dereference
OpenVZ developers team has encountered the following problem in 2.6.19-rc6
kernel. After some seconds of running script

while [[ 1 ]]
do
	find  /proc -name mountstats | xargs cat
done

this Oops appears:

BUG: unable to handle kernel NULL pointer dereference at virtual address
00000010
 printing eip:
c01a6b70
*pde = 00000000
Oops: 0000 [#1]
SMP
Modules linked in: xt_length ipt_ttl xt_tcpmss ipt_TCPMSS iptable_mangle
iptable_filter xt_multiport xt_limit ipt_tos ipt_REJECT ip_tables x_tables
parport_pc lp parport sunrpc af_packet thermal processor fan button battery
asus_acpi ac ohci_hcd ehci_hcd usbcore i2c_nforce2 i2c_core tg3 floppy
pata_amd
ide_cd cdrom sata_nv libata
CPU:    1
EIP:    0060:[<c01a6b70>]    Not tainted VLI
EFLAGS: 00010246   (2.6.19-rc6 #2)
EIP is at mountstats_open+0x70/0xf0
eax: 00000000   ebx: e6247030   ecx: e62470f8   edx: 00000000
esi: 00000000   edi: c01a6b00   ebp: c33b83c0   esp: f4105eb4
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 6044, ti=f4105000 task=f4104a70 task.ti=f4105000)
Stack: c33b83c0 c04ee940 f46a4a80 c33b83c0 e4df31b4 c01a6b00 f4105000 c0169231
       e4df31b4 c33b83c0 c33b83c0 f4105f20 00000003 f4105000 c0169445 f2503cf0
       f7f8c4c0 00008000 c33b83c0 00000000 00008000 c0169350 f4105f20 00008000
Call Trace:
 [<c01a6b00>] mountstats_open+0x0/0xf0
 [<c0169231>] __dentry_open+0x181/0x250
 [<c0169445>] nameidata_to_filp+0x35/0x50
 [<c0169350>] do_filp_open+0x50/0x60
 [<c01873d6>] seq_read+0xc6/0x300
 [<c0169511>] get_unused_fd+0x31/0xc0
 [<c01696d3>] do_sys_open+0x63/0x110
 [<c01697a7>] sys_open+0x27/0x30
 [<c01030bd>] sysenter_past_esp+0x56/0x79
 =======================
Code: 45 74 8b 54 24 20 89 44 24 08 8b 42 f0 31 d2 e8 47 cb f8 ff 85 c0 89 c3
74 51 8d 80 a0 04 00 00 e8 46 06 2c 00 8b 83 48 04 00 00 <8b> 78 10 85 ff 74
03
f0 ff 07 b0 01 86 83 a0 04 00 00 f0 ff 4b
EIP: [<c01a6b70>] mountstats_open+0x70/0xf0 SS:ESP 0068:f4105eb4

The problem is that task->nsproxy can be equal NULL for some time during
task exit. This patch fixes the BUG.

Signed-off-by: Vasily Tarasov <vtaras@openvz.org>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-11-25 13:28:33 -08:00
..
9p [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
adfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
affs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
afs [PATCH] fs/*: use BUILD_BUG_ON 2006-10-11 11:14:23 -07:00
autofs [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
autofs4 [PATCH] autofs4: panic after mount fail 2006-11-14 09:09:27 -08:00
befs [PATCH] befs: endianness annotations 2006-10-10 16:15:33 -07:00
bfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
cifs [CIFS] Fix minor problem with previous patch 2006-11-09 21:25:37 +00:00
coda [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
configfs configfs: handle kzalloc() failure in check_perm() 2006-10-20 15:29:00 -07:00
cramfs [PATCH] cramfs: make cramfs_uncompress_exit() return void 2006-09-29 09:18:20 -07:00
debugfs debugfs: check return value correctly 2006-11-16 14:30:26 -08:00
devpts [PATCH] inode-diet: Eliminate i_blksize from the inode structure 2006-09-27 08:26:18 -07:00
dlm [DLM] fix oops in kref_put when removing a lockspace 2006-11-06 09:28:01 -05:00
ecryptfs [PATCH] eCryptfs: CIFS nlink fixes 2006-11-16 11:43:38 -08:00
efs [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
exportfs [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
ext2 [PATCH] ext2: errors behaviour fix 2006-10-11 11:14:21 -07:00
ext3 [PATCH] ext3: errors behaviour fix 2006-10-11 11:14:21 -07:00
ext4 [PATCH] ext4: fix printk format warnings 2006-10-28 11:30:51 -07:00
fat [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
freevxfs [PATCH] freevxfs: fix leak on error path 2006-09-29 09:18:20 -07:00
fuse [PATCH] fuse: fix Oops in lookup 2006-11-25 13:28:33 -08:00
gfs2 [GFS2] Fix OOM error handling 2006-11-06 08:59:42 -05:00
hfs [PATCH] hfs_fill_super returns success even if no root inode 2006-11-16 11:43:38 -08:00
hfsplus fix file specification in comments 2006-10-03 23:01:26 +02:00
hostfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
hpfs [PATCH] hpfs endianness annotations 2006-10-10 16:15:34 -07:00
hppfs [PATCH] hppfs: readdir callback missed in prototype change 2006-10-09 14:19:08 -07:00
hugetlbfs [PATCH] hugetlb: prepare_hugepage_range check offset too 2006-11-14 09:09:27 -08:00
isofs [PATCH] isofs endianness annotations 2006-10-10 16:15:34 -07:00
jbd [PATCH] jbd: journal_dirty_data re-check for unmapped buffers 2006-10-28 11:30:51 -07:00
jbd2 [PATCH] jbd2: journal_dirty_data re-check for unmapped buffers 2006-10-28 11:30:51 -07:00
jffs [PATCH] r/o bind mounts: unlink: monitor i_nlink 2006-10-01 00:39:30 -07:00
jffs2 [PATCH] fs/*: use BUILD_BUG_ON 2006-10-11 11:14:23 -07:00
jfs JFS: Remove redundant xattr permission checking 2006-11-02 10:50:40 -06:00
lockd [PATCH] sysctl: implement CTL_UNNUMBERED 2006-11-06 01:46:23 -08:00
minix [PATCH] fs/*: use BUILD_BUG_ON 2006-10-11 11:14:23 -07:00
msdos [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
ncpfs [PATCH] wrong order of arguments in copy_to_user() in ncpfs 2006-10-09 14:19:08 -07:00
nfs [PATCH] sysctl: implement CTL_UNNUMBERED 2006-11-06 01:46:23 -08:00
nfs_common [PATCH] nfs_common endianness annotations 2006-10-20 10:26:41 -07:00
nfsd [PATCH] nfsd: fix spurious error return from nfsd_create in async case 2006-11-08 18:29:25 -08:00
nls fix file specification in comments 2006-10-03 23:01:26 +02:00
ntfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
ocfs2 ocfs2: cond_resched() in ocfs2_zero_extend() 2006-10-20 15:27:48 -07:00
openpromfs Move several *_SUPER_MAGIC symbols to include/linux/magic.h. 2006-09-24 11:13:19 -04:00
partitions [PATCH] fs/partitions/check: add sysfs error handling 2006-10-17 08:18:47 -07:00
proc [PATCH] mounstats NULL pointer dereference 2006-11-25 13:28:33 -08:00
qnx4 [PATCH] r/o bind mounts: monitor zeroing of i_nlink 2006-10-01 00:39:30 -07:00
ramfs [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
reiserfs [PATCH] reiserfs: reset errval after initializing bitmap cache 2006-11-03 12:27:58 -08:00
romfs [PATCH] Really ignore kmem_cache_destroy return value 2006-09-27 08:26:10 -07:00
smbfs [PATCH] Streamline generic_file_* interfaces and filemap cleanups 2006-10-01 00:39:28 -07:00
sysfs sysfs: update obsolete comment in sysfs_update_file 2006-10-18 12:49:54 -07:00
sysv [PATCH] fs/*: use BUILD_BUG_ON 2006-10-11 11:14:23 -07:00
udf [PATCH] UDF: Fix mounting read-write 2006-10-05 16:18:55 -07:00
ufs [PATCH] ufs endianness annotations 2006-10-10 16:15:34 -07:00
vfat [PATCH] fat: add fat_getattr() 2006-11-16 11:43:38 -08:00
xfs [XFS] Stale the correct inode when freeing clusters. 2006-11-21 18:55:33 +11:00
aio.c [PATCH] pr_debug: aio: use size_t length modifier in pr_debug format arguments 2006-10-03 08:04:19 -07:00
attr.c
bad_inode.c [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
binfmt_aout.c [PATCH] Require mmap handler for a.out executables 2006-09-29 09:18:08 -07:00
binfmt_elf_fdpic.c [PATCH] elf_fdpic_core_dump: don't take tasklist_lock 2006-09-29 09:18:14 -07:00
binfmt_elf.c [PATCH] Fix core files so they make sense to gdb... 2006-10-15 11:24:49 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c [PATCH] Fix unserialized task->files changing 2006-09-29 09:18:12 -07:00
binfmt_script.c
binfmt_som.c [PARISC] Fix fs/binfmt_som.c 2006-10-04 06:51:26 -06:00
bio.c [PATCH] fs/bio.c: tweaks 2006-10-11 11:14:25 -07:00
block_dev.c [PATCH] find_bd_holder() fix 2006-10-31 08:06:58 -08:00
buffer.c [PATCH] Fix IO error reporting on fsync() 2006-10-17 08:18:46 -07:00
char_dev.c [PATCH] BLOCK: Move extern declarations out of fs/*.c into header files [try #6] 2006-09-30 20:52:18 +02:00
compat_ioctl.c [PATCH] 32-bit compatibility HDIO IOCTLs 2006-10-11 11:14:22 -07:00
compat.c [PATCH] sys_pselect7 vs compat_sys_pselect7 uaccess error handling 2006-11-03 12:27:55 -08:00
dcache.c [PATCH] VFS: Fix an error in unused dentry counting 2006-10-28 11:30:53 -07:00
dcookies.c
direct-io.c
dnotify.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
dquot.c [PATCH] dquot: add proper locking when using current->signal->tty 2006-09-29 09:18:14 -07:00
drop_caches.c
eventpoll.c [PATCH] epoll_pwait() 2006-10-11 11:14:21 -07:00
exec.c [PATCH] namespaces: utsname: switch to using uts namespaces 2006-10-02 07:57:21 -07:00
fcntl.c [PATCH] file: Add locking to f_getown 2006-10-02 07:57:15 -07:00
fifo.c
file_table.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
file.c [PATCH] expand_fdtable(): remove pointless unlock+lock 2006-09-29 09:18:25 -07:00
filesystems.c [PATCH] Ban register_filesystem(NULL); 2006-09-29 09:18:20 -07:00
fs-writeback.c [PATCH] BLOCK: Remove dependence on existence of blockdev_superblock [try #6] 2006-09-30 20:52:26 +02:00
generic_acl.c [PATCH] Generic infrastructure for acls 2006-09-29 09:18:24 -07:00
inode.c [PATCH] Take i_mutex in splice_from_pipe() 2006-10-19 20:53:08 +02:00
inotify_user.c
inotify.c
internal.h [PATCH] CONFIG_BLOCK internal.h cleanups 2006-09-30 20:52:32 +02:00
ioctl.c
ioprio.c [PATCH] block layer: ioprio_best function fix 2006-10-12 15:09:51 +02:00
Kconfig [PATCH] AFS: Amend the AFS configuration options 2006-11-16 11:43:38 -08:00
Kconfig.binfmt
libfs.c [PATCH] r/o bind mount prepwork: inc_nlink() helper 2006-10-01 00:39:30 -07:00
locks.c [PATCH] file: modify struct fown_struct to use a struct pid 2006-10-02 07:57:14 -07:00
Makefile [PATCH] jbd2: enable building of jbd2 and have ext4 use it rather than jbd 2006-10-11 11:14:16 -07:00
mbcache.c [PATCH] mbcache: add lock annotation for __mb_cache_entry_release_unlock() 2006-09-29 09:18:07 -07:00
mpage.c [PATCH] BLOCK: Dissociate generic_writepages() from mpage stuff [try #6] 2006-09-30 20:52:26 +02:00
namei.c [PATCH] r/o bind mount prepwork: move open_namei()'s vfs_create() 2006-10-01 00:39:30 -07:00
namespace.c [PATCH] namespaces: incorporate fs namespace into nsproxy 2006-10-02 07:57:20 -07:00
nfsctl.c
no-block.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
open.c [PATCH] r/o bind mounts: prepare for write access checks: collapse if() 2006-10-01 00:39:30 -07:00
pipe.c [PATCH] Some cleanup in the pipe code 2006-10-01 00:39:33 -07:00
pnode.c
pnode.h
posix_acl.c [PATCH] kmemdup: some users 2006-10-01 00:39:19 -07:00
quota_v1.c
quota_v2.c
quota.c [PATCH] BLOCK: Make it possible to disable the block layer [try #6] 2006-09-30 20:52:31 +02:00
read_write.c [PATCH] Add vector AIO support 2006-10-01 00:39:29 -07:00
read_write.h [PATCH] Remove readv/writev methods and use aio_read/aio_write instead 2006-10-01 00:39:28 -07:00
readdir.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
select.c [PATCH] enforce RLIMIT_NOFILE in poll() 2006-09-29 09:18:23 -07:00
seq_file.c
splice.c [PATCH] splice: fix problem introduced with inode diet 2006-11-04 08:45:39 -08:00
stat.c [PATCH] VFS: Make filldir_t and struct kstat deal in 64-bit inode numbers 2006-10-03 08:03:40 -07:00
super.c [PATCH] VFS: Destroy the dentries contributed by a superblock on unmounting 2006-10-11 11:14:25 -07:00
sync.c [PATCH] BLOCK: Move functions out of buffer code [try #6] 2006-09-30 20:31:19 +02:00
utimes.c [PATCH] Create fs/utimes.c 2006-10-01 00:39:19 -07:00
xattr_acl.c
xattr.c [PATCH] Fix user.* xattr permission check for sticky dirs 2006-11-03 12:27:59 -08:00