[Karmic] Fix kernel crash with jfs

Tim Gardner tim.gardner at canonical.com
Thu Jul 23 14:45:48 UTC 2009 

Andy Whitcroft wrote:
> On Thu, Jul 23, 2009 at 04:29:52PM +0200, Stefan Bader wrote:
>> Just found the solution to that nasty bug#396780 which is caused by jfs
>> releasing some acl before returning. The patch has been verified to be working
>> and I will submit it upstream ASAP.
>>
> 
>> From a345a80ca7a926c9c6e322a1e8add4817c834d0f Mon Sep 17 00:00:00 2001
>> From: Stefan Bader <stefan.bader at canonical.com>
>> Date: Thu, 23 Jul 2009 11:26:05 +0200
>> Subject: [PATCH] jfs: Fix early release of acl in jfs_get_acl
>>
>> BugLink: http://bugs.launchpad.net/ubuntu/+bug/396780
>>
>> Commit 073aaa1b142461d91f83da66db1184d7c1b1edea "helpers for acl
>> caching + switch to those" introduced new helper function for
>> acl handling but seems to introduce a regression for jfs as the
>> acl is released before returning it to the caller, instead of
>> leaving this for the caller to do.
>> This causes the acl object to be used after freeing it, leading
>> to kernel panics at completely different places.
>>
>> Thanks to Christophe Dumez for reporting and bisecting into this.
>>
>> Reported-by: Christophe Dumez <dchris at gmail.com>
>> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
>> ---
>>  fs/jfs/acl.c |    4 +---
>>  1 files changed, 1 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/jfs/acl.c b/fs/jfs/acl.c
>> index f272bf0..3c88d1b 100644
>> --- a/fs/jfs/acl.c
>> +++ b/fs/jfs/acl.c
>> @@ -67,10 +67,8 @@ static struct posix_acl *jfs_get_acl(struct inode *inode, int type)
>>  		acl = posix_acl_from_xattr(value, size);
>>  	}
>>  	kfree(value);
>> -	if (!IS_ERR(acl)) {
>> +	if (!IS_ERR(acl))
>>  		set_cached_acl(inode, type, acl);
>> -		posix_acl_release(acl);
>> -	}
>>  	return acl;
>>  }
> 
> I reviewed all of the callers of jfs_get_acl and they are assuming that
> they have a reference on the acl and should be releasing it.  So this
> change looks right to me.
> 
> ACK
> 
> For upstream:
> 
> Acked-by: Andy Whitcroft <apw at canonical.com>
> 
> -apw
> 

Andy is right. The semantics are pretty simple. ACK for Karmic.

-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list