kernel-packages team mailing list archive

[Brad Figg <brad.figg@xxxxxxxxxxxxx>]

This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:

apport-collect 1455364

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.

** Changed in: linux (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1455364

Title:
  the wrong return value of function ubifs_fill_super()

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  In function ubifs_fill_super() at fs/ubifs/super.c: 1955, the call to d_alloc_root() in line 2058 may return a NULL pointer, and thus function ubifs_fill_super() will return the value of variable err. And, the function ubifs_fill_super() will return 0 at last when it runs well. However, when the call to d_alloc_root() in line 2058 return a NULL pointer, the value of err is 0. So the function ubifs_fill_super() will return 0 to its caller functions when it runs error because of the failing call to d_alloc_root(), leading to a wrong return value of function ubifs_fill_super().
  The related code snippets in ubifs_fill_super() is as following.
  ubifs_fill_super @@fs/ubifs/super.c: 1955
  1955 static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
  1956 {
               ...
  2045         err = mount_ubifs(c);
  2046         if (err) {
  2047                 ubifs_assert(err < 0);
  2048                 goto out_unlock;
  2049         }
  2050 
  2051         /* Read the root inode */
  2052         root = ubifs_iget(sb, UBIFS_ROOT_INO);
  2053         if (IS_ERR(root)) {
  2054                 err = PTR_ERR(root);
  2055                 goto out_umount;
  2056         }
  2057 
  2058         sb->s_root = d_alloc_root(root);
  2059         if (!sb->s_root)
  2060                 goto out_iput;
  2061 
  2062         mutex_unlock(&c->umount_mutex);
  2063         return 0;
  2064 
  2065 out_iput:
  2066         iput(root);
  2067 out_umount:
  2068         ubifs_umount(c);
  2069 out_unlock:
  2070         mutex_unlock(&c->umount_mutex);
  2071 out_bdi:
  2072         bdi_destroy(&c->bdi);
  2073 out_close:
  2074         ubi_close_volume(c->ubi);
  2075 out_free:
  2076         kfree(c);
  2077         return err;
  2078 }

  Generally, the return value of caller functions which call function d_alloc_root() shall be set to a negative error code when the call to d_alloc_root() returns a NULL pointer, like the following codes in another file.
  bfs_fill_super @@fs/bfs/inode.c: 317
  317 static int bfs_fill_super(struct super_block *s, void *data, int silent)
  318 {
               ...
  371         s->s_root = d_alloc_root(inode);
  372         if (!s->s_root) {
  373                 iput(inode);
  374                 ret = -ENOMEM;
  375                 goto out2;
  376         }
               ...
  444         return 0;
  445 
  446 out3:
  447         dput(s->s_root);
  448         s->s_root = NULL;
  449 out2:
  450         kfree(info->si_imap);
  451 out1:
  452         brelse(sbh);
  453 out:
  454         mutex_destroy(&info->bfs_lock);
  455         kfree(info);
  456         s->s_fs_info = NULL;
  457         return ret;
  458 }

  Thank you

  RUC_Soft_Sec

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1455364/+subscriptions