I found a bug that cause the kernel to lockup.
The problem is in mm/shmem.c do_shmem_file_read() (the tmpfs)
at line 959 there is a call to file_read_actor(desc, page, offset, nr);
The problem is that inside the function file_read_actor() desc->error is
set to -EFAULT (this happens when the buffer supplied by the user for the
read is wrong)
but there is no check right after the return from file_read_actor() to
test this situation.
The result is that the desc->count field always stay the same and the
while loop in do_shmem_file_read never end and the kernel locksup.
The fix is very simple just add the following line after the call to
file_read_actor():
-------------------
if(desc->error)
break
-------------------
If you need any other info please mail me
Regards
--lior
________________________________________________________________
Lior Amar Distributed Computing Lab MOSIX
E-mail : lior@cs.huji.ac.il
________________________________________________________________
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/