Ubuntu
linux package

the wrong return value of function ubifs_fill_super()

Bug #1455364 reported by anna
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Triaged
Low
Unassigned

Bug Description

In function ubifs_fill_super() at fs/ubifs/super.c: 1955, the call to d_alloc_root() in line 2058 may return a NULL pointer, and thus function ubifs_fill_super() will return the value of variable err. And, the function ubifs_fill_super() will return 0 at last when it runs well. However, when the call to d_alloc_root() in line 2058 return a NULL pointer, the value of err is 0. So the function ubifs_fill_super() will return 0 to its caller functions when it runs error because of the failing call to d_alloc_root(), leading to a wrong return value of function ubifs_fill_super().
The related code snippets in ubifs_fill_super() is as following.
ubifs_fill_super @@fs/ubifs/super.c: 1955
1955 static int ubifs_fill_super(struct super_block *sb, void *data, int silent)
1956 {
             ...
2045 err = mount_ubifs(c);
2046 if (err) {
2047 ubifs_assert(err < 0);
2048 goto out_unlock;
2049 }
2050
2051 /* Read the root inode */
2052 root = ubifs_iget(sb, UBIFS_ROOT_INO);
2053 if (IS_ERR(root)) {
2054 err = PTR_ERR(root);
2055 goto out_umount;
2056 }
2057
2058 sb->s_root = d_alloc_root(root);
2059 if (!sb->s_root)
2060 goto out_iput;
2061
2062 mutex_unlock(&c->umount_mutex);
2063 return 0;
2064
2065 out_iput:
2066 iput(root);
2067 out_umount:
2068 ubifs_umount(c);
2069 out_unlock:
2070 mutex_unlock(&c->umount_mutex);
2071 out_bdi:
2072 bdi_destroy(&c->bdi);
2073 out_close:
2074 ubi_close_volume(c->ubi);
2075 out_free:
2076 kfree(c);
2077 return err;
2078 }

Generally, the return value of caller functions which call function d_alloc_root() shall be set to a negative error code when the call to d_alloc_root() returns a NULL pointer, like the following codes in another file.
bfs_fill_super @@fs/bfs/inode.c: 317
317 static int bfs_fill_super(struct super_block *s, void *data, int silent)
318 {
             ...
371 s->s_root = d_alloc_root(inode);
372 if (!s->s_root) {
373 iput(inode);
374 ret = -ENOMEM;
375 goto out2;
376 }
             ...
444 return 0;
445
446 out3:
447 dput(s->s_root);
448 s->s_root = NULL;
449 out2:
450 kfree(info->si_imap);
451 out1:
452 brelse(sbh);
453 out:
454 mutex_destroy(&info->bfs_lock);
455 kfree(info);
456 s->s_fs_info = NULL;
457 return ret;
458 }

Thank you

RUC_Soft_Sec

Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1455364

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
anna (zy900702) wrote :

I didn't run this command

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
penalvch (penalvch) wrote :

anna, then please run the command, and when you have done so, then please mark this back to Confirmed.

Changed in linux (Ubuntu):
status: Confirmed → Incomplete
importance: Undecided → Low
Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

This issue appears to be an upstream bug, since the code is the same in the current v4.1-rc3 mainline kernel.

Would it be possible for you to open an upstream bug report[0]? That will allow the upstream Developers to examine the issue, and may provide a quicker resolution to the bug.

Please follow the instructions on the wiki page[0]. The first step is to email the appropriate mailing list. If no response is received, then a bug may be opened on bugzilla.kernel.org.

Once this bug is reported upstream, please add the tag: 'kernel-bug-reported-upstream'.

[0] https://wiki.ubuntu.com/Bugs/Upstream/kernel

tags: added: kernel-bug-exists-upstream kernel-da-key
Changed in linux (Ubuntu):
status: Incomplete → Triaged
anna (zy900702)
tags: added: kernel-bug-reported-upstream
anna (zy900702)
Changed in linux (Ubuntu):
assignee: nobody → anna (zy900702)
assignee: anna (zy900702) → nobody
Rahul (rahulshantagiri9999)
Changed in linux (Ubuntu):
status: Triaged → Confirmed
assignee: nobody → Rahul (rahulshantagiri9999)
Revision history for this message
penalvch (penalvch) wrote :

Rahul, please do not adjust the status. For more on Status, please see https://wiki.ubuntu.com/Bugs/Status .

Also, please do not assign yourself to this bug unless you are personally going to release an update imminently to Ubuntu that addresses the scope of this report.

Changed in linux (Ubuntu):
assignee: Rahul (rahulshantagiri9999) → nobody
status: Confirmed → Triaged
Revision history for this message
penalvch (penalvch) wrote :

anna, could you please provide a URL to your upstream report as previously requested of you in https://wiki.ubuntu.com/Bugs/Upstream/kernel ?

anna (rucsoftsec)
Changed in linux (Ubuntu):
assignee: nobody → anna (rucsoftsec)
status: Triaged → Confirmed
penalvch (penalvch)
Changed in linux (Ubuntu):
assignee: anna (rucsoftsec) → nobody
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.