path: root/fs/hfs
diff options
authorEric Sandeen <>2006-11-16 01:19:22 -0800
committerLinus Torvalds <>2006-11-16 11:43:38 -0800
commitd6ddf55440833fd9404138026af246c51ebeef22 (patch)
tree095984ba56a4f6eb14379f77bc6b0fbd49cf7f6a /fs/hfs
parent4c1b6d18bf2fdeb5ac725126c6928aaa98c8e22f (diff)
[PATCH] hfs_fill_super returns success even if no root inode mount that image... fs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. hfs: get root inode failed. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018 printing eip ... EIP is at superblock_doinit+0x21/0x767 ... [] selinux_sb_kern_mount+0xc/0x4b [] vfs_kern_mount+0x99/0xf6 [] do_kern_mount+0x2d/0x3e [] do_mount+0x5fa/0x66d [] sys_mount+0x77/0xae [] syscall_call+0x7/0xb DWARF2 unwinder stuck at syscall_call+0x7/0xb hfs_fill_super() returns success even if root_inode = hfs_iget(sb, &fd.search_key->cat, &rec); or sb->s_root = d_alloc_root(root_inode); fails. This superblock finds its way to superblock_doinit() which does: struct dentry *root = sb->s_root; struct inode *inode = root->d_inode; and boom. Need to make sure the error cases return an error, I think. [ return -ENOMEM on oom] Signed-off-by: Eric Sandeen <> Cc: Roman Zippel <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'fs/hfs')
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/hfs/super.c b/fs/hfs/super.c
index d43b4fcc8ad..85b17b3fa4a 100644
--- a/fs/hfs/super.c
+++ b/fs/hfs/super.c
@@ -390,11 +390,13 @@ static int hfs_fill_super(struct super_block *sb, void *data, int silent)
goto bail_no_root;
+ res = -EINVAL;
root_inode = hfs_iget(sb, &fd.search_key->cat, &rec);
if (!root_inode)
goto bail_no_root;
+ res = -ENOMEM;
sb->s_root = d_alloc_root(root_inode);
if (!sb->s_root)
goto bail_iput;