Bug#639416: linux-image-3.0.0-1-686-pae: system hangs after a lot of oopses (after login prompt)
forcemerge 637436 639416
tags 637436 + upstream fixed-upstream
quit
Hi,
Simon Wunderlich wrote:
> After booting (and logging in), the system works for some seconds and then i
> see quite some oopses for around 5 to 10 seconds. Then the system hangs
> completely.
[...]
> 2.6.39-2-686-pae works fine for me. linux-image-3.0.0-1-amd64 shows a similar
> behaviour (hangs after a few seconds)
[...]
> [ 20.616754] CIFS: Unknown mount option codepage
> [ 20.621903] CIFS VFS: default security mechanism requested. The default security mechanism will be upgraded from ntlm to ntlmv2 in kernel release 3.1
> [ 29.507499] ------------[ cut here ]------------
> [ 29.507562] kernel BUG at [...]/mm/slab.c:3059!
Hm, the same assertion as in <http://bugs.debian.org/637436>. Thanks
for pointing out the regression range!
I suspect this is fixed by the following patch, which is part of
v3.1-rc3 and will probably be included in v3.0.4. Testing (of -rc
kernels or of the patch below alone) welcome, of course. :)
commit 13589c437daf
Author: Steve French <sfrench@us.ibm.com>
Date: Thu Aug 18 04:41:55 2011 +0000
[CIFS] possible memory corruption on mount
CIFS cleanup_volume_info_contents() looks like having a memory
corruption problem.
When UNCip is set to "&vol->UNC[2]" in cifs_parse_mount_options(), it
should not be kfree()-ed in cleanup_volume_info_contents().
Introduced in commit b946845a9dc523c759cae2b6a0f6827486c3221a
Signed-off-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
CC: Stable <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 80c2e3add3a2..633c246b6775 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2878,7 +2878,8 @@ cleanup_volume_info_contents(struct smb_vol *volume_info)
kfree(volume_info->username);
kzfree(volume_info->password);
kfree(volume_info->UNC);
- kfree(volume_info->UNCip);
+ if (volume_info->UNCip != volume_info->UNC + 2)
+ kfree(volume_info->UNCip);
kfree(volume_info->domainname);
kfree(volume_info->iocharset);
kfree(volume_info->prepath);
Reply to: