From: Ernie Petrides <petrides@redhat.com> Date: Fri, 3 Aug 2007 17:37:34 -0400 Subject: [tux] fix crashes during shutdown Message-id: 200708032137.l73LbYOB019751@pasta.boston.redhat.com O-Subject: [RHEL5.2 patch] fix for tux crashes during shutdown Bugzilla: 244439 It is trivial to crash RHEL5 when tux is being shut down due to the dereference of a NULL pointer in tux_flush_workqueue(). This is due to a missing tux fix, which was present in the original release of RHEL4. Upon looking through all tux fixes made during RHEL4 updates, I also found another pair of fixes for the analogous problem in ftp_send_file() that are missing in RHEL5. The patch below forward-ports all three fixes from RHEL4 to RHEL5. It was tested simply by starting tux, repeatedly accessing a file under /var/www/html from a remote client, and shutting down tux while continually reloading the page remotely. Before the fix, I got 3 crashes in 3 runs. After the fix, I repeated the test scenario 5 times with no crashes (the client gets a "connection refused" error). This fix addresses RHEL5 BZ 244439: kernel panic during tux shutdown on rhel5 (For reference, the associated RHEL4 BZs are 140916 and 172598, although the latter has a bogus description due to being cloned from a different tux bug. These bugs do not exist in RHEL3.) Please ack/nak as appropriate. Thanks. -ernie Acked-by: Pete Zaitcev <zaitcev@redhat.com> Acked-by: "David S. Miller" <davem@redhat.com> Acked-by: Dave Jones <davej@redhat.com> --- net/tux/input.c | 3 ++- net/tux/proto_ftp.c | 9 ++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/net/tux/input.c b/net/tux/input.c index 792ffb4..34275b1 100644 --- a/net/tux/input.c +++ b/net/tux/input.c @@ -601,7 +601,8 @@ restart: #ifdef CONFIG_TUX_DEBUG req->bytes_expected = 0; #endif - req->in_file->f_pos = 0; + if (req->in_file) + req->in_file->f_pos = 0; req->atom_idx = 0; clear_keepalive(req); req->status = -1; diff --git a/net/tux/proto_ftp.c b/net/tux/proto_ftp.c index 03ad4f5..2d56416 100644 --- a/net/tux/proto_ftp.c +++ b/net/tux/proto_ftp.c @@ -623,8 +623,10 @@ void ftp_send_file (tux_req_t *req, int cachemiss) SET_TIMESTAMP(req->output_timestamp); repeat: ret = generic_send_file(req, req->data_sock, cachemiss); - update_bandwidth(req, req->in_file->f_pos - req->prev_pos); - req->prev_pos = req->in_file->f_pos; + if (req->in_file) { + update_bandwidth(req, req->in_file->f_pos - req->prev_pos); + req->prev_pos = req->in_file->f_pos; + } switch (ret) { case -5: @@ -645,7 +647,8 @@ repeat: case -1: break; default: - req->in_file->f_pos = 0; + if (req->in_file) + req->in_file->f_pos = 0; if (tux_ftp_wait_close) { req->data_sock->ops->shutdown(req->data_sock, SEND_SHUTDOWN); -- 1.5.3.5.645.gbb47