Hi Marco,

it seems the kernel is at fault and not udev. Have a look at this commit,

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8442edc18843491978f7820f87dbdf293461290e

especially the third blob - the unfixed version rounded even a
->name_len == 0 up to sizeof(struct inotify_event) and copied more into
the userspace buffer than it was asked for, which is nicely visible in
a udev strace log...

read(13, "\4\0\0\0\0\200\0\0\0\0\0\0\20\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 
16) = 32

(( Received inotify_event for watch #4, IN_DELETE, len has been rounded
up to 16, but the ->name is just "", which itself is fine because #4 was in
this case a watch on '/dev/sdb' and not a directory ))

I'm just compiling 2.6.31-rc9 which contains the fix (the mentioned commit
was made 8 days ago). If I don't report back, at least this specific
segfault instance is fixed. ;)


Regards,

Jan

Attachment: signature.asc
Description: Digital signature

Reply via email to