From: Andrey Borzenkov <arvidjaar@mail.ru>

_devfs_walk_path does not check if de it is about to scan is a directory. 
Next step is spinlock on non-spinlock memory.  It requires either artificial
setup or really broken driver but fairly easy to reproduce once you know how.

It is likely to exist in 2.4 as well.


 fs/devfs/base.c |    6 ++++++
 1 files changed, 6 insertions(+)

diff -puN fs/devfs/base.c~devfs_walk_path fs/devfs/base.c
--- 25/fs/devfs/base.c~devfs_walk_path	2003-08-10 02:31:02.000000000 -0700
+++ 25-akpm/fs/devfs/base.c	2003-08-10 02:31:02.000000000 -0700
@@ -1224,6 +1224,12 @@ static devfs_handle_t _devfs_walk_path (
     {
 	struct devfs_entry *de, *link;
 
+	if (!S_ISDIR (dir->mode))
+	{
+	    devfs_put (dir);
+	    return NULL;
+	}
+
 	if ( ( de = _devfs_descend (dir, name, namelen, &next_pos) ) == NULL )
 	{
 	    devfs_put (dir);

_