From: Jane Chu <jane.chu@oracle.com>
To: Zhiqiang Liu <liuzhiqiang26@huawei.com>,
"Verma, Vishal L" <vishal.l.verma@intel.com>
Cc: "linux-nvdimm@lists.01.org" <linux-nvdimm@lists.01.org>,
linfeilong <linfeilong@huawei.com>
Subject: Re: [ndctl PATCH V2 0/8] fix serverl issues reported by Coverity
Date: Tue, 8 Dec 2020 16:20:06 -0800 [thread overview]
Message-ID: <c8a8a260-34c6-dbfc-1f19-25c23d01cb45@oracle.com> (raw)
In-Reply-To: <3211fe8a-33fb-37ca-e192-ad1f116f4acd@huawei.com>
Hi,
I actually just ran into the NULL deref issue that is fixed here.
Bu I have a question for the experts:
what might cause libndctl to run into the NULL deref like below ?
Program terminated with signal 11, Segmentation fault.
#0 ndctl_pfn_get_bus (pfn=pfn@entry=0x0) at libndctl.c:5540
5540 return pfn->region->bus;
(gdb) print pfn
$1 = (struct ndctl_pfn *) 0x0
(gdb) frame 4
#4 0x000000000040ca70 in setup_namespace (region=region@entry=0x109d910,
ndns=ndns@entry=0x10a7d40, p=p@entry=0x7ffd8ff73b90) at namespace.c:570
570 try(ndctl_dax, set_uuid, dax, uuid);
(gdb) info locals
__rc = <optimized out>
dax = 0x0
What I did was to let 2 threads run "create-namespace all" in a tight
loop, and 2 other threads run "destroy-namespace all" in a tight loop,
while chasing an year old issue that randomly resurfaces -
"nd_region region1: allocation underrun: 0x0 of 0x40000000 bytes"
In addition, there are kmemleaks,
# cat /sys/kernel/debug/kmemleak
[..]
unreferenced object 0xffff976bd46f6240 (size 64):
comm "ndctl", pid 23556, jiffies 4299514316 (age 5406.733s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 20 c3 37 00 00 00 .......... .7...
ff ff ff 7f 38 00 00 00 00 00 00 00 00 00 00 00 ....8...........
backtrace:
[<00000000064003cf>] __kmalloc_track_caller+0x136/0x379
[<00000000d85e3c52>] krealloc+0x67/0x92
[<00000000d7d3ba8a>] __alloc_dev_dax_range+0x73/0x25c
[<0000000027d58626>] devm_create_dev_dax+0x27d/0x416
[<00000000434abd43>] __dax_pmem_probe+0x1c9/0x1000 [dax_pmem_core]
[<0000000083726c1c>] dax_pmem_probe+0x10/0x1f [dax_pmem]
[<00000000b5f2319c>] nvdimm_bus_probe+0x9d/0x340 [libnvdimm]
[<00000000c055e544>] really_probe+0x230/0x48d
[<000000006cabd38e>] driver_probe_device+0x122/0x13b
[<0000000029c7b95a>] device_driver_attach+0x5b/0x60
[<0000000053e5659b>] bind_store+0xb7/0xc3
[<00000000d3bdaadc>] drv_attr_store+0x27/0x31
[<00000000949069c5>] sysfs_kf_write+0x4a/0x57
[<000000004a8b5adf>] kernfs_fop_write+0x150/0x1e5
[<00000000bded60f0>] __vfs_write+0x1b/0x34
[<00000000b92900f0>] vfs_write+0xd8/0x1d1
thanks,
-jane
On 11/24/2020 5:00 PM, Zhiqiang Liu wrote:
> Changes: V1->V2
> - add one empty line in 1/8 patch as suggested by Jeff Moyer <jmoyer@redhat.com>.
>
>
> Recently, we use Coverity to analysis the ndctl package.
> Several issues should be resolved to make Coverity happy.
>
> Zhiqiang Liu (8):
> namespace: check whether pfn|dax|btt is NULL in setup_namespace
> lib/libndctl: fix memory leakage problem in add_bus
> libdaxctl: fix memory leakage in add_dax_region()
> dimm: fix potential fd leakage in dimm_action()
> util/help: check whether strdup returns NULL in exec_man_konqueror
> lib/inject: check whether cmd is created successfully
> libndctl: check whether ndctl_btt_get_namespace returns NULL in
> callers
> namespace: check whether seed is NULL in validate_namespace_options
>
> daxctl/lib/libdaxctl.c | 3 +++
> ndctl/dimm.c | 12 +++++++-----
> ndctl/lib/inject.c | 8 ++++++++
> ndctl/lib/libndctl.c | 1 +
> ndctl/namespace.c | 23 ++++++++++++++++++-----
> test/libndctl.c | 16 +++++++++++-----
> test/parent-uuid.c | 2 +-
> util/help.c | 8 +++++++-
> util/json.c | 3 +++
> 9 files changed, 59 insertions(+), 17 deletions(-)
>
_______________________________________________
Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org
To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
next prev parent reply other threads:[~2020-12-09 0:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-25 1:00 [ndctl PATCH V2 0/8] fix serverl issues reported by Coverity Zhiqiang Liu
2020-11-25 1:01 ` [ndctl PATCH V2 1/8] namespace: check whether pfn|dax|btt is NULL in setup_namespace Zhiqiang Liu
2020-12-09 0:20 ` Jane Chu [this message]
2020-12-17 8:18 ` [ndctl PATCH V2 0/8] fix serverl issues reported by Coverity Dan Williams
2020-12-17 3:41 ` Verma, Vishal L
2020-12-17 6:18 ` Zhiqiang Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c8a8a260-34c6-dbfc-1f19-25c23d01cb45@oracle.com \
--to=jane.chu@oracle.com \
--cc=linfeilong@huawei.com \
--cc=linux-nvdimm@lists.01.org \
--cc=liuzhiqiang26@huawei.com \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.