* double free in recent multipath-tools
@ 2009-04-22 22:05 Mike Snitzer
2009-04-23 1:18 ` [PATCH] fix double frees " Mike Snitzer
0 siblings, 1 reply; 4+ messages in thread
From: Mike Snitzer @ 2009-04-22 22:05 UTC (permalink / raw)
To: Hannes Reinecke; +Cc: dm-devel
Seems the latest multipath-tools has an issue with a double free. I
haven't looked at what the proper fix is yet but I wanted to give others
a heads up.
Running something as basic as 'multipath' drops a core.
The recent commit 37b079e555c459bd902a3855f223e3803aeb1fbe appears to
have the offending hunk:
@@ -404,6 +410,12 @@ free_config (struct config * conf)
if (conf->checker_name)
FREE(conf->checker_name);
+ if (conf->prio_name)
+ FREE(conf->prio_name);
+
+ if (conf->checker_name)
+ FREE(conf->checker_name);
+
free_blacklist(conf->blist_devnode);
free_blacklist(conf->blist_wwid);
free_blacklist_device(conf->blist_device);
(gdb) bt
#0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
#1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
#2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
#3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
#4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
#5 0x00007ffff7dbc205 in xfree (p=0x60b2e0) at memory.c:52
#6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
#7 0x00000000004027a4 in main (argc=3, argv=0x7fffffffe718) at main.c:474
(gdb) frame 6
#6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
(gdb) l
409
410 if (conf->checker_name)
411 FREE(conf->checker_name);
412
413 if (conf->prio_name)
414 FREE(conf->prio_name);
415
416 if (conf->checker_name)
417 FREE(conf->checker_name);
418
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH] fix double frees in recent multipath-tools
2009-04-22 22:05 double free in recent multipath-tools Mike Snitzer
@ 2009-04-23 1:18 ` Mike Snitzer
2009-04-28 21:54 ` christophe.varoqui
0 siblings, 1 reply; 4+ messages in thread
From: Mike Snitzer @ 2009-04-23 1:18 UTC (permalink / raw)
To: Hannes Reinecke; +Cc: dm-devel
On Wed, Apr 22 2009 at 6:05pm -0400,
Mike Snitzer <snitzer@redhat.com> wrote:
>
> Seems the latest multipath-tools has an issue with a double free. I
> haven't looked at what the proper fix is yet but I wanted to give others
> a heads up.
>
> Running something as basic as 'multipath' drops a core.
...
> (gdb) bt
> #0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
> #1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
> #2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
> #3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
> #4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
> #5 0x00007ffff7dbc205 in xfree (p=0x60b2e0) at memory.c:52
> #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> #7 0x00000000004027a4 in main (argc=3, argv=0x7fffffffe718) at main.c:474
> (gdb) frame 6
> #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> (gdb) l
> 409
> 410 if (conf->checker_name)
> 411 FREE(conf->checker_name);
> 412
> 413 if (conf->prio_name)
> 414 FREE(conf->prio_name);
> 415
> 416 if (conf->checker_name)
> 417 FREE(conf->checker_name);
> 418
Here is another one:
(gdb) bt
#0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
#1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
#2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
#3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
#4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
#5 0x00007ffff7dbc205 in xfree (p=0x604a90) at memory.c:52
#6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
#7 0x00007ffff7dc2b0f in free_hwtable (hwtable=0x604460) at config.c:179
#8 0x00007ffff7dc3684 in free_config (conf=0x604620) at config.c:422
#9 0x00000000004027a4 in main (argc=1, argv=0x7fffffffe738) at main.c:474
(gdb) frame 6
#6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
162 FREE(hwe->prio_name);
(gdb) l
157
158 if (hwe->bl_product)
159 FREE(hwe->bl_product);
160
161 if (hwe->prio_name)
162 FREE(hwe->prio_name);
163
164 if (hwe->checker_name)
165 FREE(hwe->checker_name);
166 FREE(hwe);
The following patch fixes the crashes I saw.
diff --git a/libmultipath/config.c b/libmultipath/config.c
index 6039642..05dbcd2 100644
--- a/libmultipath/config.c
+++ b/libmultipath/config.c
@@ -158,11 +158,6 @@ free_hwe (struct hwentry * hwe)
if (hwe->bl_product)
FREE(hwe->bl_product);
- if (hwe->prio_name)
- FREE(hwe->prio_name);
-
- if (hwe->checker_name)
- FREE(hwe->checker_name);
FREE(hwe);
}
@@ -410,12 +405,6 @@ free_config (struct config * conf)
if (conf->checker_name)
FREE(conf->checker_name);
- if (conf->prio_name)
- FREE(conf->prio_name);
-
- if (conf->checker_name)
- FREE(conf->checker_name);
-
free_blacklist(conf->blist_devnode);
free_blacklist(conf->blist_wwid);
free_blacklist_device(conf->blist_device);
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] fix double frees in recent multipath-tools
2009-04-23 1:18 ` [PATCH] fix double frees " Mike Snitzer
@ 2009-04-28 21:54 ` christophe.varoqui
2009-04-28 22:04 ` Mike Snitzer
0 siblings, 1 reply; 4+ messages in thread
From: christophe.varoqui @ 2009-04-28 21:54 UTC (permalink / raw)
To: device-mapper development
Merged as ef341c2fa151b1c5b8ba26633fc28916161a85ff
... with due credit.
----- Mail Original -----
De: "Mike Snitzer" <snitzer@redhat.com>
À: "Hannes Reinecke" <hare@suse.de>
Cc: dm-devel@redhat.com
Envoyé: Jeudi 23 Avril 2009 03h18:35 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: [dm-devel] [PATCH] fix double frees in recent multipath-tools
On Wed, Apr 22 2009 at 6:05pm -0400,
Mike Snitzer <snitzer@redhat.com> wrote:
>
> Seems the latest multipath-tools has an issue with a double free. I
> haven't looked at what the proper fix is yet but I wanted to give others
> a heads up.
>
> Running something as basic as 'multipath' drops a core.
...
> (gdb) bt
> #0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
> #1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
> #2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
> #3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
> #4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
> #5 0x00007ffff7dbc205 in xfree (p=0x60b2e0) at memory.c:52
> #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> #7 0x00000000004027a4 in main (argc=3, argv=0x7fffffffe718) at main.c:474
> (gdb) frame 6
> #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> (gdb) l
> 409
> 410 if (conf->checker_name)
> 411 FREE(conf->checker_name);
> 412
> 413 if (conf->prio_name)
> 414 FREE(conf->prio_name);
> 415
> 416 if (conf->checker_name)
> 417 FREE(conf->checker_name);
> 418
Here is another one:
(gdb) bt
#0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
#1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
#2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
#3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
#4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
#5 0x00007ffff7dbc205 in xfree (p=0x604a90) at memory.c:52
#6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
#7 0x00007ffff7dc2b0f in free_hwtable (hwtable=0x604460) at config.c:179
#8 0x00007ffff7dc3684 in free_config (conf=0x604620) at config.c:422
#9 0x00000000004027a4 in main (argc=1, argv=0x7fffffffe738) at main.c:474
(gdb) frame 6
#6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
162 FREE(hwe->prio_name);
(gdb) l
157
158 if (hwe->bl_product)
159 FREE(hwe->bl_product);
160
161 if (hwe->prio_name)
162 FREE(hwe->prio_name);
163
164 if (hwe->checker_name)
165 FREE(hwe->checker_name);
166 FREE(hwe);
The following patch fixes the crashes I saw.
diff --git a/libmultipath/config.c b/libmultipath/config.c
index 6039642..05dbcd2 100644
--- a/libmultipath/config.c
+++ b/libmultipath/config.c
@@ -158,11 +158,6 @@ free_hwe (struct hwentry * hwe)
if (hwe->bl_product)
FREE(hwe->bl_product);
- if (hwe->prio_name)
- FREE(hwe->prio_name);
-
- if (hwe->checker_name)
- FREE(hwe->checker_name);
FREE(hwe);
}
@@ -410,12 +405,6 @@ free_config (struct config * conf)
if (conf->checker_name)
FREE(conf->checker_name);
- if (conf->prio_name)
- FREE(conf->prio_name);
-
- if (conf->checker_name)
- FREE(conf->checker_name);
-
free_blacklist(conf->blist_devnode);
free_blacklist(conf->blist_wwid);
free_blacklist_device(conf->blist_device);
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: fix double frees in recent multipath-tools
2009-04-28 21:54 ` christophe.varoqui
@ 2009-04-28 22:04 ` Mike Snitzer
0 siblings, 0 replies; 4+ messages in thread
From: Mike Snitzer @ 2009-04-28 22:04 UTC (permalink / raw)
To: device-mapper development
Great, I have ~6 additional patches I'm getting ready to push. You had
mentioned that it'd be nice if you could just cherrypick from a git
clone. I've been working on that and hope to have things sorted out
with IT by tomorrow. If not I'll just post the patches to the list.
Mike
On Tue, Apr 28 2009 at 5:54pm -0400,
christophe.varoqui@free.fr <christophe.varoqui@free.fr> wrote:
> Merged as ef341c2fa151b1c5b8ba26633fc28916161a85ff
> ... with due credit.
>
> ----- Mail Original -----
> De: "Mike Snitzer" <snitzer@redhat.com>
> À: "Hannes Reinecke" <hare@suse.de>
> Cc: dm-devel@redhat.com
> Envoyé: Jeudi 23 Avril 2009 03h18:35 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
> Objet: [dm-devel] [PATCH] fix double frees in recent multipath-tools
>
> On Wed, Apr 22 2009 at 6:05pm -0400,
> Mike Snitzer <snitzer@redhat.com> wrote:
>
> >
> > Seems the latest multipath-tools has an issue with a double free. I
> > haven't looked at what the proper fix is yet but I wanted to give others
> > a heads up.
> >
> > Running something as basic as 'multipath' drops a core.
> ...
> > (gdb) bt
> > #0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
> > #1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
> > #2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
> > #3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
> > #4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
> > #5 0x00007ffff7dbc205 in xfree (p=0x60b2e0) at memory.c:52
> > #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> > #7 0x00000000004027a4 in main (argc=3, argv=0x7fffffffe718) at main.c:474
> > (gdb) frame 6
> > #6 0x00007ffff7dc3624 in free_config (conf=0x604620) at config.c:414
> > (gdb) l
> > 409
> > 410 if (conf->checker_name)
> > 411 FREE(conf->checker_name);
> > 412
> > 413 if (conf->prio_name)
> > 414 FREE(conf->prio_name);
> > 415
> > 416 if (conf->checker_name)
> > 417 FREE(conf->checker_name);
> > 418
>
> Here is another one:
>
> (gdb) bt
> #0 0x0000003a6ec32f05 in raise () from /lib64/libc.so.6
> #1 0x0000003a6ec34a73 in abort () from /lib64/libc.so.6
> #2 0x0000003a6ec72438 in __libc_message () from /lib64/libc.so.6
> #3 0x0000003a6ec77ec8 in malloc_printerr () from /lib64/libc.so.6
> #4 0x0000003a6ec7a486 in free () from /lib64/libc.so.6
> #5 0x00007ffff7dbc205 in xfree (p=0x604a90) at memory.c:52
> #6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
> #7 0x00007ffff7dc2b0f in free_hwtable (hwtable=0x604460) at config.c:179
> #8 0x00007ffff7dc3684 in free_config (conf=0x604620) at config.c:422
> #9 0x00000000004027a4 in main (argc=1, argv=0x7fffffffe738) at main.c:474
> (gdb) frame 6
> #6 0x00007ffff7dc2ac2 in free_hwe (hwe=0x604950) at config.c:162
> 162 FREE(hwe->prio_name);
> (gdb) l
> 157
> 158 if (hwe->bl_product)
> 159 FREE(hwe->bl_product);
> 160
> 161 if (hwe->prio_name)
> 162 FREE(hwe->prio_name);
> 163
> 164 if (hwe->checker_name)
> 165 FREE(hwe->checker_name);
> 166 FREE(hwe);
>
>
> The following patch fixes the crashes I saw.
>
> diff --git a/libmultipath/config.c b/libmultipath/config.c
> index 6039642..05dbcd2 100644
> --- a/libmultipath/config.c
> +++ b/libmultipath/config.c
> @@ -158,11 +158,6 @@ free_hwe (struct hwentry * hwe)
> if (hwe->bl_product)
> FREE(hwe->bl_product);
>
> - if (hwe->prio_name)
> - FREE(hwe->prio_name);
> -
> - if (hwe->checker_name)
> - FREE(hwe->checker_name);
> FREE(hwe);
> }
>
> @@ -410,12 +405,6 @@ free_config (struct config * conf)
> if (conf->checker_name)
> FREE(conf->checker_name);
>
> - if (conf->prio_name)
> - FREE(conf->prio_name);
> -
> - if (conf->checker_name)
> - FREE(conf->checker_name);
> -
> free_blacklist(conf->blist_devnode);
> free_blacklist(conf->blist_wwid);
> free_blacklist_device(conf->blist_device);
>
> --
> dm-devel mailing list
> dm-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
>
> --
> dm-devel mailing list
> dm-devel@redhat.com
> https://www.redhat.com/mailman/listinfo/dm-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-04-28 22:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-04-22 22:05 double free in recent multipath-tools Mike Snitzer
2009-04-23 1:18 ` [PATCH] fix double frees " Mike Snitzer
2009-04-28 21:54 ` christophe.varoqui
2009-04-28 22:04 ` Mike Snitzer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.