From mboxrd@z Thu Jan  1 00:00:00 1970
From: Martin Wilck <mwilck@suse.com>
Subject: Re: [PATCH] libmultipath: set mpp->hwe NULL when
	free_path
Date: Mon, 21 Sep 2020 15:13:19 +0200
Message-ID: <086b1a910ca2dca5301fc2ce5c4e613783012146.camel@suse.com>
References: <339cc79b-a7f1-62f0-5bb6-f07f436e9725@huawei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <dm-devel-bounces@redhat.com>
In-Reply-To: <339cc79b-a7f1-62f0-5bb6-f07f436e9725@huawei.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/dm-devel>,
	<mailto:dm-devel-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/dm-devel>
List-Post: <mailto:dm-devel@redhat.com>
List-Help: <mailto:dm-devel-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/dm-devel>,
	<mailto:dm-devel-request@redhat.com?subject=subscribe>
Sender: dm-devel-bounces@redhat.com
Errors-To: dm-devel-bounces@redhat.com
To: lixiaokeng <lixiaokeng@huawei.com>, Benjamin Marzinski <bmarzins@redhat.com>, Christophe Varoqui <christophe.varoqui@opensvc.com>, dm-devel mailing list <dm-devel@redhat.com>
Cc: linfeilong <linfeilong@huawei.com>, "liuzhiqiang
	(I)" <liuzhiqiang26@huawei.com>, lutianxiong@huawei.com
List-Id: dm-devel.ids

On Mon, 2020-09-21 at 19:04 +0800, lixiaokeng wrote:
> Here the segfault causes in select_pgfailback again. As show:
> 
> Core was generated by `/sbin/multipathd -d -s'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x0000ffffa2eb4a20 in select_pgfailback (conf=conf@entry=0xaaaaf89
> d0dd0, mp=mp@entry=0xffff88006be0) at propsel.c:199
> 199 mp_set_hwe(pgfailback);
> 
> 0 0x0000ffffa2eb4a20 in select_pgfailback (conf=conf@entry=0xaaaaf89d
> 0dd0, mp=mp@entry=0xffff88006be0) at propsel.c:199
> 1 0x0000ffffa2ec97bc in setup_map (mpp=0xaaaae4ff5000, params=0x1
> <error: Cannot access memory at address 0x1>, params_size=65535,
> vecs=0xaaaae4fdc0a8) at configure.c:294
> 2 0x0000aaaae4fd0830 in ev_add_path (pp=0xffff880190b0,
> vecs=0xaaaaf89d0630, need_do_map=1) at main.c:1017
> 3 0x0000aaaae4fd0d04 in uev_add_path (uev=0xffffa24adf40,
> vecs=0xffffa24ad000, need_do_map=-278187383) at main.c:916
> 4 0x0000aaaae4fd1790 in uev_trigger (uev=0xffffa24adf40,
> trigger_data=0xffffa24ad410) at main.c:1490
> 5 0x0000ffffa2ec00cc in service_uevq (tmpq=tmpq@entry=0xffffa24ad618)
> at uevent.c:390
> 6 0x0000ffffa2ec01d4 in uevent_dispatch (uev_trigger=<optimized out>,
> trigger_data=<optimized out>) at uevent.c:446
> 7 0x0000aaaae4fce56c in uevqloop (ap=0xffffe42a5d50) at main.c:1523
> 8 0x0000ffffa2d9e7ac in start_thread (arg=0xffffa2595380) at
> pthread_create.c:486
> 9 0x0000ffffa2b577dc in thread_start () at
> ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
> 
> (gdb) bt
> (gdb) p *mp->hwe
> $2 = {allocated = 1937339183, slot = 0x616c702f73656369}
> 
> Here we set mpp->hwe NULL in free_path if mpp->hwe == pp->hwe.
> 
> Reported-by: Tianxiong Lu <lutianxiong@huawei.com>
> Signed-off-by:lixiaokeng <lixiaokeng@huawei.com>

Thanks for the report and patch.

We need to fix this for good, which means: no more sharing of pointers
between pp->hwe and mpp-hwe. Please test with my recent patch
"libmultipath: copy mpp->hwe from pp->hwe".

Martin