dm-devel.redhat.com archive mirror
 help / color / mirror / Atom feed
* libmultipath: fix null dereference
@ 2020-07-23  1:11 lutianxiong
  2020-08-05 21:28 ` Martin Wilck
  0 siblings, 1 reply; 3+ messages in thread
From: lutianxiong @ 2020-07-23  1:11 UTC (permalink / raw)
  To: christophe.varoqui, mwilck; +Cc: dm-devel, Liaoqingwei


[-- Attachment #1.1: Type: text/plain, Size: 2214 bytes --]

Hi
I got a multipath segfault while running iscsi login/logout and following scripts in parallel:

#!/bin/bash

interval=1
while true
do
              multipath -F &> /dev/null
              multipath -r &> /dev/null
              multipath -v2 &> /dev/null
              multipath -ll &> /dev/null
              sleep $interval
done

This is the debuginfo:
#0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0) at nvme.c:801
801              if (strcmp("disk", udev_device_get_devtype(ud)))
(gdb) bt
#0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0) at nvme.c:801
#1  0x00007f3806687a44 in add_foreign (udev=0x55d1569bafd0) at foreign.c:299
#2  0x00007f3806665abf in is_claimed_by_foreign (ud=<optimized out>) at foreign.h:316
#3  pathinfo (pp=0x55d1569e9f50, conf=0x55d1569b92d0, mask=69) at discovery.c:2064
#4  0x000055d154c91cbb in check_usable_paths (conf=0x55d1569b92d0, devpath=0x55d1569e3200 "dm-6", dev_type=<optimized out>) at main.c:368
#5  0x000055d154c910a5 in main (argc=3, argv=<optimized out>) at main.c:1057

In add() at libmultipath/foreign/nvme.c, udev_device_get_devtype(ud) return a NULL pointer then dereferenced.
Here, NULL check is needed.



Check if udev_device_get_devtype return NULL before dereferencing it.

Signed-off-by: lutianxiong <lutianxiong@huawei.com>
---
libmultipath/foreign/nvme.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libmultipath/foreign/nvme.c b/libmultipath/foreign/nvme.c
index 09cdddf0..f1da1dcd 100644
--- a/libmultipath/foreign/nvme.c
+++ b/libmultipath/foreign/nvme.c
@@ -793,12 +793,14 @@ int add(struct context *ctx, struct udev_device *ud)
{
        struct udev_device *subsys;
        int rc;
+       const char *devtype;

        condlog(5, "%s called for \"%s\"", __func__, THIS);

        if (ud == NULL)
                return FOREIGN_ERR;
-       if (strcmp("disk", udev_device_get_devtype(ud)))
+       if ((devtype = udev_device_get_devtype(ud)) == NULL ||
+                       strcmp("disk", devtype))
                return FOREIGN_IGNORED;

        subsys = udev_device_get_parent_with_subsystem_devtype(ud,
--
2.23.0

[-- Attachment #1.2: Type: text/html, Size: 10957 bytes --]

[-- Attachment #2: Type: text/plain, Size: 0 bytes --]



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: libmultipath: fix null dereference
  2020-07-23  1:11 libmultipath: fix null dereference lutianxiong
@ 2020-08-05 21:28 ` Martin Wilck
  2020-08-05 21:31   ` Martin Wilck
  0 siblings, 1 reply; 3+ messages in thread
From: Martin Wilck @ 2020-08-05 21:28 UTC (permalink / raw)
  To: lutianxiong, christophe.varoqui; +Cc: dm-devel, Liaoqingwei

On Thu, 2020-07-23 at 01:11 +0000, lutianxiong wrote:
> Hi
> I got a multipath segfault while running iscsi login/logout and
> following scripts in parallel:
>  
> #!/bin/bash
> interval=1
> while true
> do
>               multipath -F &> /dev/null
>               multipath -r &> /dev/null
>               multipath -v2 &> /dev/null
>               multipath -ll &> /dev/null
>               sleep $interval
> done
>  
> This is the debuginfo:
> #0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0)
> at nvme.c:801
> 801              if (strcmp("disk", udev_device_get_devtype(ud)))
> (gdb) bt
> #0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0)
> at nvme.c:801
> #1  0x00007f3806687a44 in add_foreign (udev=0x55d1569bafd0) at
> foreign.c:299
> #2  0x00007f3806665abf in is_claimed_by_foreign (ud=<optimized out>)
> at foreign.h:316
> #3  pathinfo (pp=0x55d1569e9f50, conf=0x55d1569b92d0, mask=69) at
> discovery.c:2064
> #4  0x000055d154c91cbb in check_usable_paths (conf=0x55d1569b92d0,
> devpath=0x55d1569e3200 "dm-6", dev_type=<optimized out>) at
> main.c:368
> #5  0x000055d154c910a5 in main (argc=3, argv=<optimized out>) at
> main.c:1057
>  
> In add() at libmultipath/foreign/nvme.c, udev_device_get_devtype(ud)
> return a NULL pointer then dereferenced.
> Here, NULL check is needed.
>  
>  
>  
> Check if udev_device_get_devtype return NULL before dereferencing it.
>  
> Signed-off-by: lutianxiong <lutianxiong@huawei.com>

Thanks, this looks correct. But could you please resend in proper
format? The patch is corrupt, looks like mangled whitespace.

Martin

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: libmultipath: fix null dereference
  2020-08-05 21:28 ` Martin Wilck
@ 2020-08-05 21:31   ` Martin Wilck
  0 siblings, 0 replies; 3+ messages in thread
From: Martin Wilck @ 2020-08-05 21:31 UTC (permalink / raw)
  To: lutianxiong, christophe.varoqui; +Cc: dm-devel, Liaoqingwei

On Wed, 2020-08-05 at 23:28 +0200, Martin Wilck wrote:
> On Thu, 2020-07-23 at 01:11 +0000, lutianxiong wrote:
> > 
> > Check if udev_device_get_devtype return NULL before dereferencing
> > it.
> >  
> > Signed-off-by: lutianxiong <lutianxiong@huawei.com>
> 
> Thanks, this looks correct. But could you please resend in proper
> format? The patch is corrupt, looks like mangled whitespace.
> 

I just saw that you did already, so forget about my previous request,
and thanks again.

Martin

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-05 21:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-23  1:11 libmultipath: fix null dereference lutianxiong
2020-08-05 21:28 ` Martin Wilck
2020-08-05 21:31   ` Martin Wilck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).