Details
-
Bug
-
Resolution: Fixed
-
Major
-
Lustre 2.17.0
-
3
-
9223372036854775807
Description
highlighted by smatch
This code was there for a while so probably hard to hit, but anyway if you trace the cpts variable lifetime, you'll see the use is like this:
rc = cfs_expr_list_values(el, ncpts, &cpts); ... for (cpt = 0; cpt < ncpts; cpt++) { for (i = 0; i < rc; i++) if (cpts[i] == cpt) break; if (i >= rc) i = cpt % rc; ptlrpcds_cpt_idx[cpt] = i; } ===>>> cfs_expr_list_values_free(cpts, rc); // #define cfs_expr_list_values_free(values, num) CFS_FREE_PTR_ARRAY(values, num) ... a long long bunch of code ... for (i = 0; i < ncpts; i++) { if (cpts == NULL) cpt = i; else cpt = cpts[i];
and at that point if we did go into the above allocation (that could only happen if you set ptlrpcd_cpts module parameter).
This was introduced all the way back in 2015 with the original patch adding this functionality: http://review.whamcloud.com/13972
I guess it only did not blow up much because we rarely if ever use ptlrpcd_cpts parameter?
Attachments
Issue Links
- is related to
-
-
- Resolved
-