Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
3
-
9223372036854775807
Description
Issue reported on lustre-devel by Caifeng Zhu <caifeng_zhu@163.com>:
It seems osp_md_index_it_next() have a bug. Consider the case that 'ent' is non-NULL and points to the last entry in the current index page. In this case, a
new index page will be loaded with osp_it_next_page() and after the loading,
'ent' remains intact. The entry retrieving based on 'ent' is wrong. Even
worse, it may cause kernel crash by accessing an unmaped page.
They also proposed a patch:
diff --git a/lustre/osp/osp_md_object.c b/lustre/osp/osp_md_object.c index 975249d498..88f3cb0002 100644 --- a/lustre/osp/osp_md_object.c +++ b/lustre/osp/osp_md_object.c @@ -663,7 +663,7 @@ static int osp_md_index_it_next(const struct lu_env *env, struct dt_it *di) { struct osp_it *it = (struct osp_it *)di; struct lu_idxpage *idxpage; - struct lu_dirent *ent = (struct lu_dirent *)it->ooi_ent; + struct lu_dirent *ent; int rc; ENTRY; @@ -674,7 +674,7 @@ again: RETURN(1); it->ooi_pos_ent++; - if (ent == NULL) { + if ((ent = (struct lu_dirent *)it->ooi_ent) == NULL) { it->ooi_ent = (struct lu_dirent *)idxpage->lip_entries; RETURN(0);