Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.6.0
-
None
-
3
-
14862
Description
lfsck_del_target() has the following code around line 2648:
2648 list_for_each_entry(ltd, head, ltd_orphan_list) {
2649 if (ltd->ltd_tgt == tgt) {
2650 list_del_init(<d->ltd_orphan_list);
2651 spin_unlock(&lfsck_instance_lock);
2652 lfsck_tgt_put(ltd);
2653
2654 return;
2655 }
2656 }
If the target is not found, the code continues. Note that at that point, the loop cursor ltd is undefined but not NULL.
A few lines later, we have
2671 if (unlikely(index >= ltds->ltd_tgts_bitmap->size)) 2672 goto unlock;
If that path is taken, we do:
2685 if (ltd == NULL) {
...
2697 }
2698
2699 up_write(<ds->ltd_rw_sem);
2700 if (ltd != NULL) {
...
But ltd is undefined. So bad things will happen (likely an oops or a memory corruption).
I think the fix is to either set ltd to NULL, or have a second exit point.
I don't have a patch for that.