Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5324

lfsck: possible issue in lfsck_del_target()

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: Lustre 2.6.0
    • Fix Version/s: Lustre 2.6.0
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      14862

      Description

      lfsck_del_target() has the following code around line 2648:

         2648     list_for_each_entry(ltd, head, ltd_orphan_list) {
         2649         if (ltd->ltd_tgt == tgt) {
         2650             list_del_init(&ltd->ltd_orphan_list);
         2651             spin_unlock(&lfsck_instance_lock);
         2652             lfsck_tgt_put(ltd);
         2653 
         2654             return;
         2655         }
         2656     }
      

      If the target is not found, the code continues. Note that at that point, the loop cursor ltd is undefined but not NULL.

      A few lines later, we have

         2671     if (unlikely(index >= ltds->ltd_tgts_bitmap->size))
         2672         goto unlock;
      

      If that path is taken, we do:

         2685     if (ltd == NULL) {
      ...
         2697     }
         2698 
         2699     up_write(&ltds->ltd_rw_sem);
         2700     if (ltd != NULL) {
      ...
      

      But ltd is undefined. So bad things will happen (likely an oops or a memory corruption).

      I think the fix is to either set ltd to NULL, or have a second exit point.

      I don't have a patch for that.

        Attachments

          Activity

            People

            • Assignee:
              yong.fan nasf (Inactive)
              Reporter:
              fzago Frank Zago
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: