Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9856

NULL pointer dereference in mdd_xattr_list()

    XMLWordPrintable

Details

    • 9223372036854775807

    Description

      Running racer on v2_10_51_0-23-gd564bec I see a NULL pointer deference in mdd_xattr_list():

      #11 [ffff88001e9d7c10] mdd_xattr_list+736 at ffffffffa0ebaaa0 [mdd]
          /root/lustre-release/lustre/mdd/mdd_object.c: 319
      #12 [ffff88001e9d7c50] mdt_getxattr+1492 at ffffffffa0f23f04 [mdt]
          /root/lustre-release/lustre/include/md_object.h: 440
      #13 [ffff88001e9d7ce0] mdt_tgt_getxattr+28 at ffffffffa0f0e55c [mdt]
          /root/lustre-release/lustre/mdt/mdt_handler.c: 4630
      #14 [ffff88001e9d7d00] tgt_request_handle+2341 at ffffffffa0944a75 [ptlrpc]
          /root/lustre-release/lustre/include/lu_target.h: 574
      #15 [ffff88001e9d7d48] ptlrpc_server_handle_request+566 at ffffffffa08ed486 [ptlrpc]
          /root/lustre-release/lustre/include/lustre_net.h: 2464
      #16 [ffff88001e9d7de8] ptlrpc_main+2720 at ffffffffa08f14c0 [ptlrpc]
          /root/lustre-release/lustre/ptlrpc/service.c: 2578
      #17 [ffff88001e9d7ec8] kthread+207 at ffffffff810b06ff
          /usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/kernel/kthread.c: 200
      #18 [ffff88001e9d7f50] ret_from_fork+88 at ffffffff81696c98
          /usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/arch/x86/kernel/entry_64.S: 369
      
                      while (p < end) {
                              char   *next = p + strlen(p) + 1;
      
                              if (strcmp(p, XATTR_NAME_LINK) == 0) { /* HERE */
                                      if (end - next > 0)
                                              memmove(p, next, end - next);
                                      rc -= next - p;
      

      I first saw this when evaluating https://review.whamcloud.com/28223 "LU-9417 mdc: excessive memory consumption by the xattr cache" for landing on b2_10 along with some other changes which are unlikely to have introduced this. So think that LU-9417 (which is a client side only change) is likely to have uncovered this bug.

      Attachments

        Issue Links

          Activity

            People

              jhammond John Hammond
              jhammond John Hammond
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: