[LU-5324] lfsck: possible issue in lfsck_del_target() Created: 10/Jul/14  Updated: 14/Jul/14  Resolved: 14/Jul/14

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.6.0
Fix Version/s: Lustre 2.6.0

Type: Bug Priority: Minor
Reporter: Frank Zago (Inactive) Assignee: nasf (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Severity: 3
Rank (Obsolete): 14862

 Description   

lfsck_del_target() has the following code around line 2648:

   2648     list_for_each_entry(ltd, head, ltd_orphan_list) {
   2649         if (ltd->ltd_tgt == tgt) {
   2650             list_del_init(&ltd->ltd_orphan_list);
   2651             spin_unlock(&lfsck_instance_lock);
   2652             lfsck_tgt_put(ltd);
   2653 
   2654             return;
   2655         }
   2656     }

If the target is not found, the code continues. Note that at that point, the loop cursor ltd is undefined but not NULL.

A few lines later, we have

   2671     if (unlikely(index >= ltds->ltd_tgts_bitmap->size))
   2672         goto unlock;

If that path is taken, we do:

   2685     if (ltd == NULL) {
...
   2697     }
   2698 
   2699     up_write(&ltds->ltd_rw_sem);
   2700     if (ltd != NULL) {
...

But ltd is undefined. So bad things will happen (likely an oops or a memory corruption).

I think the fix is to either set ltd to NULL, or have a second exit point.

I don't have a patch for that.

 Comments   
Comment by nasf (Inactive) [ 10/Jul/14 ]

Thanks Frank to catch it! I will make a patch to fix that.

Comment by nasf (Inactive) [ 11/Jul/14 ]

Here is the patch:

http://review.whamcloud.com/#/c/11060/

Comment by Jodi Levi (Inactive) [ 14/Jul/14 ]

Patch landed to b2_6.

Generated at Sat Feb 10 01:50:30 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.