[LU-9856] NULL pointer dereference in mdd_xattr_list() Created: 10/Aug/17 Updated: 08/May/18 Resolved: 28/Aug/17 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.11.0 |
| Fix Version/s: | Lustre 2.10.1, Lustre 2.11.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | John Hammond | Assignee: | John Hammond |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | mdd | ||
| Issue Links: |
|
||||||||||||
| Rank (Obsolete): | 9223372036854775807 | ||||||||||||
| Description |
|
Running racer on v2_10_51_0-23-gd564bec I see a NULL pointer deference in mdd_xattr_list(): #11 [ffff88001e9d7c10] mdd_xattr_list+736 at ffffffffa0ebaaa0 [mdd]
/root/lustre-release/lustre/mdd/mdd_object.c: 319
#12 [ffff88001e9d7c50] mdt_getxattr+1492 at ffffffffa0f23f04 [mdt]
/root/lustre-release/lustre/include/md_object.h: 440
#13 [ffff88001e9d7ce0] mdt_tgt_getxattr+28 at ffffffffa0f0e55c [mdt]
/root/lustre-release/lustre/mdt/mdt_handler.c: 4630
#14 [ffff88001e9d7d00] tgt_request_handle+2341 at ffffffffa0944a75 [ptlrpc]
/root/lustre-release/lustre/include/lu_target.h: 574
#15 [ffff88001e9d7d48] ptlrpc_server_handle_request+566 at ffffffffa08ed486 [ptlrpc]
/root/lustre-release/lustre/include/lustre_net.h: 2464
#16 [ffff88001e9d7de8] ptlrpc_main+2720 at ffffffffa08f14c0 [ptlrpc]
/root/lustre-release/lustre/ptlrpc/service.c: 2578
#17 [ffff88001e9d7ec8] kthread+207 at ffffffff810b06ff
/usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/kernel/kthread.c: 200
#18 [ffff88001e9d7f50] ret_from_fork+88 at ffffffff81696c98
/usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/arch/x86/kernel/entry_64.S: 369
while (p < end) { char *next = p + strlen(p) + 1; if (strcmp(p, XATTR_NAME_LINK) == 0) { /* HERE */ if (end - next > 0) memmove(p, next, end - next); rc -= next - p; I first saw this when evaluating https://review.whamcloud.com/28223 " |
| Comments |
| Comment by John Hammond [ 10/Aug/17 ] |
|
After reverting |
| Comment by Peter Jones [ 10/Aug/17 ] |
|
Andrew Would you please advise? Thanks Peter |
| Comment by Andrew Perepechko [ 10/Aug/17 ] |
|
Peter, the quoted code (which has no relation to either the xattr cache or It is possible that mdd_list_xattr() is passed the NULL ptr if we only want to know the list size, e.g. via OBD_MD_FLXATTRLS request. The code makes an attempt to parse the buffer and can deref the NULL ptr. It's a bug in
P.S. Sorry for the edits, I'm currently on PTO and not very attentive. |
| Comment by Gerrit Updater [ 10/Aug/17 ] |
|
John L. Hammond (john.hammond@intel.com) uploaded a new patch: https://review.whamcloud.com/28469 |
| Comment by Gerrit Updater [ 28/Aug/17 ] |
|
Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/28469/ |
| Comment by Minh Diep [ 28/Aug/17 ] |
|
Landed for 2.11 |
| Comment by Gerrit Updater [ 28/Aug/17 ] |
|
Minh Diep (minh.diep@intel.com) uploaded a new patch: https://review.whamcloud.com/28766 |
| Comment by Gerrit Updater [ 06/Sep/17 ] |
|
John L. Hammond (john.hammond@intel.com) merged in patch https://review.whamcloud.com/28766/ |