https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-9856 Lustre <p>Running racer on <tt>v2_10_51_0-23-gd564bec</tt> I see a NULL pointer deference in <tt>mdd_xattr_list()</tt>:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>#11 [ffff88001e9d7c10] mdd_xattr_list+736 at ffffffffa0ebaaa0 [mdd] /root/lustre-release/lustre/mdd/mdd_object.c: 319 #12 [ffff88001e9d7c50] mdt_getxattr+1492 at ffffffffa0f23f04 [mdt] /root/lustre-release/lustre/include/md_object.h: 440 #13 [ffff88001e9d7ce0] mdt_tgt_getxattr+28 at ffffffffa0f0e55c [mdt] /root/lustre-release/lustre/mdt/mdt_handler.c: 4630 #14 [ffff88001e9d7d00] tgt_request_handle+2341 at ffffffffa0944a75 [ptlrpc] /root/lustre-release/lustre/include/lu_target.h: 574 #15 [ffff88001e9d7d48] ptlrpc_server_handle_request+566 at ffffffffa08ed486 [ptlrpc] /root/lustre-release/lustre/include/lustre_net.h: 2464 #16 [ffff88001e9d7de8] ptlrpc_main+2720 at ffffffffa08f14c0 [ptlrpc] /root/lustre-release/lustre/ptlrpc/service.c: 2578 #17 [ffff88001e9d7ec8] kthread+207 at ffffffff810b06ff /usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/kernel/kthread.c: 200 #18 [ffff88001e9d7f50] ret_from_fork+88 at ffffffff81696c98 /usr/src/debug/kernel-3.10.0-514.10.2.el7/linux-3.10.0-514.10.2.el7.lustre.x86_64/arch/x86/kernel/entry_64.S: 369 </pre> </div></div> <div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent"> <pre class="code-java"> <span class="code-keyword">while</span> (p &lt; end) { <span class="code-object">char</span> *next = p + strlen(p) + 1; <span class="code-keyword">if</span> (strcmp(p, XATTR_NAME_LINK) == 0) { <span class="code-comment">/* HERE */</span> <span class="code-keyword">if</span> (end - next &gt; 0) memmove(p, next, end - next); rc -= next - p; </pre> </div></div> <p>I first saw this when evaluating <a href="https://review.whamcloud.com/28223" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28223</a> "<a href="https://jira.whamcloud.com/browse/LU-9417" title="xattr cache memory usage can be reduced" class="issue-link" data-issue-key="LU-9417"><del>LU-9417</del></a> mdc: excessive memory consumption by the xattr cache" for landing on <tt>b2_10</tt> along with some other changes which are unlikely to have introduced this. So think that <a href="https://jira.whamcloud.com/browse/LU-9417" title="xattr cache memory usage can be reduced" class="issue-link" data-issue-key="LU-9417"><del>LU-9417</del></a> (which is a client side only change) is likely to have uncovered this bug.</p> LU-9856

NULL pointer dereference in mdd_xattr_list()

Bug Minor Resolved Fixed John Hammond John Hammond mdd Thu, 10 Aug 2017 15:23:54 +0000 Tue, 8 May 2018 23:51:17 +0000 Mon, 28 Aug 2017 18:30:06 +0000 Lustre 2.11.0 Lustre 2.10.1 Lustre 2.11.0 0 5 <p>After reverting <a href="https://jira.whamcloud.com/browse/LU-9417" title="xattr cache memory usage can be reduced" class="issue-link" data-issue-key="LU-9417"><del>LU-9417</del></a> from my batch of test changes I no longer see this.</p> <p>Andrew</p> <p>Would you please advise?</p> <p>Thanks</p> <p>Peter</p> <p>Peter, the quoted code (which has no relation to either the xattr cache or <a href="https://jira.whamcloud.com/browse/LU-9417" title="xattr cache memory usage can be reduced" class="issue-link" data-issue-key="LU-9417"><del>LU-9417</del></a> in particular) does not look right.</p> <p>It is possible that mdd_list_xattr() is passed the NULL ptr if we only want to know the list size, e.g. via OBD_MD_FLXATTRLS request. The code makes an attempt to parse the buffer and can deref the NULL ptr. It's a bug in <a href="https://jira.whamcloud.com/browse/LU-6027" title="Issues with EAs of orphan files and EAs with empty values" class="issue-link" data-issue-key="LU-6027"><del>LU-6027</del></a>.</p> <p><a href="https://jira.whamcloud.com/browse/LU-9417" title="xattr cache memory usage can be reduced" class="issue-link" data-issue-key="LU-9417"><del>LU-9417</del></a> falls back to non-cached xattr requests when it encounters really large xattr blobs. That's a valid case and should not cause server crashes.</p> <p>P.S. Sorry for the edits, I'm currently on PTO and not very attentive.</p> <p>John L. Hammond (john.hammond@intel.com) uploaded a new patch: <a href="https://review.whamcloud.com/28469" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28469</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9856" title="NULL pointer dereference in mdd_xattr_list()" class="issue-link" data-issue-key="LU-9856"><del>LU-9856</del></a> mdd: handle NULL buffer in mdd_xattr_list()<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: b9184d37a514918b7a0a4ac8d1963c2db4c0a101</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/28469/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28469/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9856" title="NULL pointer dereference in mdd_xattr_list()" class="issue-link" data-issue-key="LU-9856"><del>LU-9856</del></a> mdd: handle NULL buffer in mdd_xattr_list()<br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: 33a4b5ef00e88b33136d09d2f4029223a3c4d681</p> <p>Landed for 2.11</p> <p>Minh Diep (minh.diep@intel.com) uploaded a new patch: <a href="https://review.whamcloud.com/28766" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28766</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9856" title="NULL pointer dereference in mdd_xattr_list()" class="issue-link" data-issue-key="LU-9856"><del>LU-9856</del></a> mdd: handle NULL buffer in mdd_xattr_list()<br/> Project: fs/lustre-release<br/> Branch: b2_10<br/> Current Patch Set: 1<br/> Commit: a7a63cb2e5d20451f87d83e802dbfd63a24d9dba</p> <p>John L. Hammond (john.hammond@intel.com) merged in patch <a href="https://review.whamcloud.com/28766/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/28766/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9856" title="NULL pointer dereference in mdd_xattr_list()" class="issue-link" data-issue-key="LU-9856"><del>LU-9856</del></a> mdd: handle NULL buffer in mdd_xattr_list()<br/> Project: fs/lustre-release<br/> Branch: b2_10<br/> Current Patch Set: <br/> Commit: 8e2cd001a9640c5e9959341c5af6da680c609eee</p> Related LU-10912 LU-9417 Development Rank 1|hzzi8v: Rank (Obsolete) 9223372036854775807