xfs
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[patch] xfsprogs: repair pagefault due to missed out sanity NULL check

from [Ajeet Yadav] [Permanent Link][Original]
To: xfs@xxxxxxxxxxx
Subject: [patch] xfsprogs: repair pagefault due to missed out sanity NULL check
From: Ajeet Yadav <ajeet.yadav.77@xxxxxxxxx>
Date: Fri, 28 Jan 2011 20:13:04 +0900
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=lH976KZ0LkNH6F/ln0+ktDBX+T6J1sYu5goTexf33Fk=; b=Lrvgga+xiurJbzOw88SEMrjhkRvXOrKzpfkp9hC4QhFLSnXskBgWm0Fi/jqPkLxTpe nZIjnXo++hhW0Pqq7IdBZyl1xQFcFt2XUwpgJu2T2k2Ox2lbr1Qdx2Y52KUxHDFpxioq ys8S3kaGKpM177DoPYz3+TIferTyVytrpjf6M=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=IH8PNYCWow7roMra2k6gTCTO+ogMhzBuUpYRClzDSFfJXAixsyGd1v/XaSKtr2X36M 7Mm1hGKybo+kNONZRZwBzS0434JRuiQsCJMb8DV81hKA2oEPipsi8p+2eN6+9pHQXtm2 mvkIuQOic7UmazOZ8BHdfTggFSRl/Yb/Sltmg=
libxfs_putbuf() is called with bp = NULL, resulting in pagefault in libpthread.
 
Function da_read_buf() allocate array of xfs_buf_t *

    xfs_buf_t       **bplist;

    bplist = calloc(nex, sizeof(*bplist));

Read and fill it using  

for (i = 0; i < nex; i++) {
    bplist[i] = libxfs_readbuf()

    if (!bplist[i]){
        goto failed;
    }  

}

failed:
        for (i = 0; i < nex; i++)
                libxfs_putbuf(bplist[i]);

Now assume nex = 10,

1. Will create bplist for 10 array elements.

3. Reading from disk 0,1, 2, 3

4. When reading from disk 4, USB is removed

5. libxfs_readbuf() will at fail, pblist[4] = NULL, goto failed.

6. Since only 4 buffers were read successfully, so only 4 are in lock state.

7.  Error handling will unlock buffer from 1-10

8. Buffer 0-3 were read successfully, hence will have valid pdlist[i]

9. Access pblist[4] == NULL, therefore unlocking will set bp == NULL in libxfs_putbuf(bp);

10. Page fault in libpthread
 
 
Solution patch attached with mail
 
 

Attachment: xfs_repair_da_read_buf_failed_unlock_fix.patch
Description: Binary data

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: xfs: very slow after mount, very slow at umount, Dave Chinner
Next by Date:  [patch] xfsprogs: repair never return if device removed, Ajeet Yadav
Previous by Thread:  XFS Preallocation, Jef Fox
Next by Thread:  Re: [patch] xfsprogs: repair pagefault due to missed out sanity NULL check, Ajeet Yadav
Indexes:  [Date] [Thread] [Top] [All Lists]