xfs
[Top] [All Lists]

Re: [patch] xfsprogs: repair pagefault due to missed out sanity NULL che

To: xfs@xxxxxxxxxxx
Subject: Re: [patch] xfsprogs: repair pagefault due to missed out sanity NULL check
From: Ajeet Yadav <ajeet.yadav.77@xxxxxxxxx>
Date: Mon, 31 Jan 2011 11:39:15 +0900
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=X83e2z54EGgyU/Og4Np34g5vNAEie4G0btWC6aVBC9E=; b=blwYLi3Ww5pOXKS86pfGAL1eY7LL6rkmOcG8QMJeswqX8n4Q+8k+PYN138hWAMGIoT iPGtQXdrSFD2/t56yWrFYX0JQSanrmWGwL9aQgOd+bMxwFt0NANIHQTiNTpoG8Xwidqz Bx+brAcfQOS2GMlCfBTKPn1dpbV+bhbPpU8rs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=A7xug9igcNfA4a21oCM2B9tlj8r64wGwwZX/lVGaW/IbTFaRJXfJSJ+go6nVMuAFdV mCYi+4F31byiOTmoGSbGaQAXpvZLHq2/IbHiBj37mjcYDc4rZFMqjKNgpKSEC2jq+vXC FRt8RfcBj2hNdiwGZgpteZRu0kRhg08uxT+/Q=
In-reply-to: <AANLkTiktigbHHHsYrxRBja6LxQ3N_gAq_KAoLNYGRB=r@xxxxxxxxxxxxxx>
References: <AANLkTiktigbHHHsYrxRBja6LxQ3N_gAq_KAoLNYGRB=r@xxxxxxxxxxxxxx>
I did not receive any response / review comment on solution patch I sent.

diff -Nurp xfsprogs/repair/dir2.c xfsprogs-dirty/repair/dir2.c

--- xfsprogs/repair/dir2.c 2010-07-16 13:07:09.000000000 +0900

+++ xfsprogs-dirty/repair/dir2.c 2011-01-28 18:49:21.000000000 +0900

@@ -110,9 +110,10 @@ da_read_buf(

bplist[i] = libxfs_readbuf(mp->m_dev,

XFS_FSB_TO_DADDR(mp, bmp[i].startblock),

XFS_FSB_TO_BB(mp, bmp[i].blockcount), 0);

- if (!bplist[i])

+ if (!bplist[i]){

+ nex = i;

goto failed;

-

+ }

pftrace("readbuf %p (%llu, %d)", bplist[i],

(long long)XFS_BUF_ADDR(bplist[i]),

XFS_BUF_COUNT(bplist[i]));

On Fri, Jan 28, 2011 at 8:13 PM, Ajeet Yadav <ajeet.yadav.77@xxxxxxxxx> wrote:
libxfs_putbuf() is called with bp = NULL, resulting in pagefault in libpthread.
 
Function da_read_buf() allocate array of xfs_buf_t *

    xfs_buf_t       **bplist;

    bplist = calloc(nex, sizeof(*bplist));

Read and fill it using  

for (i = 0; i < nex; i++) {
    bplist[i] = libxfs_readbuf()

    if (!bplist[i]){
        goto failed;
    }  

}

failed:
        for (i = 0; i < nex; i++)
                libxfs_putbuf(bplist[i]);

Now assume nex = 10,

1. Will create bplist for 10 array elements.

3. Reading from disk 0,1, 2, 3

4. When reading from disk 4, USB is removed

5. libxfs_readbuf() will at fail, pblist[4] = NULL, goto failed.

6. Since only 4 buffers were read successfully, so only 4 are in lock state.

7.  Error handling will unlock buffer from 1-10

8. Buffer 0-3 were read successfully, hence will have valid pdlist[i]

9. Access pblist[4] == NULL, therefore unlocking will set bp == NULL in libxfs_putbuf(bp);

10. Page fault in libpthread
 
 
Solution patch attached with mail
 
 

<Prev in Thread] Current Thread [Next in Thread>