[patch] xfsprogs: repair pagefault due to missed out sanity NULL check
Ajeet Yadav
ajeet.yadav.77 at gmail.com
Fri Jan 28 05:13:04 CST 2011
libxfs_putbuf() is called with bp = NULL, resulting in pagefault in
libpthread.
Function da_read_buf() allocate array of xfs_buf_t *
* xfs_buf_t **bplist;*
* bplist = calloc(nex, sizeof(*bplist));*
Read and fill it using
*for (i = 0; i < nex; i++) {
bplist[i] = libxfs_readbuf()*
* if (!bplist[i]){
goto failed;
} *
*}*
*failed:
for (i = 0; i < nex; i++)
libxfs_putbuf(bplist[i]);*
Now assume nex = 10,
1. Will create bplist for 10 array elements.
3. Reading from disk 0,1, 2, 3
4. When reading from disk 4, USB is removed
5. libxfs_readbuf() will at fail, pblist[4] = NULL, goto failed.
6. Since only 4 buffers were read successfully, so only 4 are in lock state.
7. Error handling will unlock buffer from 1-10
8. Buffer 0-3 were read successfully, hence will have valid pdlist[i]
9. Access pblist[4] == NULL, therefore unlocking will set bp == NULL in
libxfs_putbuf(bp);
10. Page fault in libpthread
Solution patch attached with mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://oss.sgi.com/pipermail/xfs/attachments/20110128/d4e821e9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xfs_repair_da_read_buf_failed_unlock_fix.patch
Type: application/octet-stream
Size: 580 bytes
Desc: not available
URL: <http://oss.sgi.com/pipermail/xfs/attachments/20110128/d4e821e9/attachment.dll>
More information about the xfs
mailing list