From: zkabelac@sourceware.org <zkabelac@sourceware.org>
To: lvm-devel@redhat.com
Subject: LVM2 ./WHATS_NEW lib/cache/lvmcache.c
Date: 29 Mar 2011 21:34:19 -0000 [thread overview]
Message-ID: <20110329213419.30234.qmail@sourceware.org> (raw)
CVSROOT: /cvs/lvm2
Module name: LVM2
Changes by: zkabelac at sourceware.org 2011-03-29 21:34:18
Modified files:
. : WHATS_NEW
lib/cache : lvmcache.c
Log message:
Fix access to released memory
Invalid primary_vginfo was supposed to move all its lvmcache_infos to
orphan_vginfo - however it has called _drop_vginfo() inside the loop
that released primary_vginfo itself - thus made the loop using released
memory.
Use _vginfo_detach_info() instead and call _drop_vginfo after
th loop is finished.
Valgrind trace it should fix:
Invalid read of size 8
at 0x41E960: _lvmcache_update_vgname (lvmcache.c:1229)
by 0x41EF86: lvmcache_update_vgname_and_id (lvmcache.c:1360)
by 0x441393: _text_read (text_label.c:329)
by 0x442221: label_read (label.c:289)
by 0x41CF92: lvmcache_label_scan (lvmcache.c:635)
by 0x45B303: _vg_read_by_vgid (metadata.c:3342)
by 0x45B4A6: lv_from_lvid (metadata.c:3381)
by 0x41B555: lv_activation_filter (activate.c:1346)
by 0x415868: do_activate_lv (lvm-functions.c:343)
by 0x415E8C: do_lock_lv (lvm-functions.c:532)
by 0x40FD5F: do_command (clvmd-command.c:120)
by 0x413D7B: process_local_command (clvmd.c:1686)
Address 0x63eba10 is 16 bytes inside a block of size 160 free'd
at 0x4C2756E: free (vg_replace_malloc.c:366)
by 0x41DE70: _free_vginfo (lvmcache.c:980)
by 0x41DEDA: _drop_vginfo (lvmcache.c:998)
by 0x41E854: _lvmcache_update_vgname (lvmcache.c:1238)
by 0x41EF86: lvmcache_update_vgname_and_id (lvmcache.c:1360)
by 0x441393: _text_read (text_label.c:329)
by 0x442221: label_read (label.c:289)
by 0x41CF92: lvmcache_label_scan (lvmcache.c:635)
by 0x45B303: _vg_read_by_vgid (metadata.c:3342)
by 0x45B4A6: lv_from_lvid (metadata.c:3381)
by 0x41B555: lv_activation_filter (activate.c:1346)
by 0x415868: do_activate_lv (lvm-functions.c:343)
problematic line:
dm_list_iterate_items_safe(info2, info3, &primary_vginfo->infos)
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/LVM2/WHATS_NEW.diff?cvsroot=lvm2&r1=1.1960&r2=1.1961
http://sourceware.org/cgi-bin/cvsweb.cgi/LVM2/lib/cache/lvmcache.c.diff?cvsroot=lvm2&r1=1.107&r2=1.108
--- LVM2/WHATS_NEW 2011/03/29 21:05:39 1.1960
+++ LVM2/WHATS_NEW 2011/03/29 21:34:18 1.1961
@@ -1,5 +1,6 @@
Version 2.02.85 -
===================================
+ Fix lvmcache_info transfer to orphan_vginfo in _lvmcache_update_vgname().
Fix -Wold-style-definition gcc warnings.
Fixes for lvconvert (including --repair) of temporary mirror stacks.
Mitigate annoying error warning from device is usable check if run as non-root.
--- LVM2/lib/cache/lvmcache.c 2011/03/13 23:01:08 1.107
+++ LVM2/lib/cache/lvmcache.c 2011/03/29 21:34:18 1.108
@@ -1107,17 +1107,17 @@
* Otherwise we risk bogus warnings of duplicate VGs.
*/
while ((primary_vginfo = vginfo_from_vgname(vgname, NULL)) &&
- _scanning_in_progress && _vginfo_is_invalid(primary_vginfo))
+ _scanning_in_progress && _vginfo_is_invalid(primary_vginfo)) {
+ orphan_vginfo = vginfo_from_vgname(primary_vginfo->fmt->orphan_vg_name, NULL);
+ if (!orphan_vginfo) {
+ log_error(INTERNAL_ERROR "Orphan vginfo %s lost from cache.",
+ primary_vginfo->fmt->orphan_vg_name);
+ dm_free(vginfo->vgname);
+ dm_free(vginfo);
+ return 0;
+ }
dm_list_iterate_items_safe(info2, info3, &primary_vginfo->infos) {
- orphan_vginfo = vginfo_from_vgname(primary_vginfo->fmt->orphan_vg_name, NULL);
- if (!orphan_vginfo) {
- log_error(INTERNAL_ERROR "Orphan vginfo %s lost from cache.",
- primary_vginfo->fmt->orphan_vg_name);
- dm_free(vginfo->vgname);
- dm_free(vginfo);
- return 0;
- }
- _drop_vginfo(info2, primary_vginfo);
+ _vginfo_detach_info(info2);
_vginfo_attach_info(orphan_vginfo, info2);
if (info2->mdas.n)
sprintf(mdabuf, " with %u mdas",
@@ -1129,6 +1129,10 @@
vgname, orphan_vginfo->vgid[0] ? " (" : "",
orphan_vginfo->vgid[0] ? orphan_vginfo->vgid : "",
orphan_vginfo->vgid[0] ? ")" : "", mdabuf);
+ }
+
+ if (!_drop_vginfo(NULL, primary_vginfo))
+ return_0;
}
if (!_insert_vginfo(vginfo, vgid, vgstatus, creation_host,
next reply other threads:[~2011-03-29 21:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-29 21:34 zkabelac [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-03-10 3:03 LVM2 ./WHATS_NEW lib/cache/lvmcache.c agk
2010-12-01 10:39 zkabelac
2010-03-31 17:20 mbroz
2009-10-22 17:33 agk
2009-02-17 18:56 agk
2008-11-27 18:13 agk
2008-06-11 11:02 agk
2008-06-09 16:22 agk
2008-05-08 18:28 agk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110329213419.30234.qmail@sourceware.org \
--to=zkabelac@sourceware.org \
--cc=lvm-devel@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.