* [PATCH 1/2] nfsrahead: zero-initialise device_info struct
2026-03-09 14:50 [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Aaron Tomlin
@ 2026-03-09 14:50 ` Aaron Tomlin
2026-03-09 14:50 ` [PATCH 2/2] nfsrahead: quieten misleading error for non-NFS block devices Aaron Tomlin
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Aaron Tomlin @ 2026-03-09 14:50 UTC (permalink / raw)
To: steved, tbecker; +Cc: yi.zhang, linux-nfs
A recent commit introduced a fast-path rejection mechanism to prevent
udev worker thread exhaustion. However, this optimisation exposed a bug
in the initialisation of the device_info struct in main().
When the fast-path is triggered (e.g., for a physical block device like
8:16), get_device_info() instantly returns -ENODEV. Because this early
exit occurs before get_mountinfo() is invoked, init_device_info() is
never called.
Consequently, the device_info struct remains populated with
uninitialised stack memory. When main() catches the error and jumps to
the cleanup path, free_device_info() attempts to call free() on garbage
pointers, resulting in a glibc abort(3).
Fix this by explicitly zero-initialising the device_info struct at
declaration, preventing the cleanup path from freeing uninitialised
memory during an early exit.
Fixes: 0f5fe65d ("nfsrahead: fix udev worker exhaustion by skipping non-NFS devices")
Reported-by: Yi Zhang <yi.zhang@redhat.com>
Signed-off-by: Aaron Tomlin <atomlin@atomlin.com>
---
tools/nfsrahead/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/nfsrahead/main.c b/tools/nfsrahead/main.c
index 78cd2581..33487f37 100644
--- a/tools/nfsrahead/main.c
+++ b/tools/nfsrahead/main.c
@@ -191,7 +191,7 @@ static int conf_get_readahead(const char *kind) {
int main(int argc, char **argv)
{
int ret = 0, opt;
- struct device_info device;
+ struct device_info device = { 0 };
unsigned int readahead = 128, log_level, log_stderr = 0;
--
2.51.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* [PATCH 2/2] nfsrahead: quieten misleading error for non-NFS block devices
2026-03-09 14:50 [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Aaron Tomlin
2026-03-09 14:50 ` [PATCH 1/2] nfsrahead: zero-initialise device_info struct Aaron Tomlin
@ 2026-03-09 14:50 ` Aaron Tomlin
2026-03-11 8:27 ` [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Yi Zhang
2026-03-12 12:50 ` Steve Dickson
3 siblings, 0 replies; 7+ messages in thread
From: Aaron Tomlin @ 2026-03-09 14:50 UTC (permalink / raw)
To: steved, tbecker; +Cc: yi.zhang, linux-nfs
When get_device_info() evaluates a physical block device via the
fast-path rejection logic, it deliberately returns -ENODEV.
Previously, main() handled this by logging a D_GENERAL error ("unable to
find device"). Because udev invokes nfsrahead for all block devices
across the system, this results in misleading journal spam for devices
that were intentionally skipped, rather than genuinely missing.
Update the error handling logic in main() to explicitly catch the
-ENODEV return code. When encountered, log a more accurate "skipping
non-NFS device" message at the D_ALL debugging level. This prevents
unnecessary journal noise whilst maintaining the existing behaviour of
returning the errno exit status.
Signed-off-by: Aaron Tomlin <atomlin@atomlin.com>
---
tools/nfsrahead/main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/tools/nfsrahead/main.c b/tools/nfsrahead/main.c
index 33487f37..86c7fcc6 100644
--- a/tools/nfsrahead/main.c
+++ b/tools/nfsrahead/main.c
@@ -218,7 +218,11 @@ int main(int argc, char **argv)
if ((argc - optind) != 1)
xlog_err("expected the device number of a BDI; is udev ok?");
- if ((ret = get_device_info(argv[optind], &device)) != 0 || device.fstype == NULL) {
+ ret = get_device_info(argv[optind], &device);
+ if (ret == -ENODEV) {
+ xlog(D_ALL, "skipping non-NFS device %s\n", argv[optind]);
+ goto out;
+ } else if (ret != 0 || device.fstype == NULL) {
xlog(D_GENERAL, "unable to find device %s\n", argv[optind]);
goto out;
}
--
2.51.0
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging
2026-03-09 14:50 [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Aaron Tomlin
2026-03-09 14:50 ` [PATCH 1/2] nfsrahead: zero-initialise device_info struct Aaron Tomlin
2026-03-09 14:50 ` [PATCH 2/2] nfsrahead: quieten misleading error for non-NFS block devices Aaron Tomlin
@ 2026-03-11 8:27 ` Yi Zhang
2026-03-11 16:11 ` Steve Dickson
2026-03-11 19:45 ` Aaron Tomlin
2026-03-12 12:50 ` Steve Dickson
3 siblings, 2 replies; 7+ messages in thread
From: Yi Zhang @ 2026-03-11 8:27 UTC (permalink / raw)
To: Aaron Tomlin; +Cc: steved, tbecker, linux-nfs
Hi Aaron
Verified the issue was fixed now with your patch, thanks.
Tested-by: Yi Zhang <yi.zhang@redhat.com>
On Mon, Mar 9, 2026 at 10:50 PM Aaron Tomlin <atomlin@atomlin.com> wrote:
>
> Hi Steve, Yi,
>
> This series addresses two issues stemming from the recent fast-path
> optimisation used to reject non-NFS block devices, which were caught during
> blktests.
>
> 1. [PATCH 1/2] fixes the glibc abort(3) by explicitly
> zero-initialising the device_info struct. This prevents the cleanup
> path from attempting to free uninitialised stack memory when the
> fast-path triggers an early exit.
>
> 2. [PATCH 2/2] updates the error handling in main() to log a
> descriptive debug message rather than a general error when a device
> is intentionally skipped, preventing misleading udev journal spam.
>
> Aaron Tomlin (2):
> nfsrahead: zero-initialise device_info struct
> nfsrahead: quieten misleading error for non-NFS block devices
>
> tools/nfsrahead/main.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> --
> 2.51.0
>
--
Best Regards,
Yi Zhang
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging
2026-03-11 8:27 ` [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Yi Zhang
@ 2026-03-11 16:11 ` Steve Dickson
2026-03-11 19:45 ` Aaron Tomlin
1 sibling, 0 replies; 7+ messages in thread
From: Steve Dickson @ 2026-03-11 16:11 UTC (permalink / raw)
To: Yi Zhang, Aaron Tomlin; +Cc: tbecker, linux-nfs
On 3/11/26 4:27 AM, Yi Zhang wrote:
> Hi Aaron
>
> Verified the issue was fixed now with your patch, thanks.
>
> Tested-by: Yi Zhang <yi.zhang@redhat.com>
Thank you very much!!! A new release is on its way!
steved.
>
> On Mon, Mar 9, 2026 at 10:50 PM Aaron Tomlin <atomlin@atomlin.com> wrote:
>>
>> Hi Steve, Yi,
>>
>> This series addresses two issues stemming from the recent fast-path
>> optimisation used to reject non-NFS block devices, which were caught during
>> blktests.
>>
>> 1. [PATCH 1/2] fixes the glibc abort(3) by explicitly
>> zero-initialising the device_info struct. This prevents the cleanup
>> path from attempting to free uninitialised stack memory when the
>> fast-path triggers an early exit.
>>
>> 2. [PATCH 2/2] updates the error handling in main() to log a
>> descriptive debug message rather than a general error when a device
>> is intentionally skipped, preventing misleading udev journal spam.
>>
>> Aaron Tomlin (2):
>> nfsrahead: zero-initialise device_info struct
>> nfsrahead: quieten misleading error for non-NFS block devices
>>
>> tools/nfsrahead/main.c | 8 ++++++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> --
>> 2.51.0
>>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging
2026-03-11 8:27 ` [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Yi Zhang
2026-03-11 16:11 ` Steve Dickson
@ 2026-03-11 19:45 ` Aaron Tomlin
1 sibling, 0 replies; 7+ messages in thread
From: Aaron Tomlin @ 2026-03-11 19:45 UTC (permalink / raw)
To: Yi Zhang; +Cc: steved, tbecker, linux-nfs
[-- Attachment #1: Type: text/plain, Size: 257 bytes --]
On Wed, Mar 11, 2026 at 04:27:04PM +0800, Yi Zhang wrote:
> Hi Aaron
>
> Verified the issue was fixed now with your patch, thanks.
>
> Tested-by: Yi Zhang <yi.zhang@redhat.com>
Hi Yi,
Thank you for testing.
Kind regards,
--
Aaron Tomlin
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging
2026-03-09 14:50 [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Aaron Tomlin
` (2 preceding siblings ...)
2026-03-11 8:27 ` [PATCH 0/2] nfsrahead: fix uninitialised memory crash and refine fast-path logging Yi Zhang
@ 2026-03-12 12:50 ` Steve Dickson
3 siblings, 0 replies; 7+ messages in thread
From: Steve Dickson @ 2026-03-12 12:50 UTC (permalink / raw)
To: Aaron Tomlin, tbecker; +Cc: yi.zhang, linux-nfs
On 3/9/26 10:50 AM, Aaron Tomlin wrote:
> Hi Steve, Yi,
>
> This series addresses two issues stemming from the recent fast-path
> optimisation used to reject non-NFS block devices, which were caught during
> blktests.
>
> 1. [PATCH 1/2] fixes the glibc abort(3) by explicitly
> zero-initialising the device_info struct. This prevents the cleanup
> path from attempting to free uninitialised stack memory when the
> fast-path triggers an early exit.
>
> 2. [PATCH 2/2] updates the error handling in main() to log a
> descriptive debug message rather than a general error when a device
> is intentionally skipped, preventing misleading udev journal spam.
>
> Aaron Tomlin (2):
> nfsrahead: zero-initialise device_info struct
> nfsrahead: quieten misleading error for non-NFS block devices
>
> tools/nfsrahead/main.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
Committed... (tag: nfs-utils-2-8-7-rc1)
steved.
^ permalink raw reply [flat|nested] 7+ messages in thread