[dm-devel] [PATCH 0/4] Fix segfault on access to mpp->hwe

[Benjamin Marzinski]

On Mon, Jul 13, 2020 at 01:07:39PM +0200, mwilck at suse.com wrote:
> From: Martin Wilck <mwilck at suse.com>
> 
> This is in response to Lixiaokeng's post
> "master - libmultipath: fix use after free when iscsi logs in".
> 
> On top of Lixiaokeng's patch, I've added some log messages and
> a fix for mpp->hwe handling in sync_paths().
> 
> The question remains how we handle maps without paths. I believe we're good
> here, please review my assessment.
> 
> mpp->hwe is only accessed in propsel.c, via the mp_set_hwe() macro. Patch 3 of
> my series adds an error message if this happens while mpp->hwe is NULL. IMO it
> shouldn't happen because we don't check map properties for empty
> maps. Normally this is done when a map is created, and we don't create maps
> without paths.
> 
> The case where a map looses all paths during its normal lifetime and
> can't be removed (e.g. because it's busy) is already covered by the
> current code AFAICT. When a new path is re-added, we'll call adopt_paths
> and verify_paths(), which will make sure that mpp->hwe is set again
> to the pp->hwe member of the newly added path.
> 
> Reviews and comments welcome.

Reviewed-by: Benjamin Marzinski <bmarzins at redhat.com>

> 
> Regards
> Martin
> 
> Martin Wilck (3):
>   libmultipath: warn if freeing path that holds mpp->hwe
>   libmultipath: warn about NULL value of mpp->hwe
>   libmultipath: fix mpp->hwe handling in sync_paths()
> 
> lixiaokeng (1):
>   master - libmultipath: fix use after free when iscsi logs in
> 
>  libmultipath/propsel.c     | 4 +++-
>  libmultipath/structs_vec.c | 9 +++++++++
>  2 files changed, 12 insertions(+), 1 deletion(-)
> 
> -- 
> 2.26.2