[dm-devel] libmultipath: fix null dereference

lutianxiong lutianxiong at huawei.com
Thu Jul 23 01:11:47 UTC 2020 

Hi
I got a multipath segfault while running iscsi login/logout and following scripts in parallel:

#!/bin/bash

interval=1
while true
do
              multipath -F &> /dev/null
              multipath -r &> /dev/null
              multipath -v2 &> /dev/null
              multipath -ll &> /dev/null
              sleep $interval
done

This is the debuginfo:
#0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0) at nvme.c:801
801              if (strcmp("disk", udev_device_get_devtype(ud)))
(gdb) bt
#0  0x00007f3805e4df58 in add (ctx=0x55d1569e4a00, ud=0x55d1569bafd0) at nvme.c:801
#1  0x00007f3806687a44 in add_foreign (udev=0x55d1569bafd0) at foreign.c:299
#2  0x00007f3806665abf in is_claimed_by_foreign (ud=<optimized out>) at foreign.h:316
#3  pathinfo (pp=0x55d1569e9f50, conf=0x55d1569b92d0, mask=69) at discovery.c:2064
#4  0x000055d154c91cbb in check_usable_paths (conf=0x55d1569b92d0, devpath=0x55d1569e3200 "dm-6", dev_type=<optimized out>) at main.c:368
#5  0x000055d154c910a5 in main (argc=3, argv=<optimized out>) at main.c:1057

In add() at libmultipath/foreign/nvme.c, udev_device_get_devtype(ud) return a NULL pointer then dereferenced.
Here, NULL check is needed.



Check if udev_device_get_devtype return NULL before dereferencing it.

Signed-off-by: lutianxiong <lutianxiong at huawei.com>
---
libmultipath/foreign/nvme.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libmultipath/foreign/nvme.c b/libmultipath/foreign/nvme.c
index 09cdddf0..f1da1dcd 100644
--- a/libmultipath/foreign/nvme.c
+++ b/libmultipath/foreign/nvme.c
@@ -793,12 +793,14 @@ int add(struct context *ctx, struct udev_device *ud)
{
        struct udev_device *subsys;
        int rc;
+       const char *devtype;

        condlog(5, "%s called for \"%s\"", __func__, THIS);

        if (ud == NULL)
                return FOREIGN_ERR;
-       if (strcmp("disk", udev_device_get_devtype(ud)))
+       if ((devtype = udev_device_get_devtype(ud)) == NULL ||
+                       strcmp("disk", devtype))
                return FOREIGN_IGNORED;

        subsys = udev_device_get_parent_with_subsystem_devtype(ud,
--
2.23.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20200723/42999855/attachment.htm>

More information about the dm-devel mailing list