[dm-devel] libmultipath: fix NULL dereference in get_be64
lixiaokeng
lixiaokeng at huawei.com
Mon Feb 1 14:50:09 UTC 2021
>>
>> cli_add_path
>> ->ev_add_path
>> ->add_map_with_path
>> ->adopt_paths
>> ->pathinfo
>> ->filter_property
>> ->return PATHINFO_SKIPPED,
>> ->pp->mpp is NULL and not be set
>> ->return 0
>
> This returns 0, but add_map_with_path() has this code to check whether
> the path passed to it was actually added to the new map:
>
> if (adopt_paths(vecs->pathvec, mpp) ||
> find_slot(vecs->pathvec, pp) == -1)
> goto out; -> return NULL
>
> So ev_add_path() should have seen a NULL return from
> add_map_with_path(), should not have set start_waiter, and failed.
>
I'm sorry for a big mistake in my stack. As the code is optimized, pathinfo
return PATHINFO_SKIPPED after finish filter_property when I use gdb. It
happens acctualy in:
2141 if (pp->bus == SYSFS_BUS_SCSI &&
2142 pp->sg_id.proto_id == SCSI_PROTOCOL_USB &&
2143 !conf->allow_usb_devices) {
2144 condlog(3, "%s: skip USB device %s", pp->dev,
2145 pp->tgt_node_name);
2146 return PATHINFO_SKIPPED;
2147 }
2148 }
Stack:
cli_add_path
->ev_add_path
->add_map_with_path
->adopt_paths
->pathinfo
->pp->bus == SYSFS_BUS_SCSI
->return PATHINFO_SKIPPED,
->pp->mpp is NULL and not be set
->return 0
->mpath_pr_event_handle
->get_be64 //pp->mpp is dereference
If you think my patch is ok, I will resend it.
Regards
Lixiaokeng
More information about the dm-devel
mailing list