[linux-lvm] Frequent crashes when accessing dev_name(dev) on an empty list

Konstantin Kharlamov hi-angel at yandex.ru
Mon Feb 21 13:45:51 UTC 2022

Hello! We encountered quite a few of sporadic crashes, which upon inspection turned out to be caused by dev->aliases list being empty.

One example of a fix (not tested):

--- a/lib/label/hints.c
+++ b/lib/label/hints.c
@@ -471,7 +471,8 @@ int validate_hints(struct cmd_context *cmd, struct dm_list
    471         if (!(iter = dev_iter_create(NULL, 0)))
    472                 return 0;
    473         while ((dev = dev_iter_get(cmd, iter))) {
474    -                if (!(hint = _find_hint_name(hints, dev_name(dev))))
    474+                if (dm_list_empty(dev->aliases) ||
    475+                    !(hint = _find_hint_name(hints, dev_name(dev))))
475 476                         continue;
476 477
477 478                 /* The cmd hasn't needed this hint's dev so it's not
been scanned. */

So, what happened was that dev_name(dev) was extracting a `dev->aliases` element
, however `dev->aliases` was empty, thus the extracted element was a junk.

Although we encountered these crashes on an older 2.03.07 version, however the
patch applies to latest master as well, thus the bugs are still relevant, which
is odd. This makes me wondering, is this a known problem, could I possibly
overlooked something, for example that dev->aliases should never be empty, and
thus the fix just works around another problem? Any thoughts?

More information about the linux-lvm mailing list