thr3ads.net - Lustre devel - [Lustre-devel] nullpointer bug in ost_brw

If this information is useful, please help other people find it:
Share via:

Bernd Schubert

2007-Mar-16 06:02 UTC

[Lustre-devel] nullpointer bug in ost_brw_write()?

Hi,

I think we just found a bug in ost_handler.c: ost_brw_write()
(lustre-1.4.9).

Some parts of the function:

rc = obd_commitrw(OBD_BRW_WRITE, req->rq_export, &repbody->oa,
                  objcount, ioo, npages, local_nb, oti, rc);

if (unlikely(client_cksum != server_cksum && rc == 0)) {
        int new_cksum = ost_checksum_bulk(desc);
...
}

ost_nio_pages_put(req, local_nb, npages);


The problem is in  obd_commitrw(), for a read it calls 
filter_io.c: filter_commitrw_read(), which will call filter_free_dio_pages().

In filter_free_dio_pages() all pages are set to zero, which will cause a 
nullpointer dereference in ost_nio_pages_put(). 

We just commented out the call of filter_free_dio_pages() and on a first and 
very brief test, it didn''t cause any problems. But maybe obd_commitrw()
is
supposed to be called after ost_nio_pages_put()?


Thanks,
Bernd

-- 
Bernd Schubert
Q-Leap Networks GmbH / transtec AG / ttec

Alex Tomas

2007-Mar-16 06:25 UTC

head link

[Lustre-devel] nullpointer bug in ost_brw_write()?

is POISON_BULK defined ?

>>>>> Bernd Schubert (BS) writes:
 BS> Hi,
 BS> I think we just found a bug in ost_handler.c: ost_brw_write()
 BS> (lustre-1.4.9).

 BS> Some parts of the function:

 BS> rc = obd_commitrw(OBD_BRW_WRITE, req->rq_export, &repbody->oa,
 BS>                   objcount, ioo, npages, local_nb, oti, rc);

 BS> if (unlikely(client_cksum != server_cksum && rc == 0)) {
 BS>         int new_cksum = ost_checksum_bulk(desc);
 BS> ...
 BS> }

 BS> ost_nio_pages_put(req, local_nb, npages);


 BS> The problem is in  obd_commitrw(), for a read it calls 
 BS> filter_io.c: filter_commitrw_read(), which will call
filter_free_dio_pages().

 BS> In filter_free_dio_pages() all pages are set to zero, which will cause a
 BS> nullpointer dereference in ost_nio_pages_put(). 

 BS> We just commented out the call of filter_free_dio_pages() and on a first
and
 BS> very brief test, it didn''t cause any problems. But maybe
obd_commitrw() is
 BS> supposed to be called after ost_nio_pages_put()?


 BS> Thanks,
 BS> Bernd

 BS> -- 
 BS> Bernd Schubert
 BS> Q-Leap Networks GmbH / transtec AG / ttec

 BS> _______________________________________________
 BS> Lustre-devel mailing list
 BS> Lustre-devel@clusterfs.com
 BS> https://mail.clusterfs.com/mailman/listinfo/lustre-devel

Bernd Schubert

2007-Mar-16 07:10 UTC

head link

[Lustre-devel] nullpointer bug in ost_brw_write()?

On Friday 16 March 2007 14:18, Alex Tomas wrote:> is POISON_BULK defined ?
Thanks, we did oversee this, got defined by accident. However, I still think 
the code should be fixed to make it work, even when POISON_BULK is defined.

Spasibo bol''shoj,
Bernd

-- 
Bernd Schubert
Q-Leap Networks GmbH / transtec AG / ttec

Lustre devel - Mar 2007 - nullpointer bug in ost_brw_write()?

[Lustre-devel] nullpointer bug in ost_brw_write()?

[Lustre-devel] nullpointer bug in ost_brw_write()?

[Lustre-devel] nullpointer bug in ost_brw_write()?