Fix a double free and a segfault bug
Fix double free on buggy old kernel sysfs read Fix segfault if trying to write superblock to non existing device Resolves: bz795707 (f17) bz795747 (f16) bz795748 (f15) Resolves: bz795461 (f17) bz795749 (f16) bz795750 (f15) Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
This commit is contained in:
parent
15adacde4b
commit
e2bea3e210
@ -0,0 +1,94 @@
|
|||||||
|
From 4011421332681ba733a2fc90de7ac94da8593418 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jes Sorensen <Jes.Sorensen@redhat.com>
|
||||||
|
Date: Thu, 23 Feb 2012 08:55:19 +1100
|
||||||
|
Subject: [PATCH 2/2] Print error message if failing to write super for 1.x
|
||||||
|
metadata
|
||||||
|
|
||||||
|
In addition remove attempt to print an error message if
|
||||||
|
write_init_super() fails, as this is handled in the various
|
||||||
|
write_init_super() functions. This avoids a segfault on error.
|
||||||
|
|
||||||
|
Reported by Jim Meyering in
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=795461
|
||||||
|
|
||||||
|
Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
|
||||||
|
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||||
|
---
|
||||||
|
Create.c | 3 ---
|
||||||
|
super1.c | 25 ++++++++++++++++---------
|
||||||
|
2 files changed, 16 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Create.c b/Create.c
|
||||||
|
index 90ff3ed..e5c6b05 100644
|
||||||
|
--- a/Create.c
|
||||||
|
+++ b/Create.c
|
||||||
|
@@ -924,9 +924,6 @@ int Create(struct supertype *st, char *mddev,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (st->ss->write_init_super(st)) {
|
||||||
|
- fprintf(stderr,
|
||||||
|
- Name ": Failed to write metadata to %s\n",
|
||||||
|
- dv->devname);
|
||||||
|
st->ss->free_super(st);
|
||||||
|
goto abort_locked;
|
||||||
|
}
|
||||||
|
diff --git a/super1.c b/super1.c
|
||||||
|
index a18952a..341ad53 100644
|
||||||
|
--- a/super1.c
|
||||||
|
+++ b/super1.c
|
||||||
|
@@ -1106,13 +1106,16 @@ static int write_init_super1(struct supertype *st)
|
||||||
|
}
|
||||||
|
free(refst);
|
||||||
|
|
||||||
|
- if (!get_dev_size(di->fd, NULL, &dsize))
|
||||||
|
- return 1;
|
||||||
|
+ if (!get_dev_size(di->fd, NULL, &dsize)) {
|
||||||
|
+ rv = 1;
|
||||||
|
+ goto error_out;
|
||||||
|
+ }
|
||||||
|
dsize >>= 9;
|
||||||
|
|
||||||
|
if (dsize < 24) {
|
||||||
|
close(di->fd);
|
||||||
|
- return 2;
|
||||||
|
+ rv = 2;
|
||||||
|
+ goto error_out;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@@ -1176,22 +1179,26 @@ static int write_init_super1(struct supertype *st)
|
||||||
|
sb->data_size = __cpu_to_le64(dsize - reserved);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
- return -EINVAL;
|
||||||
|
+ fprintf(stderr, Name ": Failed to write invalid "
|
||||||
|
+ "metadata format 1.%i to %s\n",
|
||||||
|
+ st->minor_version, di->devname);
|
||||||
|
+ rv = -EINVAL;
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
sb->sb_csum = calc_sb_1_csum(sb);
|
||||||
|
rv = store_super1(st, di->fd);
|
||||||
|
- if (rv)
|
||||||
|
- fprintf(stderr,
|
||||||
|
- Name ": failed to write superblock to %s\n",
|
||||||
|
- di->devname);
|
||||||
|
-
|
||||||
|
if (rv == 0 && (__le32_to_cpu(sb->feature_map) & 1))
|
||||||
|
rv = st->ss->write_bitmap(st, di->fd);
|
||||||
|
close(di->fd);
|
||||||
|
di->fd = -1;
|
||||||
|
}
|
||||||
|
+error_out:
|
||||||
|
+ if (rv)
|
||||||
|
+ fprintf(stderr, Name ": Failed to write metadata to %s\n",
|
||||||
|
+ di->devname);
|
||||||
|
+out:
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
1.7.7.6
|
||||||
|
|
@ -0,0 +1,31 @@
|
|||||||
|
From 9200d418d049aff77b3d0ad8f30f1a16adc56030 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jim Meyering <jim@meyering.net>
|
||||||
|
Date: Tue, 21 Feb 2012 13:02:22 +0100
|
||||||
|
Subject: [PATCH 1/2] avoid double-free upon "old buggy kernel" sysfs_read
|
||||||
|
failure
|
||||||
|
|
||||||
|
* Incremental.c (Incremental): On sysfs_read failure, don't call
|
||||||
|
sysfs_free(sra) just before "goto out_unlock", since that very
|
||||||
|
same "sra" is freed the same way by the clean-up code below.
|
||||||
|
|
||||||
|
Signed-off-by: Jim Meyering <meyering@redhat.com>
|
||||||
|
Signed-off-by: NeilBrown <neilb@suse.de>
|
||||||
|
---
|
||||||
|
Incremental.c | 1 -
|
||||||
|
1 files changed, 0 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Incremental.c b/Incremental.c
|
||||||
|
index b457bf3..836a6f1 100644
|
||||||
|
--- a/Incremental.c
|
||||||
|
+++ b/Incremental.c
|
||||||
|
@@ -325,7 +325,6 @@ int Incremental(char *devname, int verbose, int runstop,
|
||||||
|
fprintf(stderr, Name
|
||||||
|
": You have an old buggy kernel which cannot support\n"
|
||||||
|
" --incremental reliably. Aborting.\n");
|
||||||
|
- sysfs_free(sra);
|
||||||
|
rv = 2;
|
||||||
|
goto out_unlock;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.7.6
|
||||||
|
|
12
mdadm.spec
12
mdadm.spec
@ -1,7 +1,7 @@
|
|||||||
Summary: The mdadm program controls Linux md devices (software RAID arrays)
|
Summary: The mdadm program controls Linux md devices (software RAID arrays)
|
||||||
Name: mdadm
|
Name: mdadm
|
||||||
Version: 3.2.3
|
Version: 3.2.3
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Source: http://www.kernel.org/pub/linux/utils/raid/mdadm/mdadm-%{version}.tar.bz2
|
Source: http://www.kernel.org/pub/linux/utils/raid/mdadm/mdadm-%{version}.tar.bz2
|
||||||
Source1: mdmonitor.init
|
Source1: mdmonitor.init
|
||||||
Source2: raid-check
|
Source2: raid-check
|
||||||
@ -19,6 +19,8 @@ Patch5: mdadm-3.2.3-Add-offroot-argument-to-mdadm.patch
|
|||||||
Patch6: mdadm-3.2.3-Add-offroot-argument-to-mdmon.patch
|
Patch6: mdadm-3.2.3-Add-offroot-argument-to-mdmon.patch
|
||||||
Patch7: mdadm-3.2.3-Spawn-mdmon-with-offroot-if-mdadm-was-launched-with-.patch
|
Patch7: mdadm-3.2.3-Spawn-mdmon-with-offroot-if-mdadm-was-launched-with-.patch
|
||||||
Patch8: mdadm-3.2.3-super1-make-aread-awrite-always-use-an-aligned-buffe.patch
|
Patch8: mdadm-3.2.3-super1-make-aread-awrite-always-use-an-aligned-buffe.patch
|
||||||
|
Patch9: mdadm-3.2.3-avoid-double-free-upon-old-buggy-kernel-sysfs_read-f.patch
|
||||||
|
Patch10: mdadm-3.2.3-Print-error-message-if-failing-to-write-super-for-1..patch
|
||||||
Patch19: mdadm-3.2.3-udev.patch
|
Patch19: mdadm-3.2.3-udev.patch
|
||||||
Patch20: mdadm-2.5.2-static.patch
|
Patch20: mdadm-2.5.2-static.patch
|
||||||
URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/
|
URL: http://www.kernel.org/pub/linux/utils/raid/mdadm/
|
||||||
@ -61,6 +63,8 @@ is not used as the system init process.
|
|||||||
%patch6 -p1 -b .offroot-mdmon
|
%patch6 -p1 -b .offroot-mdmon
|
||||||
%patch7 -p1 -b .offroot-spawn
|
%patch7 -p1 -b .offroot-spawn
|
||||||
%patch8 -p1 -b .bitmap
|
%patch8 -p1 -b .bitmap
|
||||||
|
%patch9 -p1 -b .double
|
||||||
|
%patch10 -p1 -b .print
|
||||||
%patch19 -p1 -b .udev
|
%patch19 -p1 -b .udev
|
||||||
%patch20 -p1 -b .static
|
%patch20 -p1 -b .static
|
||||||
|
|
||||||
@ -135,6 +139,12 @@ fi
|
|||||||
%{_initrddir}/*
|
%{_initrddir}/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Feb 23 2012 Jes Sorensen <Jes.Sorensen@redhat.com> - 3.2.3-6
|
||||||
|
- Fix double free on buggy old kernel sysfs read
|
||||||
|
- Fix segfault if trying to write superblock to non existing device
|
||||||
|
- Resolves: bz795707 (f17) bz795747 (f16) bz795748 (f15)
|
||||||
|
- Resolves: bz795461 (f17) bz795749 (f16) bz795750 (f15)
|
||||||
|
|
||||||
* Thu Feb 16 2012 Jes Sorensen <Jes.Sorensen@redhat.com> - 3.2.3-5
|
* Thu Feb 16 2012 Jes Sorensen <Jes.Sorensen@redhat.com> - 3.2.3-5
|
||||||
- Fix issue with devices failing to be added to a raid using bitmaps,
|
- Fix issue with devices failing to be added to a raid using bitmaps,
|
||||||
due to trying to write the bitmap with mis-aligned buffers using
|
due to trying to write the bitmap with mis-aligned buffers using
|
||||||
|
Loading…
Reference in New Issue
Block a user