Re: mdadm 2.6.3 segfaults on assembly (v1 superblocks)

Neil Brown <neilb@xxxxxxx> · Mon, 24 Sep 2007 14:28:28 +1000

On Friday September 7, madduck@xxxxxxxxxxx wrote:
> 
> Neil, could this be a bug?
> 

Sure could.  Thanks for the report.

This patch (already in .git) should fix it.

NeilBrown

---------------------------
Don't corrupt 'supertype' when speculatively calling load_super1

When load_super1 is trying to see which sub-version of v1 superblock
is present, failure will cause it to clear st->ss, which is not good.

So use a temporary 'super_type' for the 'test if this version works'
calls, then copy that into 'st' on success.

### Diffstat output
 ./super1.c |   19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff .prev/super1.c ./super1.c

--- .prev/super1.c	2007-09-24 14:26:19.000000000 +1000
+++ ./super1.c	2007-09-24 14:23:11.000000000 +1000
@@ -996,34 +996,35 @@ static int load_super1(struct supertype 
 
 	if (st->ss == NULL || st->minor_version == -1) {
 		int bestvers = -1;
+		struct supertype tst;
 		__u64 bestctime = 0;
 		/* guess... choose latest ctime */
-		st->ss = &super1;
-		for (st->minor_version = 0; st->minor_version <= 2 ; st->minor_version++) {
+		tst.ss = &super1;
+		for (tst.minor_version = 0; tst.minor_version <= 2 ; tst.minor_version++) {
 			switch(load_super1(st, fd, sbp, devname)) {
 			case 0: super = *sbp;
 				if (bestvers == -1 ||
 				    bestctime < __le64_to_cpu(super->ctime)) {
-					bestvers = st->minor_version;
+					bestvers = tst.minor_version;
 					bestctime = __le64_to_cpu(super->ctime);
 				}
 				free(super);
 				*sbp = NULL;
 				break;
-			case 1: st->ss = NULL; return 1; /*bad device */
+			case 1: return 1; /*bad device */
 			case 2: break; /* bad, try next */
 			}
 		}
 		if (bestvers != -1) {
 			int rv;
-			st->minor_version = bestvers;
-			st->ss = &super1;
-			st->max_devs = 384;
+			tst.minor_version = bestvers;
+			tst.ss = &super1;
+			tst.max_devs = 384;
 			rv = load_super1(st, fd, sbp, devname);
-			if (rv) st->ss = NULL;
+			if (rv == 0)
+				*st = tst;
 			return rv;
 		}
-		st->ss = NULL;
 		return 2;
 	}
 	if (!get_dev_size(fd, devname, &dsize))
-
To unsubscribe from this list: send the line "unsubscribe linux-raid" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




