Actions
Bug #14696
closed
nvmeadm command dumps core when libumem.so is used
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
Description
# env LD_PRELOAD=libumem.so nvmeadm list nvme1: model: SAMSUNG MZVPV128HDGM-00000, serial: S1XVNYAGA00640, FW rev: BXW7300Q, NVMe v1.1 nvme1/1 (c1t1d0): Size = 122104 MB, Capacity = 122104 MB, Used = 121511 MB Abort (core dumped)
The culprit is this code in nvme_dskname():
path = di_dim_path_dev(dim, di_driver_name(child),
di_instance(child), "c");
/*
* Error out if we didn't get a path, or if it's too short for
* the following operations to be safe.
*/
if (path == NULL || strlen(path) < 2)
goto fail;
/* Chop off 's0' and get everything past the last '/' */
path[strlen(path) - 2] = '\0';
path = strrchr(path, '/');
if (path == NULL)
goto fail;
path++;
When nvme_process() returns, it frees 'path', but 'path' points in the middle of the chunk of memory that was allocated by di_dim_path_dev().
Updated by Hans Rosenfeld about 2 months ago
Testing: This has been in Tintri's code since 2018 and has been in all releases of their products since.
Updated by Electric Monk about 2 months ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit b602cbcd64fbbebf696bd7c8e03367bdfa19805d
commit b602cbcd64fbbebf696bd7c8e03367bdfa19805d
Author: Manjith Gambhir <manjith.gambhir@tegile.com>
Date: 2022-05-18T15:20:04.000Z
14696 nvmeadm command dumps core when libumem.so is used
Reviewed by: Andy Giles <agiles@tintri.com>
Reviewed by: Ben Jameson <bjameson@tintri.com>
Reviewed by: Pete Shephard <pete.shephard@tegile.com>
Reviewed by: Robert Mustacchi <rm+illumos@fingolfin.org>
Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
Approved by: Dan McDonald <danmcd@mnx.io>
Actions