Project

General

Profile

Bug #1991

svccfg describe -t Segmentation Fault

Added by Piotr Jasiukajtis almost 9 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
lib - userland libraries
Start date:
2012-01-17
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

svccfg core dumps if 'describe -t' option is used:

# uname -v
oi_151a
# svccfg -s nfs/client describe -t config
Segmentation Fault (core dumped)
# mdb core 
Loading modules: [ libumem.so.1 libc.so.1 libuutil.so.1 ld.so.1 ]
> $C
08047b38 libc_hwcap1.so.1`mutex_lock_impl+0x23(0, 0, 8047b98, 0, 8112f98, feaa8000)
08047b58 libc_hwcap1.so.1`mutex_lock+0x10(0, 1)
08047b98 libscf.so.1`datael_destroy+0x23(80f3ea8)
08047bb8 libscf.so.1`scf_service_destroy+0x23(80f3ea8, 8107f80, 0, fea6317e)
08047bd8 libscf.so.1`scf_tmpl_pg_destroy+0x5b(8112f98)
08047c28 listtmpl+0x2da(8106fc8, 1, 8094104, 807d6ce)
08047c68 lscf_describe+0x199(80faf08, 1, 8047cd8, 808ae81)
08047cd8 yyparse+0x122a(5, 8047d74, 8047d28, 805bcad, 8111648, 8091268)
08047ce8 engine_exec+0x37(8111648, 8091268, 800, feffbafc)
08047d28 main+0x1a9(6, 8047d60, 8047d7c, 8047d1c)
08047d54 _start+0x7d(6, 8047e28, 8047e2f, 8047e32, 8047e3d, 8047e46)
> 

Files

1991.diff (1.19 KB) 1991.diff suggested fix Milan Jurik, 2012-05-27 03:00 PM

Related issues

Related to illumos gate - Bug #2742: minor memory allocation issue in svccfg:upgrade_manifestfiles()ResolvedMilan Jurik2012-05-15

Actions
Is duplicate of illumos gate - Bug #1474: Core dump in svccfgClosedsham pavman2011-09-06

Actions
#1

Updated by Milan Jurik over 8 years ago

  • % Done changed from 0 to 10
  • Tags deleted (needs-triage)

In the final stage before coredump, pgt rd_handle is NULL. This happens because pgt pt_snap points on the same structure as pt_orig_svc and it is destroyed before pt_orig_svc.

#2

Updated by Milan Jurik over 8 years ago

  • Assignee set to Milan Jurik
#3

Updated by Milan Jurik over 8 years ago

  • Category changed from cmd - userland programs to lib - userland libraries
  • Status changed from New to In Progress
  • % Done changed from 10 to 50

The problem is that libscf/svccfg free structure in pt_orig_svc.

This happens in get_next_iterator() through SCF_TMPL_ITER_INST case, when _get_restarter_inst() returns pointer to pt_orig_svc and this is freed as pt_svc.

Later in this function the freed memory is assigned to pt_snap.

As on the other places when libscf destroys pt_svc, it should test it if it is not the same as pt_orig_svc and not destroy it then.

There are 2 places in libscf which need to be fixed, both in _get_next_iterator()

#4

Updated by Milan Jurik over 8 years ago

#5

Updated by Dan McDonald over 8 years ago

  • Status changed from In Progress to Pending RTI

changeset: 13705:70355eedf57a
user: Milan Jurik <>
date: Sun May 27 16:49:00 2012 +0200

description:
1991 svccfg describe -t Segmentation Fault
2742 minor memory allocation issue in svccfg:upgrade_manifestfiles()
Reviewed by: Albert Lee <>
Reviewed by: T Nguyen <>
Approved by: Rich Lowe <>
Approved by: Garrett D'Amore <>

modified:
usr/src/cmd/svc/svccfg/svccfg_libscf.c
usr/src/lib/libscf/common/scf_tmpl.c

#6

Updated by Dan McDonald over 8 years ago

  • Status changed from Pending RTI to Resolved

Also available in: Atom PDF