Re: [Cluster-devel] gfs2-utils: mkfs segfault with 4.16 kernel

Fri, 04 May 2018 06:31:30 -0700 

On 04/05/18 14:01, Andrew Price wrote:

On 04/05/18 13:01, Valentin Vidic wrote:

On Fri, May 04, 2018 at 12:07:01PM +0100, Andrew Price wrote:
Hm curious. I *can* reproduce the same segfaults but only if I build with 
the 4.15 header and then rebuild with the 4.16 header *without* first
running ./configure. If I run ./configure the problem resolves itself.


Thanks, I removed all traces of 4.15 from the system, did a clean
checkout of the repo and master does not segfault anymore :)


Ok good, we're on the same page :)


I will try to fix 3.1.10 now...



I suspect you'll find the problem in gfs2/libgfs2/ondisk.h where 
gfs2_rgrp_{in,out} copies the reserved data fields. As the field is 
smaller in the new gfs2_ondisk.h, the copies could write past the end of 
the struct into subsequent fields of the containing structure (the 
rgrp_tree). We should probably use sizeof() there. Same with 
gfs2_rindex_{in,out}.


Try this.

Andy

diff --git a/gfs2/libgfs2/ondisk.c b/gfs2/libgfs2/ondisk.c
index 66de2234..bf3c6638 100644
--- a/gfs2/libgfs2/ondisk.c
+++ b/gfs2/libgfs2/ondisk.c
@@ -189,7 +189,7 @@ void gfs2_rindex_in(struct gfs2_rindex *ri, char *buf)
        CPIN_64(ri, str, ri_data0);
        CPIN_32(ri, str, ri_data);
        CPIN_32(ri, str, ri_bitbytes);
-       CPIN_08(ri, str, ri_reserved, 64);
+       CPIN_08(ri, str, ri_reserved, sizeof(ri->ri_reserved));
 }

 void gfs2_rindex_out(const struct gfs2_rindex *ri, char *buf)

@@ -205,7 +205,7 @@ void gfs2_rindex_out(const struct gfs2_rindex *ri, 
char *buf)


        CPOUT_32(ri, str, ri_bitbytes);

-       CPOUT_08(ri, str, ri_reserved, 64);
+       CPOUT_08(ri, str, ri_reserved, sizeof(ri->ri_reserved));
 }

 void gfs2_rindex_print(const struct gfs2_rindex *ri)

@@ -228,7 +228,7 @@ void gfs2_rgrp_in(struct gfs2_rgrp *rg, struct 
gfs2_buffer_head *bh)

        CPIN_32(rg, str, rg_free);
        CPIN_32(rg, str, rg_dinodes);

-       CPIN_08(rg, str, rg_reserved, 80);
+       CPIN_08(rg, str, rg_reserved, sizeof(rg->rg_reserved));
 }

 void gfs2_rgrp_out(const struct gfs2_rgrp *rg, char *buf)

@@ -240,7 +240,7 @@ void gfs2_rgrp_out(const struct gfs2_rgrp *rg, char 
*buf)

        CPOUT_32(rg, str, rg_free);
        CPOUT_32(rg, str, rg_dinodes);

-       CPOUT_08(rg, str, rg_reserved, 80);
+       CPOUT_08(rg, str, rg_reserved, sizeof(rg->rg_reserved));
 }


 void gfs2_rgrp_out_bh(const struct gfs2_rgrp *rg, struct 
gfs2_buffer_head *bh)
























					Reply via email to