Merge ~ahasenack/ubuntu/+source/nfs-utils:jammy-blkmapd-invalid-free into ubuntu/+source/nfs-utils:ubuntu/jammy-devel
Proposed by
Andreas Hasenack
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | git-ubuntu bot | ||||
Approved revision: | not available | ||||
Merged at revision: | d4d78b2c0bfe3cfcc8caf3affcf97b73cdec25fa | ||||
Proposed branch: | ~ahasenack/ubuntu/+source/nfs-utils:jammy-blkmapd-invalid-free | ||||
Merge into: | ubuntu/+source/nfs-utils:ubuntu/jammy-devel | ||||
Diff against target: |
69 lines (+47/-0) 3 files modified
debian/changelog (+7/-0) debian/patches/blkmapd-fix-invalid-free.patch (+39/-0) debian/patches/series (+1/-0) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Bryce Harrington (community) | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+431927@code.launchpad.net |
Description of the change
Fix for a core dump in blkmapd. The linked SRU bug has testing instructions.
I haven't heard back from upstream yet, maybe the final commit will be different. I'll evaluate if/when that happens, and submit to debian.
Once LL is open, I'll propose the fix there too, and then proceed with the SRU.
PPA: https:/
To post a comment you must log in.
Results: (from http:// autopkgtest. ubuntu. com/results/ autopkgtest- jammy-ahasenack -blkmapd- invalid- free/?format= plain) 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1 1:2.6.1- 1ubuntu1. 2~ppa1
nfs-utils @ amd64:
20.10.22 18:51:48 Log 🗒️ ✅ Triggers: nfs-utils/
20.10.22 23:22:57 Log 🗒️ ✅ Triggers: nfs-utils/
nfs-utils @ arm64:
20.10.22 23:30:06 Log 🗒️ ✅ Triggers: nfs-utils/
nfs-utils @ armhf:
20.10.22 23:12:11 Log 🗒️ ✅ Triggers: nfs-utils/
nfs-utils @ ppc64el:
20.10.22 23:22:27 Log 🗒️ ✅ Triggers: nfs-utils/
20.10.22 23:25:51 Log 🗒️ ✅ Triggers: nfs-utils/
nfs-utils @ s390x:
20.10.22 23:18:30 Log 🗒️ ✅ Triggers: nfs-utils/
It's interesting that this reports a core dump has occurred, yet I'm not spotting a stack trace in any of the comments. Despite that, looks like the discussion went through some thorough debugging to find the root cause of the error.
Looks like the serial memory gets initialized with:
struct bl_serial {
int len;
char *data;
};
struct bl_serial *serial = NULL; serial( fd, filepath);
...
serial = bldev_read_
The object itself seems to be created with this:
static struct bl_serial *bl_create_ scsi_string( int len, const char *bytes)
{
struct bl_serial *s;
s = malloc(sizeof(*s) + len);
s->data = (char *)&s[1];
s->len = len;
memcpy( s->data, bytes, len);
if (s) {
}
return s;
}
Indeed that is malloc'ing the entire bl_serial structure, and not alloc'ing serial->data separately. So yes confirmed this needs only the one free. And this matches to what you've written in the SRU [Impact].
LGTM, +1
Just as a nitpick, I would suggest mentioning in the changelog the text of the error associated with the crash, i.e. "nfs-blkmap. service: Failed with result 'core-dump'." so users can more easily identify what this fixes. Maybe even mention that it occurs with SCSI devices.
Oh, also in the [Where problems could occur] section, in general whenever I have C code and in particular with C code that does memory alloc, I mention memory leaks and segfaults as other types of regressions to watch for. Gotta love pointers. &(<3)