[Cluster-devel] gfs2-utils: mkfs segfault with 4.16 kernel

Fri May 4 13:16:24 UTC 2018

On 04/05/18 14:01, Andrew Price wrote:
> On 04/05/18 13:01, Valentin Vidic wrote:
>> On Fri, May 04, 2018 at 12:07:01PM +0100, Andrew Price wrote:
>>> Hm curious. I *can* reproduce the same segfaults but only if I build 
>>> with
>>> the 4.15 header and then rebuild with the 4.16 header *without* first
>>> running ./configure. If I run ./configure the problem resolves itself.
>>
>> Thanks, I removed all traces of 4.15 from the system, did a clean
>> checkout of the repo and master does not segfault anymore :)
> 
> Ok good, we're on the same page :)
> 
>> I will try to fix 3.1.10 now...
> 
> I suspect you'll find the problem in gfs2/libgfs2/ondisk.h where 
> gfs2_rgrp_{in,out} copies the reserved data fields. As the field is 
> smaller in the new gfs2_ondisk.h, the copies could write past the end of 
> the struct into subsequent fields of the containing structure (the 
> rgrp_tree). We should probably use sizeof() there. Same with 
> gfs2_rindex_{in,out}.

Try this.

Andy

diff --git a/gfs2/libgfs2/ondisk.c b/gfs2/libgfs2/ondisk.c
index 66de2234..bf3c6638 100644
--- a/gfs2/libgfs2/ondisk.c
+++ b/gfs2/libgfs2/ondisk.c
@@ -189,7 +189,7 @@ void gfs2_rindex_in(struct gfs2_rindex *ri, char *buf)
         CPIN_64(ri, str, ri_data0);
         CPIN_32(ri, str, ri_data);
         CPIN_32(ri, str, ri_bitbytes);
-       CPIN_08(ri, str, ri_reserved, 64);
+       CPIN_08(ri, str, ri_reserved, sizeof(ri->ri_reserved));
  }

  void gfs2_rindex_out(const struct gfs2_rindex *ri, char *buf)
@@ -205,7 +205,7 @@ void gfs2_rindex_out(const struct gfs2_rindex *ri, 
char *buf)

         CPOUT_32(ri, str, ri_bitbytes);

-       CPOUT_08(ri, str, ri_reserved, 64);
+       CPOUT_08(ri, str, ri_reserved, sizeof(ri->ri_reserved));
  }

  void gfs2_rindex_print(const struct gfs2_rindex *ri)
@@ -228,7 +228,7 @@ void gfs2_rgrp_in(struct gfs2_rgrp *rg, struct 
gfs2_buffer_head *bh)
         CPIN_32(rg, str, rg_free);
         CPIN_32(rg, str, rg_dinodes);

-       CPIN_08(rg, str, rg_reserved, 80);
+       CPIN_08(rg, str, rg_reserved, sizeof(rg->rg_reserved));
  }

  void gfs2_rgrp_out(const struct gfs2_rgrp *rg, char *buf)
@@ -240,7 +240,7 @@ void gfs2_rgrp_out(const struct gfs2_rgrp *rg, char 
*buf)
         CPOUT_32(rg, str, rg_free);
         CPOUT_32(rg, str, rg_dinodes);

-       CPOUT_08(rg, str, rg_reserved, 80);
+       CPOUT_08(rg, str, rg_reserved, sizeof(rg->rg_reserved));
  }

  void gfs2_rgrp_out_bh(const struct gfs2_rgrp *rg, struct 
gfs2_buffer_head *bh)


