925189 – sys-fs/multipath-tools-0.9.7: segfault in multipathd

Bug 925189 - sys-fs/multipath-tools-0.9.7: segfault in multipathd

Summary: sys-fs/multipath-tools-0.9.7: segfault in multipathd

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2024-02-21 16:12 UTC by Zac Medico
Modified:	2024-02-22 19:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zac Medico gentoo-dev

2024-02-21 16:12:30 UTC

There's a fix for this multipathd segfault that I've experienced with 0.9.7:

https://github.com/opensvc/multipath-tools/pull/81/commits/fc8b102c666d7fbad9242dea43a64941399a1c0d

From fc8b102c666d7fbad9242dea43a64941399a1c0d Mon Sep 17 00:00:00 2001
From: Benjamin Marzinski <bmarzins@redhat.com>
Date: Tue, 16 Jan 2024 20:19:11 -0500
Subject: [PATCH] multipathd: fix null pointer dereference in uev_update_path

The Auto-resize code added a check that deferences pp->mpp without
checking that it's non-NULL. Fix it.

Fixes: 981b83ad1 ("multipathd: Add auto_resize config option")
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Reviewed-by: Martin Wilck <mwilck@suse.com>
---
 multipathd/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/multipathd/main.c b/multipathd/main.c
index 74f6cd92..fbc3f8da 100644
--- a/multipathd/main.c
+++ b/multipathd/main.c
@@ -1630,7 +1630,7 @@ uev_update_path (struct uevent *uev, struct vectors * vecs)
 				}
 			}
 		}
-		if (auto_resize != AUTO_RESIZE_NEVER &&
+		if (auto_resize != AUTO_RESIZE_NEVER && mpp &&
 		    !mpp->wait_for_udev) {
 			struct pathgroup *pgp;
 			struct path *pp2;

This was my backtrace with 0.9.7:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000558dcf1a2cec in uev_update_path (uev=uev@entry=0x7fe1ac0021d0, vecs=vecs@entry=0x558dd0a2f5b0) at main.c:1656
#1  0x0000558dcf1a32df in uev_trigger (uev=0x7fe1ac0021d0, trigger_data=0x558dd0a2f5b0) at main.c:1828
#2  0x00007fe1b61c3e53 in service_uevq (tmpq=tmpq@entry=0x7fe1b4c939b0) at uevent.c:489
#3  0x00007fe1b61c4799 in uevent_dispatch (uev_trigger=uev_trigger@entry=0x558dcf1a3020 <uev_trigger>, trigger_data=trigger_data@entry=0x558dd0a2f5b0) at uevent.c:581
#4  0x0000558dcf19d4d8 in uevqloop (ap=0x558dd0a2f5b0) at main.c:1857
#5  0x00007fe1b5f7c45e in start_thread (arg=<optimized out>) at pthread_create.c:444
#6  0x00007fe1b6001fc8 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Comment 1 Sam James archtester

2024-02-22 07:00:08 UTC

Feel free to pull it in, thanks!

Comment 2 Larry the Git Cow gentoo-dev

2024-02-22 19:57:55 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5d080387eead3b713ae6e98fb36dda7c0b184c4d

commit 5d080387eead3b713ae6e98fb36dda7c0b184c4d
Author:     Patrick McLean <chutzpah@gentoo.org>
AuthorDate: 2024-02-22 19:57:17 +0000
Commit:     Patrick McLean <chutzpah@gentoo.org>
CommitDate: 2024-02-22 19:57:17 +0000

    sys-fs/multipath-tools: Revbump, fix segfault (bug #925189)
    
    Closes: https://bugs.gentoo.org/925189
    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

 ...ll-pointer-dereference-in-uev_update_path.patch |  28 ++++++
 .../multipath-tools-0.9.7-r1.ebuild                | 103 +++++++++++++++++++++
 2 files changed, 131 insertions(+)