mirror of
git://sourceware.org/git/lvm2.git
synced 2025-01-18 10:04:20 +03:00
f94f8463b0
Under certain circumstances, the selection code can segfault: $ vgs --select 'pv_name=~/dev/sda' --unbuffered vg0 VG #PV #LV #SN Attr VSize VFree vg0 6 3 0 wz--n- 744.00m 588.00m Segmentation fault (core dumped) The problem here is the use of --ubuffered together with regex used in selection criteria. If the report output is not buffered, each row is discarded as soon as it is reported. The bug is in the use of report handle's memory - in the example above, what happens is: 1) report handle is initialized together with its memory pool 2) selection tree is initialized from selection criteria string (using the report handle's memory pool!) 2a) this also means the regex is initialized from report handle's mem pool 3) the object (row) is reported 3a) any memory needed for output is intialized out of report handle's mem pool 3b) selection criteria matching is executed - if the regex is checked the very first time (for the very first row reported), some more memory allocation happens as regex allocates internal structures "on-demand", it's allocating from report handle's mem pool (see also step 2a) 4) the report output is executed 5) the object (row) is discarded, meaning discarding all the mem pool memory used since step 3. Now, with step 5) we have discarded the regex internal structures from step 3b. When we execute reporting for another object (row), we're using the same selection criteria (step 3b), but tihs is second time we're using the regex and as such, it's already initialized completely. But the regex is missing the internal structures now as they got discarded in step 5) from previous object (row) reporting (because we're using "unbuffered" reporting). To resolve this issue and to prevent any similar future issues where each object/row memory is discarded after output (the unbuffered reporting) while selection tree is global for all the object/rows, use separate memory pool for report's selection. This patch replaces "struct selection_node *selection_root" in struct dm_report with new struct selection which contains both "selection_root" and "mem" for separate mem pool used for selection. We can change struct dm_report this way as it is not exposed via libdevmapper. (This patch will have even more meaning for upcoming patches where selection is used even for non-reporting commands where "internal" reporting and selection criteria matching happens and where the internal reporting is not buffered.)