mirror of
git://sourceware.org/git/lvm2.git
synced 2025-01-21 22:04:19 +03:00
0daf9d7ac5
This is a hotfix for a bug introduced in
6d7dc87cb356162f912b13c8a0cd198037c0226b.
The bug description: First we allocate memory for
processing handle (at an address 1) then we
allocate some memory on the same pool for later use
in pvmove_poll function inside the process_each_pv
function (at an address 2). After we jump out of
process_each_pv we called destroy_processing_handle.
As a result of destroying the handle memory pool could
deallocate all memory at address 1 or higher. The
pvmove_poll function tried to copy a memory allocated
at address 2 that could be returned to the system.
If it was so it led to segfault.
We need to rethink proper fix but in the same time
cmd->mem pool is recreated per each lvm command so
this should not cause problems even when we run
multiple commands in lvm shell.
A valgrind snapshot of the corruption:
Invalid read of size 1
at 0x4C29F92: strlen (mc_replace_strmem.c:403)
by 0x5495F2E: dm_pool_strdup (pool.c:51)
by 0x1592A7: _create_id (pvmove.c:774)
by 0x159409: pvmove_poll (pvmove.c:796)
by 0x1599E3: pvmove (pvmove.c:931)
by 0x15105B: lvm_run_command (lvmcmdline.c:1655)
by 0x1523C3: lvm2_main (lvmcmdline.c:2121)
by 0x1754F3: main (lvm.c:22)
Address 0xf15df8a is 138 bytes inside a block of size 8,192 free'd
at 0x4C28430: free (vg_replace_malloc.c:446)
by 0x5494E73: dm_free_wrapper (dbg_malloc.c:357)
by 0x5495DE2: _free_chunk (pool-fast.c:318)
by 0x549561C: dm_pool_free (pool-fast.c:151)
by 0x164451: destroy_processing_handle (toollib.c:1837)
by 0x1598C1: pvmove (pvmove.c:903)
by 0x15105B: lvm_run_command (lvmcmdline.c:1655)
by 0x1523C3: lvm2_main (lvmcmdline.c:2121)
by 0x1754F3: main (lvm.c:22)
This tree contains the LVM2 and device-mapper tools and libraries. For more information about LVM2 read the changelog in the WHATS_NEW file. Installation instructions are in INSTALL. There is no warranty - see COPYING and COPYING.LIB. Tarballs are available from: ftp://sources.redhat.com/pub/lvm2/ The source code is stored in git: http://git.fedorahosted.org/git/lvm2.git git clone git://git.fedorahosted.org/git/lvm2.git Mailing list for general discussion related to LVM2: linux-lvm@redhat.com Subscribe from https://www.redhat.com/mailman/listinfo/linux-lvm Mailing lists for LVM2 development, patches and commits: lvm-devel@redhat.com Subscribe from https://www.redhat.com/mailman/listinfo/lvm-devel lvm2-commits@lists.fedorahosted.org (Read-only archive of commits) Subscribe from https://fedorahosted.org/mailman/listinfo/lvm2-commits Mailing list for device-mapper development, including kernel patches and multipath-tools: dm-devel@redhat.com Subscribe from https://www.redhat.com/mailman/listinfo/dm-devel The source code repository used until 7th June 2012 is accessible here: http://sources.redhat.com/cgi-bin/cvsweb.cgi/LVM2/?cvsroot=lvm2.