Date: Tue, 07 May 2024 08:44:52 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 278828] panic when writing to geli device after running attach twice Message-ID: <bug-278828-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D278828 Bug ID: 278828 Summary: panic when writing to geli device after running attach twice Product: Base System Version: 14.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: mail@fbsd2.e4m.org kernel panics if we have no geli devices attached, attach a device, try to attach it again (which fails) and then write to (the attached) .eli. Steps to reproduce: kldload geom_eli.ko dd if=3D/dev/zero of=3D/tmp/testcrash bs=3D64k count=3D160 mdconfig -a -t vnode -f /tmp/testcrash geli init -P -K /bin/ls /dev/md0 geli attach -k /bin/ls -p /dev/md0 geli attach -k /bin/ls -p /dev/md0 (this fails) newfs /dev/md0.eli !!! Crash !!! The second "geli attach" makes g_eli_create() die at this point: ... dcw =3D (sc->sc_flags & G_ELI_FLAG_RO) ? 0 : 1; error =3D g_access(cp, 1, dcw, 1); if (error !=3D 0) { ... goto failed; } ... ... g_eli_init_uma(); ... failed: ... g_eli_fini_uma(); ... g_eli_fini_uma() will find geli_devs being set to 1 (because we already have a device attached but have not called g_eli_init_uma() in this context), decrements it and calls g_eli_destroy_uma(). So we will be left with g_eli_uma being NULL despite the fact that we still have a device attached. I don't know the correct fix. I changed g_eli_create() so it calls g_eli_fini_uma() only if it has called g_eli_init_uma() before. This seems to work... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-278828-227>