Date: Thu, 27 Sep 2012 18:53:59 +0000 (UTC) From: Mikolaj Golub <trociny@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r241006 - stable/7/usr.sbin/bsnmpd/modules/snmp_hostres Message-ID: <201209271853.q8RIrxkL076865@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trociny Date: Thu Sep 27 18:53:59 2012 New Revision: 241006 URL: http://svn.freebsd.org/changeset/base/241006 Log: MFC r240595: In snmp_hostres, device_map table is used for consistent device table indexing. When a device has gone it is not removed from device_map table but just its entry_p field is set to NULL. So when traversing device_map in disk_OS_get_ATA_disks() and disk_OS_get_MD_disks() check for entry_p being NULL, otherwise the bsnmpd crash is possible when a removed map entry is dereferenced. Before the fix, for disk_OS_get_ATA_disks() the crash could be easily reproduced running: atacontrol detach ata1 The crash was not observed in disk_OS_get_MD_disks() because currently snmp_hostres does no see md(4) disks: to get the device list it uses devinfo(3), which does not return md devices. Reported by: Miroslav Lachman 000.fbsd quip.cz Modified: stable/7/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c Directory Properties: stable/7/usr.sbin/bsnmpd/ (props changed) Modified: stable/7/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c ============================================================================== --- stable/7/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c Thu Sep 27 18:52:15 2012 (r241005) +++ stable/7/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c Thu Sep 27 18:53:59 2012 (r241006) @@ -287,6 +287,9 @@ disk_OS_get_ATA_disks(void) /* Walk over the device table looking for ata disks */ STAILQ_FOREACH(map, &device_map, link) { + /* Skip deleted entries. */ + if (map->entry_p == NULL) + continue; for (found = lookup; found->media != DSM_UNKNOWN; found++) { if (strncmp(map->name_key, found->dev_name, strlen(found->dev_name)) != 0) @@ -342,6 +345,9 @@ disk_OS_get_MD_disks(void) /* Look for md devices */ STAILQ_FOREACH(map, &device_map, link) { + /* Skip deleted entries. */ + if (map->entry_p == NULL) + continue; if (sscanf(map->name_key, "md%d", &unit) != 1) continue;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209271853.q8RIrxkL076865>