NetBSD Problem Report #39783

From Wolfgang.Stukenbrock@nagler-company.com  Wed Oct 22 09:02:29 2008
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 12ECC63B93C
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 22 Oct 2008 09:02:29 +0000 (UTC)
Message-Id: <20081022090225.624734EAA14@s012.nagler-company.com>
Date: Wed, 22 Oct 2008 11:02:25 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: raidframe autoconfig failed to cleanup correctly if out of memory
X-Send-Pr-Version: 3.95

>Number:         39783
>Category:       kern
>Synopsis:       raidframe autoconfig failed to cleanup correctly if out of memory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    oster
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 22 09:05:00 +0000 2008
>Closed-Date:    Fri Jul 23 21:55:08 +0000 2021
>Last-Modified:  Fri Jul 23 21:55:08 +0000 2021
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 4.0
>Organization:
Dr. Nagler & Company GmbH
>Environment:


System: NetBSD s012 4.0 NetBSD 4.0 (NSW-S012) #1: Thu Sep 11 12:21:03 CEST 2008 root@s012:/usr/src/sys/arch/amd64/compile/NSW-S012 amd64
Architecture: x86_64
Machine: amd64
>Description:
	In /usr/src/sys/dev/raidframe/rf_netbsdkintf.c in function rf_get_component() around line 2760,
	if a malloc fails, the routine just frees all priviously allocated memory for the auto-config list
	but it does not close and free the vnode strutures, that are stored in this list.
	There are two possible way to fix this.
	1. do the suggested panic instead of freein everything
	2. close and free the vnodes from the list.
>How-To-Repeat:
	Not relevant - found by a look into the sources.
>Fix:
	Due to the fact, that this problem would only be relevant if there are more raid devices than the memory can hold,
	this error should never happen on any system.
	The caller of rf_get_component() does not check the result. This will lead to an incomplete list on alloc-problems
	that will be processs as if no error has happend.
	Therefore I would suggest to place a call to panic() here.
	Otherwise the code fragment at the end of the routine with "vn_lock(); VOP_CLOSE(), vput()" needs to be added
	in the while loop that frees all data structures.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->oster
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Wed, 22 Oct 2008 10:32:10 +0000
Responsible-Changed-Why:
Over to the raidframe guy...


State-Changed-From-To: open->closed
State-Changed-By: oster@NetBSD.org
State-Changed-When: Fri, 23 Jul 2021 21:55:08 +0000
State-Changed-Why:
malloc was changed to use PR_WAITOK a few years ago, which takes care
of the issue reported in this PR.  Thanks for the report, and sorry it took so long to resolve!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.