NetBSD Problem Report #39783

From Wolfgang.Stukenbrock@nagler-company.com  Wed Oct 22 09:02:29 2008
Return-Path: <Wolfgang.Stukenbrock@nagler-company.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 12ECC63B93C
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 22 Oct 2008 09:02:29 +0000 (UTC)
Message-Id: <20081022090225.624734EAA14@s012.nagler-company.com>
Date: Wed, 22 Oct 2008 11:02:25 +0200 (CEST)
From: Wolfgang.Stukenbrock@nagler-company.com
Reply-To: Wolfgang.Stukenbrock@nagler-company.com
To: gnats-bugs@gnats.NetBSD.org
Subject: raidframe autoconfig failed to cleanup correctly if out of memory
X-Send-Pr-Version: 3.95

>Number:         39783
>Category:       kern
>Synopsis:       raidframe autoconfig failed to cleanup correctly if out of memory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    oster
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 22 09:05:00 +0000 2008
>Last-Modified:  Wed Oct 22 10:32:10 +0000 2008
>Originator:     Wolfgang Stukenbrock
>Release:        NetBSD 4.0
>Organization:
Dr. Nagler & Company GmbH
>Environment:


System: NetBSD s012 4.0 NetBSD 4.0 (NSW-S012) #1: Thu Sep 11 12:21:03 CEST 2008 root@s012:/usr/src/sys/arch/amd64/compile/NSW-S012 amd64
Architecture: x86_64
Machine: amd64
>Description:
	In /usr/src/sys/dev/raidframe/rf_netbsdkintf.c in function rf_get_component() around line 2760,
	if a malloc fails, the routine just frees all priviously allocated memory for the auto-config list
	but it does not close and free the vnode strutures, that are stored in this list.
	There are two possible way to fix this.
	1. do the suggested panic instead of freein everything
	2. close and free the vnodes from the list.
>How-To-Repeat:
	Not relevant - found by a look into the sources.
>Fix:
	Due to the fact, that this problem would only be relevant if there are more raid devices than the memory can hold,
	this error should never happen on any system.
	The caller of rf_get_component() does not check the result. This will lead to an incomplete list on alloc-problems
	that will be processs as if no error has happend.
	Therefore I would suggest to place a call to panic() here.
	Otherwise the code fragment at the end of the routine with "vn_lock(); VOP_CLOSE(), vput()" needs to be added
	in the while loop that frees all data structures.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->oster
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Wed, 22 Oct 2008 10:32:10 +0000
Responsible-Changed-Why:
Over to the raidframe guy...


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.