[Drbd-dev] [CASE-38] self uuid may be crashed beacuse of garbage bitmap_index value.

Roland Kammerer roland.kammerer at linbit.com
Wed Mar 30 14:15:19 CEST 2016


On Wed, Mar 30, 2016 at 06:18:50PM +0900, Jaeheon Kim wrote:
> Hi,
> 
> There is some suspicious code.
> Please check following code in drbd_uuid_compare.
> 
>  --- code snip start ---
> *rule_nr = 70;
> self = drbd_bitmap_uuid(peer_device) & ~UUID_PRIMARY;
> peer = peer_device->current_uuid & ~UUID_PRIMARY;
> if (self == peer)
> return 2;
> 
> *rule_nr = 72;
> for (i = 0; i < DRBD_NODE_ID_MAX; i++) {
>     if (i == peer_device->node_id)
>           continue;
>     if (i == device->ldev->md.node_id)
>           continue;
> 
> #ifdef
> _WIN32_V9_INSERT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> /* Skip bitmap indexes which are not assigned to a peer. */
>       if (device->ldev->md.peers[i].bitmap_index == -1)
>            continue;
> #endif //
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> 
>      self = device->ldev->md.peers[i].bitmap_uuid & ~UUID_PRIMARY;
>      if (self == peer) {
>           *peer_node_id = i;
>            return 4;
>       }
> }
> ------ code done --------
> 
> If you don't skip undefnded bitmap_index, self uuid will get crashed data.
> So, we insert this skip logic.
> What do you think about it?

on a first look this seems reasonable, but I have to further think about
it and discuss it with my colleagues.

Would be great if you could provide the steps how to trigger that
specific scenario.

Regards, rck


More information about the drbd-dev mailing list