Mateusz Kusiak [Mon, 2 Jan 2023 08:35:16 +0000 (09:35 +0100)]
Fix --update-subarray on active volume
Options: bitmap, ppl and name should not be updated when array is active.
Those features are mutually exclusive and share the same data area in IMSM (danger of overwriting by kernel).
Remove check for active subarrays from super-intel.
Since ddf is not supported, apply it globally for all options.
Mateusz Kusiak [Mon, 2 Jan 2023 08:35:15 +0000 (09:35 +0100)]
mdadm: Add option validation for --update-subarray
Subset of options available for "--update" is not same as for "--update-subarray".
Define maps and enum for update options and use them instead of direct comparisons.
Add proper error message.
Fix segfault commit [1] introduced check whether given device is
mddevice, but it happend to terminate Mdmonitor if at least one of given
devices didn't fulfill that condition. In result Mdmonitor service was
no longer started on boot (with --scan option) when config contained some
non-existent array entry.
This commit introduces ommiting non-md devices so scan option can still
be used when config is wrong and allow Mdmonitor service to run on boot.
Giving a list of devices to monitor containing non-existing or
non-md devices will result in monitoring only confirmed mddevices.
Mateusz Kusiak [Thu, 18 Aug 2022 09:47:21 +0000 (11:47 +0200)]
Manage: Block unsafe member failing
Kernel may or may not block mdadm from removing member device if it
will cause arrays failed state. It depends on raid personality
implementation in kernel.
Add verification on requested removal path (#mdadm --set-faulty
command).
NeilBrown [Thu, 25 Aug 2022 22:55:56 +0000 (08:55 +1000)]
super1: report truncated device
When the metadata is at the start of the device, it is possible that it
describes a device large than the one it is actually stored on. When
this happens, report it loudly in --examine.
....
Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
State : clean TRUNCATED DEVICE
....
Also report in --assemble so that the failure which the kernel will
report will be explained.
mdadm: Device /dev/sdb is not large enough for data described in superblock
mdadm: no RAID superblock on /dev/sdb
mdadm: /dev/sdb has no superblock - assembly aborted
Scenario can be demonstrated as follows:
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md/test started.
mdadm: stopped /dev/md/test
Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
State : clean TRUNCATED DEVICE
Unused Space : before=1968 sectors, after=-2047 sectors DEVICE TOO SMALL
State : clean TRUNCATED DEVICE
Kinga Tanska [Fri, 19 Aug 2022 00:55:46 +0000 (02:55 +0200)]
Assemble: check if device is container before scheduling force-clean update
Up to now using assemble with force flag making each array as clean.
Force-clean should not be done for the container. This commit add
check if device is different than container before cleaning.
Grow_reshape should be split into helper functions given its size.
- Add helper function for preparing reshape on external metadata.
- Close cfd file descriptor.
mdadm: Don't open md device for CREATE and ASSEMBLE
The mdadm command tries to open the md device for most modes, first
thing, no matter what. When running to create or assemble an array,
in most cases, the md device will not exist, the open call will fail
and everything will proceed correctly.
However, when running tests, a create or assembly command may be run
shortly after stopping an array and the old md device file may still
be around. Then, if create_on_open is set in the kernel, a new md
device will be created when mdadm does its initial open.
When mdadm gets around to creating the new device with the new_array
parameter it issues this error:
mdadm: Fail to create md0 when using
/sys/module/md_mod/parameters/new_array, fallback to creation via node
This is because an mddev was already created by the kernel with the
earlier open() call and thus the new one being created will fail with
EEXIST. The mdadm command will still successfully be created due to
falling back to the node creation method. However, the error message
itself will fail any test that's running it.
This issue is a race condition that is very rare, but a recent change
in the kernel caused this to happen more frequently: about 1 in 50
times.
To fix this, don't bother trying to open the md device for CREATE,
ASSEMBLE and BUILD commands, as the file descriptor will never be used
anyway even if it is successfully openned. The mdfd has not been used
for these commands since:
7f91af49ad09 ("Delay creation of array devices for assemble/build/create")
The checks that were done on the open device can be changed to being
done with stat.
Side note: it would be nice to disable create_on_open as well to help
solve this, but it seems the work for this was never finished. By default,
mdadm will create using the old node interface when a name is specified
unless the user specifically puts names=yes in a config file, which
doesn't seem to be common or desirable to require this..
Current behavior is not documented and tested. This test is a base for
future improvements. It is enough to test it only with native metadata,
because it is generic code. Generated properties are passed to metadata
handler.
Mateusz Grzonka [Fri, 12 Aug 2022 14:36:02 +0000 (16:36 +0200)]
mdadm: Replace obsolete usleep with nanosleep
According to POSIX.1-2001, usleep is considered obsolete.
Replace it with a wrapper that uses nanosleep, as recommended in man.
Add handy macros for conversions between msec, usec and nsec.
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:19 +0000 (14:25 -0600)]
tests: Add broken files for all broken tests
Each broken file contains the rough frequency of brokeness as well
as a brief explanation of what happens when it breaks. Estimates
of failure rates are not statistically significant and can vary
run to run.
This is really just a view from my window. Tests were done on a
small VM with the default loop devices, not real hardware. We've
seen different kernel configurations can cause bugs to appear as well
(ie. different block schedulers). It may also be that different race
conditions will be seen on machines with different performance
characteristics.
These annotations were done with the kernel currently in md/md-next:
facef3b96c5b ("md: Notify sysfs sync_completed in md_reap_sync_thread()")
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:18 +0000 (14:25 -0600)]
mdadm/test: Mark and ignore broken test failures
Add functionality to continue if a test marked as broken fails.
To mark a test as broken, a file with the same name but with the suffix
'.broken' should exist. The first line in the file will be printed with
a KNOWN BROKEN message; the rest of the file can describe the how the
test is broken.
Also adds --skip-broken and --skip-always-broken to skip all the tests
that have a .broken file or to skip all tests whose .broken file's first
line contains the keyword always.
tests/04update-metadata: avoid passing chunk size to raid1
'04update-metadata' test fails with error, "specifying chunk size is
forbidden for this level" added by commit, 5b30a34aa4b5e. Hence,
correcting the test to ignore passing chunk size to raid1.
Some of the test cases fail because raid0 creation fails with the error,
"0.90 metadata does not support layouts for RAID0" added by commit, 329dfc28debb. Fix some of the test cases by switching from raid0 to
linear level for 0.9 metadata where possible.
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:11 +0000 (14:25 -0600)]
mdadm: Fix mdadm -r remove option regression
The commit noted below globally adds a parameter to the -r option but missed
the fact that -r is used for another purpose: --remove.
After that commit, a command such as:
mdadm /dev/md0 -r /dev/loop0
will do nothing seeing the device parameter will be consumed as a
argument to the -r option; thus, there will only be one device
seen one the command line, devs_found will only be 1 and nothing will
happen.
This caused the 01r5integ and 01raid6integ tests to hang indefinitely
as mdadm did not remove the failed device. With the device not removed,
it would not be readded. Then the loop waiting for the array status to
change would loop forever.
This commit was recently reverted, but the legitimate fix for the
monitor operations was still not fixed. So add specific monitor
short ops to re-fix the --monitor -r option.
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:10 +0000 (14:25 -0600)]
monitor: Avoid segfault when calling NULL get_bad_blocks
Not all struct superswitch implement a get_bad_blocks() function,
yet mdmon seems to call it without checking for NULL and thus
occasionally segfaults in the test 10ddf-geometry.
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:09 +0000 (14:25 -0600)]
mdadm/Grow: Fix use after close bug by closing after fork
The test 07reshape-grow fails most of the time. But it succeeds around
1 in 5 times. When it does succeed, it causes the tests to die because
mdadm has segfaulted.
The segfault was caused by mdadm attempting to repoen a file
descriptor that was already closed. The backtrace of the segfault
was:
#0 __strncmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:101
#1 0x000056146e31d44b in devnm2devid (devnm=0x0) at util.c:956
#2 0x000056146e31dab4 in open_dev_flags (devnm=0x0, flags=0)
at util.c:1072
#3 0x000056146e31db22 in open_dev (devnm=0x0) at util.c:1079
#4 0x000056146e3202e8 in reopen_mddev (mdfd=4) at util.c:2244
#5 0x000056146e329f36 in start_array (mdfd=4,
mddev=0x7ffc55342450 "/dev/md0", content=0x7ffc55342860,
st=0x56146fc78660, ident=0x7ffc55342f70, best=0x56146fc6f5d0,
bestcnt=10, chosen_drive=0, devices=0x56146fc706b0, okcnt=5,
sparecnt=0, rebuilding_cnt=0, journalcnt=0, c=0x7ffc55342e90,
clean=1, avail=0x56146fc78720 "\001\001\001\001\001",
start_partial_ok=0, err_ok=0, was_forced=0)
at Assemble.c:1206
#6 0x000056146e32c36e in Assemble (st=0x56146fc78660,
mddev=0x7ffc55342450 "/dev/md0", ident=0x7ffc55342f70,
devlist=0x56146fc6e2d0, c=0x7ffc55342e90)
at Assemble.c:1914
#7 0x000056146e312ac9 in main (argc=11, argv=0x7ffc55343238)
at mdadm.c:1510
The file descriptor was closed early in Grow_continue(). The noted commit
moved the close() call to close the fd above the fork which caused the
parent process to return with a closed fd.
This meant reshape_array() and Grow_continue() would return in the parent
with the fd forked. The fd would eventually be passed to reopen_mddev()
which returned an unhandled NULL from fd2devnm() which would then be
dereferenced in devnm2devid.
Fix this by moving the close() call below the fork. This appears to
fix the 07revert-grow test. While we're at it, switch to using
close_fd() to invalidate the file descriptor.
Fixes: 77b72fa82813 ("mdadm/Grow: prevent md's fd from being occupied during delayed time") Cc: Alex Wu <alexwu@synology.com> Cc: BingJing Chang <bingjingc@synology.com> Cc: Danny Shih <dannyshih@synology.com> Cc: ChangSyun Peng <allenpeng@synology.com> Signed-off-by: Logan Gunthorpe <logang@deltatee.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
Logan Gunthorpe [Wed, 22 Jun 2022 20:25:06 +0000 (14:25 -0600)]
Makefile: Don't build static build with everything and everything-test
Running the test suite requires building everything, but it seems to be
difficult to build the static version of mdadm now seeing there
is no readily available static udev library.
The test suite doesn't need the static binary so just don't build it
with the everything or everything-test targets.
Leave the mdadm.static and install-static targets in place in case
someone still has a use case for the static binary.
Monitor: use devname as char array instead of pointer
Device name wasn't filled properly due to incorrect use of strcpy.
Strcpy was used twice. Firstly to fill devname with "/dev/md/"
and then to add chosen name. First strcpy result was overwritten by
second one (as a result <device_name> instead of "/dev/md/<device_name>"
was assigned). This commit changes this implementation to use snprintf
and devname with fixed size.
imsm_create_metadata_update_for_size_change() that returns u_size value
could return 0 in the past. As its behavior changed, and returned value
is always the size of imsm_update_size_change structure, check for
u_size is no longer needed.
Mariusz Tkaczyk [Mon, 20 Jun 2022 16:10:43 +0000 (00:10 +0800)]
imsm: block changing slots during creation
If user specifies drives for array creation, then slot order across
volumes is not preserved.
Ideally, it should be checked in validate_geometry() but it is not
possible in current implementation (order is determined later).
Add verification in add_to_super_imsm_volume() and throw error if
mismatch is detected.
IMSM allows to use only same members within container.
This is not hardware dependency but metadata limitation.
Therefore, 09-imsm-overlap test is removed. Testing it is pointless.
After this patch, creation in this scenario is blocked. Offset
verification is covered in other tests.
Mariusz Tkaczyk [Mon, 20 Jun 2022 16:10:42 +0000 (00:10 +0800)]
imsm: use same slot across container
Autolayout relies on drives order on super->disks list, but
it is not quaranted by readdir() in sysfs_read(). As a result
drive could be put in different slot in second volume.
Make it consistent by reffering to first volume, if exists.
Heming Zhao [Mon, 20 Jun 2022 16:10:40 +0000 (00:10 +0800)]
mdadm/super1: restore commit 45a87c2f31335 to fix clustered slot issue
Commit 9d67f6496c71 ("mdadm:check the nodes when operate clustered
array") modified assignment logic for st->nodes in write_bitmap1(),
which introduced bitmap slot issue:
load_super1 didn't set up supertype.nodes, which made spare disk only
have one slot info. Then it triggered kernel md_bitmap_load_sb to get
wrong bitmap slot data.
For fixing this issue, there are two methods:
1> revert the related code of commit 9d67f6496c71. and restore the code
from former commit 45a87c2f31335 ("super1: add more checks for
NodeNumUpdate option").
st->nodes value would be 0 & 1 under current code logic. i.e.
When adding a spare disk, there is no place to init st->nodes, and
the value is ZERO.
2> keep 9d67f6496c71, add additional ->nodes handling in load_super1(),
let load_super1 to set st->nodes when bitmap is BITMAP_MAJOR_CLUSTERED.
Under current mdadm code logic, load_super1 will be called many
times, any new code in load_super1 will cost mdadm running more time.
And more reason is I prefer as much as possible to limit clustered
code spreading in every corner.
the output of current "mdadm -X /dev/sdc":
(there should be (by default) 4 slot info for correct output)
```
Filename : /dev/sdc
Magic : 6d746962
Version : 5
UUID : a74642f8:a6b1fba8:58e1f8db:cfe7b082
Events : 29
Events Cleared : 0
State : OK
Chunksize : 64 MB
Daemon : 5s flush period
Write Mode : Normal
Sync Size : 306176 (299.00 MiB 313.52 MB)
Bitmap : 5 bits (chunks), 5 dirty (100.0%)
```
And mdadm later operations will trigger kernel output error message:
(triggered by "mdadm -A /dev/md0 /dev/sdb /dev/sdc")
```
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 1
kernel: md-cluster: Could not gather bitmaps from slot 1
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 2
kernel: md-cluster: Could not gather bitmaps from slot 2
kernel: md0: invalid bitmap file superblock: bad magic
kernel: md_bitmap_copy_from_slot can't get bitmap from slot 3
kernel: md-cluster: Could not gather bitmaps from slot 3
kernel: md-cluster: failed to gather all resyn infos
kernel: md0: detected capacity change from 0 to 612352
```
The change from commit mdadm: fix coredump of mdadm
--monitor -r broke the printing of the return message when
passing -r to mdadm --manage, the removal of a device from
an array.
If the current code reverts this commit, both issues are
still fixed.
The original problem reported that the fix tried to address
was: The --monitor -r option requires a parameter,
otherwise a null pointer will be manipulated when
converting to integer data, and a core dump will appear.
The original problem was really fixed with: 60815698c0a Refactor parse_num and use it to parse optarg.
Which added a check for NULL in 'optarg' before moving it
to the 'increments' variable.
New issue: When trying to remove a device using the short
argument -r, instead of the long argument --remove, the
output is empty. The problem started when commit 546047688e1c was added.
Actual results:
Nothing, empty output, nothing happens, the device is still
connected to the array.
The output should have stated "mdadm: hot remove failed
for /dev/vdxx: Device or resource busy", if the device was
still active. Or it should remove the device and print
a message:
mdadm: set /dev/vdd faulty in /dev/md0
mdadm: hot removed /dev/vdd from /dev/md0
The following commit should be reverted as it breaks
mdadm --manage -r.
commit 546047688e1c64638f462147c755b58119cabdc8
Author: Wu Guanghao <wuguanghao3@huawei.com>
Date: Mon Aug 16 15:24:51 2021 +0800
mdadm: fix coredump of mdadm --monitor -r
Mateusz Grzonka [Mon, 13 Jun 2022 09:59:34 +0000 (11:59 +0200)]
Fix possible NULL ptr dereferences and memory leaks
In Assemble there was a NULL check for sra variable,
which effectively didn't stop the execution in every case.
That might have resulted in a NULL pointer dereference.
Also in super-ddf, mu variable was set to NULL for some condition,
and then immidiately dereferenced.
Additionally some memory wasn't freed as well.
Kinga Tanska [Mon, 6 Jun 2022 10:32:12 +0000 (12:32 +0200)]
Mdmonitor: Fix segfault
Mdadm with "--monitor" parameter requires md device
as an argument to be monitored. If given argument is
not a md device, error shall be returned. Previously
it was not checked and invalid argument caused
segmentation fault. This commit adds checking
that devices passed to mdmonitor are md devices.
Coly Li [Tue, 15 Feb 2022 13:34:15 +0000 (21:34 +0800)]
mdadm/systemd: remove KillMode=none from service file
For mdadm's systemd configuration, current systemd KillMode is "none" in
following service files,
- mdadm-grow-continue@.service
- mdmon@.service
This "none" mode is strongly againsted by systemd developers (see man 5
systemd.kill for "KillMode=" section), and is considering to remove in
future systemd version.
As systemd developer explained in disuccsion, the systemd kill process
is,
1. send the signal specified by KillSignal= to the list of processes (if
any), TERM is the default
2. wait until either the target of process(es) exit or a timeout expires
3. if the timeout expires send the signal specified by FinalKillSignal=,
KILL is the default
For "control-group", all remaining processes will receive the SIGTERM
signal (by default) and if there are still processes after a period f
time, they will get the SIGKILL signal.
For "mixed", only the main process will receive the SIGTERM signal, and
if there are still processes after a period of time, all remaining
processes (including the main one) will receive the SIGKILL signal.
From the above comment, currently KillMode=control-group is a proper
kill mode. Since control-gropu is the default kill mode, the fix can be
simply removing KillMode=none line from the service file, then the
default mode will take effect.
Signed-off-by: Coly Li <colyli@suse.de> Cc: Benjamin Brunner <bbrunner@suse.com> Cc: Franck Bui <fbui@suse.de> Cc: Jes Sorensen <jes@trained-monkey.org> Cc: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Cc: Neil Brown <neilb@suse.de> Cc: Xiao Ni <xni@redhat.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Mariusz Tkaczyk [Thu, 20 Jan 2022 12:18:33 +0000 (13:18 +0100)]
mdadm: add map_num_s()
map_num() returns NULL if key is not defined. This patch adds
alternative, non NULL version for cases where NULL is not expected.
There are many printf() calls where map_num() is called on variable
without NULL verification. It works, even if NULL is passed because
gcc is able to ignore NULL argument quietly but the behavior is
undefined. For safety reasons such usages will use map_num_s() now.
It is a potential point of regression.
Lukasz Florczak [Fri, 18 Mar 2022 08:26:06 +0000 (09:26 +0100)]
mdadm: Update config man regarding default files and multi-keyword behavior
Simplify default and alternative config file and directory location references
from mdadm(8) as references to mdadm.conf(5). Add FILE section in config man
and explain order and conditions in which default and alternative config files
and directories are used.
Update config man behavior regarding parsing order when multiple keywords/config
files are involved.
Lukasz Florczak [Fri, 18 Mar 2022 08:26:04 +0000 (09:26 +0100)]
mdadm: Respect config file location in man
Default config file location could differ depending on OS (e.g. Debian family).
This patch takes default config file into consideration when creating mdadm.man
file as well as mdadm.conf.man.
Rename mdadm.conf.5 to mdadm.conf.5.in. Now mdadm.conf.5 is generated automatically.
Lukasz Florczak [Mon, 21 Feb 2022 12:05:20 +0000 (13:05 +0100)]
Replace error prone signal() with sigaction()
Up to this date signal() was used which implementation could vary [1].
Sigaction() call is preferred. This commit introduces replacement
from signal() to sigaction() by the use of signal_s() wrapper.
Also remove redundant signal.h header includes.
Mariusz Tkaczyk [Fri, 14 Jan 2022 15:44:33 +0000 (16:44 +0100)]
udev: adapt rules to systemd v247
New events have been added in kernel 4.14 ("bind" and "unbind").
Systemd maintainer suggests to modify "add|change" branches.
This patches implements their suggestions. There is no issue yet because
new event types are not used in md.
Mateusz Kusiak [Wed, 23 Mar 2022 14:05:19 +0000 (15:05 +0100)]
Grow_reshape: Add r0 grow size error message and update man
Grow size on r0 is not supported for imsm and native metadata.
Add proper error message.
Update man for proper use of --size. Signed-off-by: Mateusz Kusiak <mateusz.kusiak@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Lukasz Florczak [Fri, 25 Mar 2022 11:48:59 +0000 (12:48 +0100)]
mdadm: Fix double free
If there was a size mismatch after creation it would get fixed on grow
in imsm_fix_size_mismatch(), but due to double free "double free or corruption (fasttop)"
error occurs and grow cannot proceed.
Coly Li [Thu, 2 Sep 2021 07:32:20 +0000 (15:32 +0800)]
Monitor: print message before quit for no array to monitor
If there is no array device to monitor, Monitor() will stop monitoring
at line 261 from the following code block,
257 if (!new_found) {
258 if (oneshot)
259 break;
260 else if (!anyredundant) {
261 break;
262 }
This change was introduced by commit 007087d0898a ("Monitor: stop
notifing about containers"). Before this commit, Monitor() will continue
and won't quit even there is no array to monitor.
It is fine to quit without any array device to monitor, but users may
wonder whether there is something wrong with mdadm program or their
configuration to make mdadm quit monitoring.
This patch adds a simple error message to indicate Monitor() quits for
array device to monitor, which makes users have hint to understand why
mdadm stops monitoring.
Reported-by: George Gkioulis <ggkioulis@suse.com> Suggested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Coly Li <colyli@suse.de> Cc: Jes Sorensen <jsorensen@fb.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Blazej Kucman [Fri, 3 Dec 2021 14:31:15 +0000 (15:31 +0100)]
mdadm: block creation with long names
This fixes buffer overflows in create_mddev(). It prohibits
creation with not supported names for DDF and native. For IMSM,
mdadm will do silent cut to 16 later.
imsm: assert if there is migration but prev_map doesn't exist
Verify that prev_map in not null during volume migration.
Practically this case is not possible, device prev_map is being
added if it is in the middle of migration.
Add verification to silence static code analyze errors.
Change error handling for function is_gen_migration() (as well as
values compared with return value from this function) to use boolean
types provided by stdbool.h.
Mariusz Tkaczyk [Tue, 19 Oct 2021 10:07:43 +0000 (12:07 +0200)]
imsm: introduce helpers to manage file descriptors
To avoid direct comparisions define dedicated inlines.
This patch propagates them in super-intel.c. They are declared globally
for future usage outside IMSM.
Additionally, it adds fd check in save_backup_imsm() to remove
code vulnerability and simplifies targets array implementation.
It also propagates pr_vrb() macro instead if (verbose) condidtion.
Xiao Ni [Wed, 27 Oct 2021 12:23:14 +0000 (20:23 +0800)]
mdadm/Detail: Can't show container name correctly when unpluging disks
The test case is:
1. create one imsm container
2. create a raid5 device from the container
3. unplug two disks
4. mdadm --detail /dev/md126
[root@rhel85 ~]# mdadm -D /dev/md126
/dev/md126:
Container : ��, member 0
The Detail function first gets container name by function
map_dev_preferred. Then it tries to find which disks are
available. In patch db5377883fef(It should be FAILED..)
uses map_dev_preferred to find which disks are under /dev.
But now, the major/minor information comes from kernel space.
map_dev_preferred malloc memory and init a device list when
first be called by Detail. It can't find the device in the
list by the major/minor. It free the memory and reinit the
list.
The container name now points to an area tha has been freed.
So the containt is a mess.
This patch replaces map_dev_preferred with access.
Fixes: db5377883fef (It should be FAILED when raid has) Signed-off-by: Xiao Ni <xni@redhat.com> Reported-by: Fine Fan <ffan@redhat.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
Nigel Croxon [Thu, 14 Oct 2021 16:02:00 +0000 (12:02 -0400)]
Fix 2 dc stream buffer
To meet requirements of Common Criteria certification vulnerablility
assessment. Static code analysis has been run and found the following
Error: DC.STREAM_BUFFER (CWE-120): [#def46]
mdadm-4.2: dont_call: "fscanf" assumes an arbitrarily
long string, so callers must use correct precision specifiers or
never use "fscanf".
The change is to define a value for string %s.
V2: Tighten the value in policy.c to match the limit of the metadata.
Add a change to policy_save_path() to use correct precision on the
fscanf call.
Nigel Croxon [Tue, 17 Aug 2021 13:14:48 +0000 (09:14 -0400)]
Fix potential overlap dest buffer
To meet requirements of Common Criteria certification vulnerablility
assessment. Static code analysis has been run and found the following
error. Overlapping_buffer: The source buffer potentially overlaps
with the destination buffer, which results in undefined
behavior for "memcpy".
Nigel Croxon [Mon, 23 Aug 2021 12:48:35 +0000 (08:48 -0400)]
disallow create or grow clustered bitmap with writemostly set
Do not support creating an MD array on a clustered system
(--bitmap=clustered) and disks with the write mostly
(--write-mostly) flag set.
Or do not grow an MD array on a non-clustered bitmap to a
clustered bitmap with disks having the write mostly flag set.
The actual results is the MD array is created successfully.
But the expected results should be a failure with an
error message stating:
Can not set --write-mostly with a clustered bitmap.
and disks marked write-mostly are not supported with clustered bitmap.
V2:
Added the device name in the error message during creation:
mdadm -CR /dev/md0 -l1 --raid-devices=2 /dev/sda --write-mostly /dev/sdb --bitmap=clustered
mdadm: Can not set /dev/sdb --write-mostly with a clustered bitmap.
Added the array name in the error message when growing:
mdadm --grow /dev/md0 --bitmap=clustered
mdadm: /dev/md0 disks marked write-mostly are not supported with clustered bitmap
Nigel Croxon [Wed, 25 Aug 2021 15:30:14 +0000 (11:30 -0400)]
Fix buffer size warning for strcpy
To meet requirements of Common Criteria certification vulnerability
assessment. Static code analysis has been run and found the following
error:
buffer_size_warning: Calling "strncpy" with a maximum size
argument of 16 bytes on destination array "ve->name" of
size 16 bytes might leave the destination string unterminated.
https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html
The change is to make the destination size to fit the allocated size.
V5:
Simplify the the strnlen call.
V4:
Code cleanup of the interim "if" statement.
V3: Doc change only:
The code change from filling ve->name with spaces to filling it with
null-terminated is to comform to the SNIA - Common RAID Disk Data
Format Specification. The format for VD_Name (ve->name) specifies
the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field
MUST be used to determine the Unicode or ASCII format of this field.
If this field is not used, all bytes MUST be set to zero.
V2: Change from zero-terminated to zero-padded on memset and
change from using strncpy to memcpy, feedback from Neil Brown.
Wu Guanghao [Mon, 16 Aug 2021 07:24:51 +0000 (15:24 +0800)]
mdadm: fix coredump of mdadm --monitor -r
The --monitor -r option requires a parameter, otherwise a null pointer will be manipulated
when converting to integer data, and a coredump will appear.
The case when array is already degraded has been omitted
by commit 7b99edab2834 ("Assemble.c: respect force flag.").
Appropriative support has been added now.
Handlers for "run" and "force" have been divided into independent
routines. Especially force has to be as meaningless as possible.
It respects following rules:
- user agrees to start array as degraded (by --run) or is already
degraded
- raid456 module is in use
- some drives are missing (to limit potential abuses)
It doesn't allow to skip resync on dirty, but not degraded array.
This patch cleans up message generation for external array and makes it
consistent. Following code could be reused also for native.
In current implementation assemble_container_content is called once, in
both Incremental or Assembly mode. Thus makes that partial assembly is
not likely to happen. It is possible, but requires user input.
Partial assembly during reshape fails (sysfs_set_array
error - not yet investigated). For now I put FIXME to mark current
logic as known to be buggy because preexist_cnt contains both exp_cnt
and new_cnt which may produce an incorrect message.
Check for new disks and runstop is unnecessary, so has been removed.
This allows to print assemble status in every case, even if nothing new
happens.
Mateusz Grzonka [Mon, 28 Jun 2021 12:15:04 +0000 (14:15 +0200)]
imsm: Fix possible memory leaks and refactor freeing struct dl
Free memory allocated by structs dl and intel_super.
Allow __free_imsm_disk to decide if fd has to be closed and propagate it
across code instead of direct struct dl freeing.
Xiao Ni [Tue, 22 Jun 2021 15:15:55 +0000 (23:15 +0800)]
mdadm: Fix building errors
In util.c, there is a building error:
'/md/metadata_version' directive writing 20 bytes into a
region of size between 0 and 255 [-Werror=format-overflow=]
In mapfile.c
It declares the fouth argument as 'int *' in map_update,
but in mdadm.h it's previously declared as an array 'int[4]'
Signed-off-by: Xiao Ni <xni@redhat.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>