1dc728923Sopenharmony_ciFrom 66ecb6abe5d2c74191bb4bc24f3da036e5fa1213 Mon Sep 17 00:00:00 2001 2dc728923Sopenharmony_ciFrom: Zhiqiang Liu <liuzhiqiang26@huawei.com> 3dc728923Sopenharmony_ciDate: Mon, 5 Sep 2022 19:16:03 +0800 4dc728923Sopenharmony_ciSubject: [PATCH] tune2fs: fix tune2fs segfault when ext2fs_run_ext3_journal() 5dc728923Sopenharmony_ci fails 6dc728923Sopenharmony_ci 7dc728923Sopenharmony_ciWhen ext2fs_run_ext3_journal() fails, tune2fs cmd will occur one 8dc728923Sopenharmony_cisegfault problem as follows. 9dc728923Sopenharmony_ci(gdb) bt 10dc728923Sopenharmony_ci#0 0x00007fdadad69917 in ext2fs_mmp_stop (fs=0x0) at mmp.c:405 11dc728923Sopenharmony_ci#1 0x0000558fa5a9365a in main (argc=<optimized out>, argv=<optimized out>) at tune2fs.c:3440 12dc728923Sopenharmony_ci 13dc728923Sopenharmony_cimisc/tune2fs.c: 14dc728923Sopenharmony_cimain() 15dc728923Sopenharmony_ci -> ext2fs_open2(&fs) 16dc728923Sopenharmony_ci -> ext2fs_mmp_start 17dc728923Sopenharmony_ci ...... 18dc728923Sopenharmony_ci -> retval = ext2fs_run_ext3_journal(&fs) 19dc728923Sopenharmony_ci -> if (retval) 20dc728923Sopenharmony_ci // if ext2fs_run_ext3_journal fails, close and free fs. 21dc728923Sopenharmony_ci -> ext2fs_close_free(&fs) 22dc728923Sopenharmony_ci -> rc = 1 23dc728923Sopenharmony_ci -> goto closefs 24dc728923Sopenharmony_ci ...... 25dc728923Sopenharmony_ciclosefs: 26dc728923Sopenharmony_ci -> if (rc) 27dc728923Sopenharmony_ci -> ext2fs_mmp_stop(fs) // fs has been set to NULL, boom!! 28dc728923Sopenharmony_ci -> (ext2fs_close_free(&fs) ? 1 : 0); // close and free fs 29dc728923Sopenharmony_ci 30dc728923Sopenharmony_ciIn main() of tune2fs cmd, if ext2fs_run_ext3_journal() fails, 31dc728923Sopenharmony_ciwe should set rc=1 and goto closefs tag, in which will release fs 32dc728923Sopenharmony_ciresource. 33dc728923Sopenharmony_ci 34dc728923Sopenharmony_ciFix: a2292f8a5108 ("tune2fs: reset MMP state on error exit") 35dc728923Sopenharmony_ciSigned-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> 36dc728923Sopenharmony_ciSigned-off-by: zhanchengbin <zhanchengbin1@huawei.com> 37dc728923Sopenharmony_ciSigned-off-by: Theodore Ts'o <tytso@mit.edu> 38dc728923Sopenharmony_ci--- 39dc728923Sopenharmony_ci misc/tune2fs.c | 2 -- 40dc728923Sopenharmony_ci 1 file changed, 2 deletions(-) 41dc728923Sopenharmony_ci 42dc728923Sopenharmony_cidiff --git a/misc/tune2fs.c b/misc/tune2fs.c 43dc728923Sopenharmony_ciindex a7ff16de..98e38983 100644 44dc728923Sopenharmony_ci--- a/misc/tune2fs.c 45dc728923Sopenharmony_ci+++ b/misc/tune2fs.c 46dc728923Sopenharmony_ci@@ -3106,8 +3106,6 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n" 47dc728923Sopenharmony_ci com_err("tune2fs", retval, 48dc728923Sopenharmony_ci "while recovering journal.\n"); 49dc728923Sopenharmony_ci printf(_("Please run e2fsck -fy %s.\n"), argv[1]); 50dc728923Sopenharmony_ci- if (fs) 51dc728923Sopenharmony_ci- ext2fs_close_free(&fs); 52dc728923Sopenharmony_ci rc = 1; 53dc728923Sopenharmony_ci goto closefs; 54dc728923Sopenharmony_ci } 55dc728923Sopenharmony_ci-- 56dc728923Sopenharmony_ci2.33.0 57dc728923Sopenharmony_ci 58