In snmp_hostres, device_map table is used for consistent device table

indexing. When a device has gone it is not removed from device_map table but just its entry_p field is set to NULL. So when traversing device_map in disk_OS_get_ATA_disks() and disk_OS_get_MD_disks() check for entry_p being NULL, otherwise the bsnmpd crash is possible when a removed map entry is dereferenced. Before the fix, for disk_OS_get_ATA_disks() the crash could be easily reproduced running: atacontrol detach ata1 The crash was not observed in disk_OS_get_MD_disks() because currently snmp_hostres does no see md(4) disks: to get the device list it uses devinfo(3), which does not return md devices. Reported by: Miroslav Lachman 000.fbsd quip.cz MFC after: 1 week
svn path=/head/; revision=240595
2012-09-17 07:32:53 +00:00 · 2012-09-17 07:32:53 +00:00 · 16c3b091ae · 2020-12-20 02:59:44 +00:00
commit 16c3b091ae
parent a7dc3573ca
1 changed files with 6 additions and 0 deletions
--- a/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c
+++ b/usr.sbin/bsnmpd/modules/snmp_hostres/hostres_diskstorage_tbl.c
@ -287,6 +287,9 @@ disk_OS_get_ATA_disks(void)

 	/* Walk over the device table looking for ata disks */
 	STAILQ_FOREACH(map, &device_map, link) {
+		/* Skip deleted entries. */
+		if (map->entry_p == NULL)
+			continue;
 		for (found = lookup; found->media != DSM_UNKNOWN; found++) {
 			if (strncmp(map->name_key, found->dev_name,
 			    strlen(found->dev_name)) != 0)
@ -345,6 +348,9 @@ disk_OS_get_MD_disks(void)

 	/* Look for md devices */
 	STAILQ_FOREACH(map, &device_map, link) {
+		/* Skip deleted entries. */
+		if (map->entry_p == NULL)
+			continue;
 		if (sscanf(map->name_key, "md%d", &unit) != 1)
 			continue;