summaryrefslogtreecommitdiffstats
path: root/super-ddf.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* mdadm: super-ddf.c fix coverity issuesNigel Croxon2024-07-091-57/+115
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixing the following coding errors the coverity tools found: * Calling "lseek64" without checking return value. This library function may fail and return an error code. * Overrunning array "anchor->pad2" of 3 bytes by passing it to a function which accesses it at byte offset 398 using argument "399UL". * Event leaked_storage: Variable "sra" going out of scope leaks the storage it points to. * Event leaked_storage: Variable "super" going out of scope leaks the storage it points to. * Event leaked_handle: Handle variable "dfd" going out of scope leaks the handle. * Event leaked_storage: Variable "dl1" going out of scope leaks the storage it points to * Event leaked_handle: Handle variable "cfd" going out of scope leaks the handle. * Variable "avail" going out of scope leaks the storage it points to. * Passing unterminated string "super->anchor.revision" to "fprintf", which expects a null-terminated string. * You might overrun the 32-character fixed-size string "st->container_devnm" by copying the return value of "fd2devnm" without checking the length. * Event fixed_size_dest: You might overrun the 33-character fixed-size string "dev->name" by copying "(*d).devname" without checking the length. * Event uninit_use_in_call: Using uninitialized value "info.array.raid_disks" when calling "getinfo_super_ddf" V2: clean up validate_geometry_ddf() routine with Mariusz Tkaczyk recommendations. V3: clean up spaces with Blazej Kucman recommendations. V4: clean up recommended by Mariusz Tkaczyk. V5: clean up recommended by Mariusz Tkaczyk. Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
* add checking of return status on fstat callsNigel Croxon2024-05-211-2/+6
| | | | | | | | There are a few places we don't check the return status when calling fstat for success. Clean up the calls by adding a check before continuing. Signed-off-by: Nigel Croxon <ncroxon@redhat.com>
* mdadm: Fix native --detail --exportMariusz Tkaczyk2024-03-221-5/+5
| | | | | | | | | | | | | | | | Mentioned commit (see Fixes) causes that UUID is not swapped as expected for native superblock. Fix this problem. For detail, we should avoid superblock calls, we can have information about supertype from map, use that. Simplify fname_from_uuid() by removing dependencies to metadata handler, it is not needed. Decision is taken at compile time, expect super1 but this function is not used by super1. Add warning about that. Remove separator, it is always ':'. Fixes: 60c19530dd7c ("Detail: remove duplicated code") Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
* mdadm: set swapuuid in all handlersMariusz Tkaczyk2024-03-221-0/+1
| | | | | | | | | | | | It is not set, so it should be 0 but it may vary on compilation settings. Set it always to 0. metadata should care to set UUID and read in proper endianness so it doesn't follow super1 concept of swapuuid to depend on endianness. It is not an attempt to fix endianness issues. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
* Revert "mdadm: remove container_enough logic"Mariusz Tkaczyk2024-02-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Mentioned patch changes way of IMSM member arrays assembling, they are updated by every new drive incremental processes. Previously, member arrays were created and filled once, by last drive incremental process. We determined regressions with various impact. Unfortunately, initial testing didn't show them. Regressions are connected to drive appearance order and may not be reproducible on every configuration, there are at least two know issues for now: - sysfs attributes are filled using old metadata if there is outdated drive and it is enumerated first. - rebuild may be aborted and started from beginning after reboot, if drive under rebuild is enumerated as the last one. This reverts commit 4dde420fc3e24077ab926f79674eaae1b71de10b. It fixes checkpatch issues and reworks logic to remove empty "if" branch in Incremental. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
* mdadm: remove container_enough logicPawel Piatkowski2023-10-261-1/+0
| | | | | | | | | | | | | | | | Arrays without enough disk count will be assembled but not started. Now RAIDs will be assembled always (even if they are failed). RAID devices in all states will be assembled and exposed to mdstat. This change affects only IMSM (for ddf it wasn't used, container_enough was set to true always). Removed this logic from incremental_container as well with runstop checking because runstop condition is being verified in assemble_container_content function. Signed-off-by: Pawel Piatkowski <pawel.piatkowski@intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* mdadm/ddf: Abort when raid disk is smaller in getinfo_super_ddfXiao Ni2023-10-261-2/+4
| | | | | | | | | | | The metadata is corrupted when the raid_disk<0. So abort directly. This also can avoid a building error: super-ddf.c:1988:58: error: array subscript -1 is below array bounds of ‘struct phys_disk_entry[0]’ Suggested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Ackedy-by: Xiao Ni <xni@redhat.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* Add secure gethostname() wrapperBlazej Kucman2023-09-011-2/+1
| | | | | | | | | | | | gethostname() func does not ensure null-terminated string if hostname is longer than buffer length. For security, a function s_gethostname() has been added to ensure that "\0" is added to the end of the buffer. Previously this had to be handled in each place of the gethostname() call. Signed-off-by: Blazej Kucman <blazej.kucman@intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* mdadm: define DEV_MD_DIRMariusz Tkaczyk2023-05-081-1/+1
| | | | | | | | It is used many times. Additionally define _LEN to avoid repeated strlen() calls when length is needed. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* super-ddf.c: fix memleak in get_vd_num_of_subarray()Wu Guanghao2023-03-081-2/+7
| | | | | | | | | | sra = sysfs_read() should be free before return in get_vd_num_of_subarray() Signed-off-by: Wu Guanghao <wuguanghao3@huawei.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Acked-by: Coly Li <colyli@suse.de> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* super-ddf: Remove update_super_ddf.Mateusz Kusiak2023-01-041-70/+0
| | | | | | | | | This is not supported by ddf. It hides errors by returning success status for some updates. Remove update_super_dff(). Signed-off-by: Mateusz Kusiak <mateusz.kusiak@intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* mdadm: replace container level checking with inlineKinga Tanska2022-09-291-3/+3
| | | | | | | | | To unify all containers checks in code, is_container() function is added and propagated. Signed-off-by: Kinga Tanska <kinga.tanska@intel.com> Acked-by: Coly Li <colyli@suse.de> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* DDF: Fix NULL pointer dereference in validate_geometry_ddf()Logan Gunthorpe2022-08-071-3/+3
| | | | | | | | | | | | | | | A relatively recent patch added a call to validate_geometry() in Manage_add() that has level=LEVEL_CONTAINER and chunk=NULL. This causes some ddf tests to segfault which aborts the test suite. To fix this, avoid dereferencing chunk when the level is LEVEL_CONTAINER or LEVEL_NONE. Fixes: 1f5d54a06df0 ("Manage: Call validate_geometry when adding drive to external container") Signed-off-by: Logan Gunthorpe <logang@deltatee.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* DDF: Cleanup validate_geometry_ddf_container()Logan Gunthorpe2022-08-071-49/+39
| | | | | | | | | | | | Move the function up so that the function declaration is not necessary and remove the unused arguments to the function. No functional changes are intended but will help with a bug fix in the next patch. Signed-off-by: Logan Gunthorpe <logang@deltatee.com> Acked-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
* Fix possible NULL ptr dereferences and memory leaksMateusz Grzonka2022-06-141-2/+7
| | | | | | | | | | | | | In Assemble there was a NULL check for sra variable, which effectively didn't stop the execution in every case. That might have resulted in a NULL pointer dereference. Also in super-ddf, mu variable was set to NULL for some condition, and then immidiately dereferenced. Additionally some memory wasn't freed as well. Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: add map_num_s()Mariusz Tkaczyk2022-04-051-3/+3
| | | | | | | | | | | | | | map_num() returns NULL if key is not defined. This patch adds alternative, non NULL version for cases where NULL is not expected. There are many printf() calls where map_num() is called on variable without NULL verification. It works, even if NULL is passed because gcc is able to ignore NULL argument quietly but the behavior is undefined. For safety reasons such usages will use map_num_s() now. It is a potential point of regression. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Correct checking if file descriptors are validMateusz Grzonka2021-11-241-1/+1
| | | | | | | | In some cases file descriptors equal to 0 are treated as invalid. Fix it. Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Fix buffer size warning for strcpyNigel Croxon2021-10-081-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To meet requirements of Common Criteria certification vulnerability assessment. Static code analysis has been run and found the following error: buffer_size_warning: Calling "strncpy" with a maximum size argument of 16 bytes on destination array "ve->name" of size 16 bytes might leave the destination string unterminated. https://people.redhat.com/ncroxon/mdadm-4.2-rc2-scan-results.html The change is to make the destination size to fit the allocated size. V5: Simplify the the strnlen call. V4: Code cleanup of the interim "if" statement. V3: Doc change only: The code change from filling ve->name with spaces to filling it with null-terminated is to comform to the SNIA - Common RAID Disk Data Format Specification. The format for VD_Name (ve->name) specifies the field to be either ASCII or UNICODE. Bit 2 of the VD_Type field MUST be used to determine the Unicode or ASCII format of this field. If this field is not used, all bytes MUST be set to zero. V2: Change from zero-terminated to zero-padded on memset and change from using strncpy to memcpy, feedback from Neil Brown. Tested-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Nigel Croxon <ncroxon@redhat.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Refactor parse_num and use it to parse optarg.Mateusz Grzonka2021-10-081-9/+8
| | | | | | | | Use parse_num instead of atoi to parse optarg. Replace atoi by strtol. Move inst to int conversion into manage_new. Add better error handling. Signed-off-by: Mateusz Grzonka <mateusz.grzonka@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Use dev_open in validate geometry containerBlazej Kucman2021-07-161-1/+1
| | | | | | | | | | | | Fix regression caused by the patch 1f5d54a06 ("Manage: Call validate_geometry when adding drive to external container") - mdmonitor passes to Manage() routine dev name as min:mjr. The open() used in validate_geometry_container() in both ddf and imsm requires path, replace open calls by dev_open, which allows to use dev path and min:mjr. Signed-off-by: Blazej Kucman <blazej.kucman@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Manage: Call validate_geometry when adding drive to external containerMariusz Tkaczyk2021-05-261-4/+5
| | | | | | | | | | | | When adding drive to container call validate_geometry to verify whether drive is supported and can be addded to container. Remove unused parameters from validate_geometry_imsm_container(). There is no need to pass them. Don't calculate freesize if it is not mandatory. Make it configurable. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* imsm: add verbose flag to compare_superMariusz Tkaczyk2021-03-081-1/+2
| | | | | | | | | | | IMSM does more than comparing metadata and errors reported directly from compare_super_imsm can be useful. Add verbose flag to compare_super method and make all not critical error printing configurable. Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* imsm: pass subarray id to kill_subarray functionBlazej Kucman2020-02-241-1/+1
| | | | | | | | | | | After patch b6180160f ("imsm: save current_vol number") current_vol for imsm is not set and kill_subarray() cannot determine which volume has to be deleted. Volume has to be passed as "subarray_id". The parameter affects only IMSM metadata. Signed-off-by: Blazej Kucman <blazej.kucman@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* imsm: return correct uuid for volume in detailBlazej Kucman2019-12-021-2/+3
| | | | | | | | | | | Fixes the side effect of the patch b6180160f ("imsm: save current_vol number") - wrong UUID is printed in detail for each volume. New parameter "subarray" is added to determine what info should be extracted from metadata (subarray or container). The parameter affects only IMSM metadata. Signed-off-by: Blazej Kucman <blazej.kucman@intel.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Fix spelling typos.Dimitri John Ledkov2019-02-111-1/+1
| | | | | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* super-ddf: Fix gcc-8.1 overflow warningsJes Sorensen2018-05-311-2/+3
| | | | | | | Cast to types that are big enough to hold the values, but also guarantee no overflow of the buffer keepts gcc happy. Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: Fixup != broken formattingJes Sorensen2017-05-161-4/+4
| | | | Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: Fix '==' broken formattingJes Sorensen2017-05-161-8/+8
| | | | Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: Fixup more broken logical operator formattingJes Sorensen2017-05-161-8/+7
| | | | Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: Fixup a large number of bad formatting of logical operatorsJes Sorensen2017-05-161-17/+16
| | | | | | Logical oprators never belong at the beginning of a line. Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* super-ddf: sysfs_read() takes a pointer as device name argumentJes Sorensen2017-05-161-1/+1
| | | | Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm: Uninitialized variable rdevJames Puthukattukaran2017-05-161-1/+1
| | | | | | | rdev is not initialized properly causing compiler complaint. Signed-off-by: James Puthukattukaran <joejames70@gmail.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* mdadm/util: unify stat checking blkdev into functionZhilong Liu2017-05-051-6/+4
| | | | | | | | | | | | declare function stat_is_blkdev() to integrate repeated stat checking blkdev operations, it returns 'true/1' when it is a block device, and returns 'false/0' when it isn't. The devname is necessary parameter, *rdev is optional, parse the pointer of dev_t *rdev, if valid, assigned device number to dev_t *rdev, if NULL, ignores. Signed-off-by: Zhilong Liu <zlliu@suse.com> Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Retire mdassembleJes Sorensen2017-04-111-30/+0
| | | | | | | | mdassemble doesn't handle container based arrays, no support for sysfs, etc. It has not been actively maintained for years, so time to send it off to retirement. Signed-off-by: Jes Sorensen <jsorensen@fb.com>
* Detail: show consistency policyArtur Paszkiewicz2017-03-291-3/+3
| | | | | | | | | Show the currently enabled consistency policy in the output from --detail. Add 3 spaces to all existing items in Detail output to align with "Consistency Policy : ". Signed-off-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com> Signed-off-by: Jes Sorensen <Jes.Sorensen@gmail.com>
* Generic support for --consistency-policy and PPLArtur Paszkiewicz2017-03-291-3/+3
| | | | | | | | | | | | | Add a new parameter to mdadm: --consistency-policy=. It determines how the array maintains consistency in case of unexpected shutdown. This maps to the md sysfs attribute 'consistency_policy'. It can be used to create a raid5 array using PPL. Add the necessary plumbing to pass this option to metadata handlers. The write journal and bitmap functionalities are treated as different policies, which are implicitly selected when using --write-journal or --bitmap options. Signed-off-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com> Signed-off-by: Jes Sorensen <Jes.Sorensen@gmail.com>
* ddf: use 64bit 'size', not 32bit 'info->size' for create.NeilBrown2016-03-101-2/+2
| | | | | | | | | | | | The 'size' field of mdu_disk_info_t is 32bit and should not be used except for legacy ioctls. super-ddf got this wrong :-( This change makes it possible to create ddf arrays which used more than 2TB of each device. Reported-by: Dan Russell <dpr@aol.com> Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Jes Sorensen <Jes.Sorensen@redhat.com>
* DDF: _write_super_to_disk: fix anchor header typeMartin Wilck2015-05-131-0/+1
| | | | | | | | | | | | | Since commit 30bee0201, the anchor is updated from the active DDF header. This requires fixing the header type before the anchor is written. The LSI Software RAID code will reject DDF meta data with wrong anchor type and will erase all meta data when it encounters such a broken anchor. Thus starting Linux md once on a system with LSI RAID BIOS may cause the meta data to get destroyed. Signed-off-by: NeilBrown <neilb@suse.de>
* Don't break long strings onto multiple lines.NeilBrown2015-02-121-18/+9
| | | | | | | | | | | | | | | | | It is best to keep strings all together so that they are easier to search for in the source code. If a string is so long that it looks ugly one line, them maybe it should be broken into multiple lines for display too. Only strings which contain a newline can be broken into multiple lines: "It is OK to\n" "break this string\n" Signed-off-by: NeilBrown <neilb@suse.de>
* Consistently print program Name and __func__ in debug messages.NeilBrown2015-02-121-100/+78
| | | | | | | | | | | | make dprintf() print program name and __func__, so that this messaging is consistent. Also remove all __func__ messages from pr_err(). We shouldn't leak that internal data in error message. If we really want function name there, we new pr_XXX might be wanted. Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: cast print arguments in super-ddf.cGuy Menanteau2014-08-051-2/+4
| | | | | | | | | | | | | | | | | | | | mdadm fails to build on ppc64 and ppc64le architectures. === super-ddf.c: In function '_set_config_size': super-ddf.c:2849:4: error: format '%llx' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' [-Werror=format=] pr_err("%s: %x:%x: workspace size 0x%llx too big, ignoring\n", ^ super-ddf.c:2855:2: error: format '%llx' expects argument of type 'long long unsigned int', but argument 6 has type '__u64' [-Werror=format=] dprintf("%s: %x:%x config_size %llx, DDF structure is %llx blocks\n", ^ cc1: all warnings being treated as errors <builtin>: recipe for target 'super-ddf.o' failed === Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1125883 Signed-off-by: <menantea@linux.vnet.ibm.com> Signed-off-by: Michel Normand <normand@linux.vnet.ibm.com> Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: validate metadata_update size before using it.NeilBrown2014-07-101-2/+8
| | | | | | | | | | | | process_update already checks update->len, for all but the 'magic', prepare_update doesn't at all. So add tests to prepare_update that we don't exceed the buffer. This will consequently protect process_update from looking for a 'magic' which isn't there. Reported-by: Vincent Berg <vberg@ioactive.com> Signed-off-by: NeilBrown <neilb@suse.de>
* mdmon: allow prepare_update to report failure.NeilBrown2014-07-101-3/+5
| | | | | | | | | If 'prepare_update' fails for some reason there is little point continuing on to 'process_update'. For now only malloc failures are caught, but other failures will be considered in future. Signed-off-by: NeilBrown <neilb@suse.de>
* Make sure "make everything" builds again.NeilBrown2014-06-051-1/+3
| | | | Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: remove "BVD xx is missing".NeilBrown2014-05-221-1/+1
| | | | | | | This can happen in normal cases during incremental assembly so printing an error message is confusing. Signed-off-by: NeilBrown <neilb@suse.de>
* mdadm: Do not reimplment offsetofCristian Rodríguez2014-05-221-4/+1
| | | | | | Proper implementations have offsetof in stddef.h Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: remove some pointless code in validate_geometryNeilBrown2014-05-211-9/+1
| | | | | | | | I'm not sure what this was supposed to do, but it isn't needed as creating on a container and on individual devices (in a container) work fine already. Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: remove a FIXME comment that doesn't seem to mean anything.NeilBrown2014-05-211-1/+0
| | | | Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: remove 'FIXME' comment that doesn't need fixing.NeilBrown2014-05-211-2/+3
| | | | | | | It appears this is correct, though for consistency with elsewhere we check that pdnum is not negative. Signed-off-by: NeilBrown <neilb@suse.de>
* DDF: ensure dl->devname is freed when processing a 'delete device' update.NeilBrown2014-05-211-3/+3
| | | | | | | | | | As this code runs in 'monitor' it cannot just free memory, it must add it to a list for 'manager' to free. Fortunate update->space_list exists for just this purpose. dl->devname might be small, so put it in update->space and put dl in update->space_list. Signed-off-by: NeilBrown <neilb@suse.de>