On Tue, Mar 02, 2021 at 09:39:15AM +0000, Stuart Henderson wrote:
> putting sr_validate_io+0x44 at the xs->datalen dereference,
>
> 4580 if (sd->sd_vol_status == BIOC_SVOFFLINE) {
> 4581 DNPRINTF(SR_D_DIS, "%s: %s device offline\n",
> 4582 DEVNAME(sd->sd_sc), func);
> 4583 goto bad;
> 4584 }
> 4585
> 4586 if (xs->datalen == 0) {
> 4587 printf("%s: %s: illegal block count for %s\n",
> 4588 DEVNAME(sd->sd_sc), func, sd->sd_meta->ssd_devname) ;
> 4589 goto bad;
> 4590 }
>
> ...so null/invalid xs?
Yes, I've looked at this function already and I think a bad deref of xs
is the only reasonable explanation. But we don't know how that happens.
No comments:
Post a Comment