[RTEMS Project] #3601: Block device disk management implementation can underflow rtems_disk_device.uses

RTEMS trac trac at rtems.org
Mon Nov 12 01:35:03 UTC 2018


#3601: Block device disk management implementation can underflow
rtems_disk_device.uses
---------------------------+--------------------
  Reporter:  Kevin Gordon  |      Owner:  (none)
      Type:  defect        |     Status:  new
  Priority:  normal        |  Milestone:  5.1
 Component:  admin         |    Version:  5
  Severity:  normal        |   Keywords:
Blocked By:                |   Blocking:
---------------------------+--------------------
 The source file discdevs.c contains logic error with regard to a
 rtems_disk_device.uses member, in that the .uses value can underflow and
 wrap-around because this member is unsigned and the implementation does
 not check for a current value of 0.

 Case in point, see diskdevs.c line 373:

 physical_disk->uses -= deleted_count;

 If deleted_count is greater than physical_disk->uses, e.g.
 physical_disk->uses is 0 and deleted_count is 1, physical_disk->uses will
 underflow. There are other references to the uses member that can result
 in errors, e.g., line 448:

 uses = --dd->uses;

 We discovered this bug via a unit-test that creates multiple RAM disks and
 then attempts to delete them, without any uses, resulting in RTEMS errors
 because the **uses** member had wrapped around. To circumvent this bug, we
 had to force the **uses** member to a value of 1 prior to calling
 rtems_disk_release(), which then successfully deleted the RAM disks via
 rtems_disk_delete(), otherwise the results cascaded into error situations
 that were undesirable.

--
Ticket URL: <http://devel.rtems.org/ticket/3601>
RTEMS Project <http://www.rtems.org/>
RTEMS Project


More information about the bugs mailing list