[RTEMS Project] #3601: Block device disk management implementation can underflow rtems_disk_device.uses
RTEMS trac
trac at rtems.org
Mon Nov 12 01:35:03 UTC 2018
#3601: Block device disk management implementation can underflow
rtems_disk_device.uses
---------------------------+--------------------
Reporter: Kevin Gordon | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone: 5.1
Component: admin | Version: 5
Severity: normal | Keywords:
Blocked By: | Blocking:
---------------------------+--------------------
The source file discdevs.c contains logic error with regard to a
rtems_disk_device.uses member, in that the .uses value can underflow and
wrap-around because this member is unsigned and the implementation does
not check for a current value of 0.
Case in point, see diskdevs.c line 373:
physical_disk->uses -= deleted_count;
If deleted_count is greater than physical_disk->uses, e.g.
physical_disk->uses is 0 and deleted_count is 1, physical_disk->uses will
underflow. There are other references to the uses member that can result
in errors, e.g., line 448:
uses = --dd->uses;
We discovered this bug via a unit-test that creates multiple RAM disks and
then attempts to delete them, without any uses, resulting in RTEMS errors
because the **uses** member had wrapped around. To circumvent this bug, we
had to force the **uses** member to a value of 1 prior to calling
rtems_disk_release(), which then successfully deleted the RAM disks via
rtems_disk_delete(), otherwise the results cascaded into error situations
that were undesirable.
--
Ticket URL: <http://devel.rtems.org/ticket/3601>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list