Bug 2058686
| Summary: | df segfault if cannot resolve mount point of --direct argument | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Paulo Andrade <pandrade> | |
| Component: | coreutils | Assignee: | Kamil Dudka <kdudka> | |
| Status: | CLOSED ERRATA | QA Contact: | Radka Brychtova <rskvaril> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 8.5 | CC: | kdudka | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | coreutils-8.30-13.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2059542 (view as bug list) | Environment: | ||
| Last Closed: | 2022-11-08 10:53:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2059542 | |||
| Bug Blocks: | ||||
Sounds like a bug in our downstream patch. Thank you for reporting it! The same command works on RHEL-6. The bug seems to be introduced in this Fedora commit:
https://src.fedoraproject.org/rpms/coreutils/c/bb33bc40ad58cce4bc59c119c4180fdea43e23a1
The behavior of `df --direct` has been incorrect since RHEL-7 also when the file argument was accessible.
el6 $ strace -e statfs df --direct /usr
statfs("/usr", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=4484716, f_bfree=2051743, f_bavail=1822265, f_files=1148304, f_ffree=908509, f_fsid={-169108419, 43772881}, f_namelen=255, f_frsize=4096}) = 0
Filesystem 1K-blocks Used Available Use% File
- 17938864 9731892 7289060 58% /usr
+++ exited with 0 +++
el7 $ strace -e statfs df --direct /usr
statfs("/", {f_type=BTRFS_SUPER_MAGIC, f_bsize=4096, f_blocks=21330562, f_bfree=12613318, f_bavail=11678096, f_files=0, f_ffree=0, f_fsid={val=[2661982033, 1034311026]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
Filesystem 1K-blocks Used Available Use% File
- 85322248 34868976 46712384 43% /
+++ exited with 0 +++
el8 $ strace -e statfs df --direct /usr
statfs("/", {f_type=XFS_SB_MAGIC, f_bsize=4096, f_blocks=39055233, f_bfree=35459353, f_bavail=35459353, f_files=78118400, f_ffree=77818477, f_fsid={val=[0xfd02, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
Filesystem 1K-blocks Used Available Use% File
- 156220932 14383520 141837412 10% /
+++ exited with 0 +++
Fedora commits: https://src.fedoraproject.org/rpms/coreutils/c/c25beef1ca94b1a34b2fe5ffa91dfe39965e1f6a?branch=rawhide https://src.fedoraproject.org/rpms/coreutils/c/c25beef1ca94b1a34b2fe5ffa91dfe39965e1f6a?branch=f36 https://src.fedoraproject.org/rpms/coreutils/c/85fa418a5a02242147e10f8561ffe9ff5357263c?branch=f35 https://src.fedoraproject.org/rpms/coreutils/c/964f7a01a59ce9038d7c7467f8f790b1d7c30ff7?branch=f34 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (coreutils bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7758 |
Sample reproducer, as normal user run: $ df --direct /root Program received signal SIGSEGV, Segmentation fault. 0x00000000004092ea in quotearg_buffer_restyled (buffer=buffer@entry=0x618720 <slot0> "‘/root’", buffersize=buffersize@entry=256, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, quoting_style=locale_quoting_style, flags=flags@entry=1, quote_these_too=quote_these_too@entry=0x6185a8 <quote_quoting_options+8>, left_quote=0x413a1e "‘", right_quote=0x413a13 "’") at lib/quotearg.c:343 343 for (i = 0; ! (argsize == SIZE_MAX ? arg[i] == '\0' : i == argsize); i++) (gdb) bt #0 0x00000000004092ea in quotearg_buffer_restyled (buffer=buffer@entry=0x618720 <slot0> "‘/root’", buffersize=buffersize@entry=256, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, quoting_style=locale_quoting_style, flags=flags@entry=1, quote_these_too=quote_these_too@entry=0x6185a8 <quote_quoting_options+8>, left_quote=0x413a1e "‘", right_quote=0x413a13 "’") at lib/quotearg.c:343 #1 0x0000000000409d0d in quotearg_n_options (n=n@entry=0, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, options=options@entry=0x6185a0 <quote_quoting_options>) at lib/quotearg.c:802 #2 0x000000000040a3fc in quote_n_mem (n=n@entry=0, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615) at lib/quotearg.c:949 #3 0x000000000040a41c in quote_n (n=n@entry=0, arg=arg@entry=0x0) at lib/quotearg.c:961 #4 0x000000000040a42a in quote (arg=arg@entry=0x0) at lib/quotearg.c:967 #5 0x0000000000404845 in get_dev (disk=disk@entry=0x0, mount_point=mount_point@entry=0x0, file=file@entry=0x61de60 "/root", stat_file=stat_file@entry=0x0, fstype=fstype@entry=0x0, me_dummy=me_dummy@entry=false, me_remote=me_remote@entry=false, force_fsu=force_fsu@entry=0x0, process_all=process_all@entry=false) at src/df.c:951 #6 0x0000000000403064 in get_entry (statp=0x61c380, name=0x7fffffffe4a5 "/root") at src/df.c:1370 #7 main (argc=3, argv=<optimized out>) at src/df.c:1747 The problem is incorrect handling of the condition of not being able to resolve the mount point of the file/path argument. This should be a minor issue, and has several way to fix it. Probably the proper way is to use another approach in the find_mount_point function, to not need to chdir to path components, and/or use something like realpath to then get the stat of the directory of the --direct argument. A simple fix would be to just not segfault and handle the NULL return from find_mount_point as well as the other NULL values, due to --direct usage.