[Stgt-devel] Segmentation fault on target update operation
Robert Jennings
rcj
Thu Mar 8 22:21:11 CET 2007
In a case where the target driver doesn't have a target_update() method
defined tgtadm will segfault with a command-line like:
# tgtadm --lld ibmvio --mode target --op update --tid=1 --name=invalid \
--value=3
The name will not match "state" in mgmt.c:target_mgmt(...) for
OP_UPDATE and because there is no target_update() function for the
driver -EINVAL (-22) is returned to tgtadm.c:ipc_mgmt_rsp(...) and
stored in rsp.err where it then attempts:
eprintf("%s\n", tgtadm_emsg[rsp.err]);
This cause a segfault in strlen(). So we could catch a value of -EINVAL
and use one of the existing strings in tgtadm_emsg or add a new one.
Not sure which is best suited for the job, "invalid request" or "unknown
parameter" would seem to fit for this case, but maybe not everything
you'd get -EINVAL for.
Regards,
Robert Jennings
--- usr.orig/tgtadm.c 2007-03-08 15:09:45.000000000 -0600
+++ usr/tgtadm.c 2007-03-08 15:11:27.000000000 -0600
@@ -202,6 +202,8 @@
}
if (rsp.err != TGTADM_SUCCESS) {
+ if (rsp.err == -EINVAL)
+ rsp.err = 15; /* "invalid request" */
eprintf("%s\n", tgtadm_emsg[rsp.err]);
return EINVAL;
}
More information about the stgt
mailing list