Bug#477175: grub-probe segfaults on LVM with empty PV

Mon Apr 21 15:35:43 UTC 2008

Package: grub-common
Version: 1.96+20080413-1

grub-probe would seg fault on my system which had empty LVM PV's.
When I pvremove the empty PV's grub-probe works.
To clarify the problem occurs when there is a PV that has been created
but not yet assigned to a VG.

GDB output
==========
Program received signal SIGSEGV, Segmentation fault.
grub_memmove (dest=0xbfd617bd, src=0x6, n=38) at
/usr/src/grub2-1.96+20080413/kern/misc.c:43
43              *--d = *--s;
(gdb) bt
#0  grub_memmove (dest=0xbfd617bd, src=0x6, n=38) at
/usr/src/grub2-1.96+20080413/kern/misc.c:43
#1  0x08061c96 in grub_lvm_scan_device (name=0x80a6bc0 "hd0,10") at
/usr/src/grub2-1.96+20080413/disk/lvm.c:317
#2  0x0804b7ce in iterate_partition (disk=0x806e008, partition=0xbfd61ba4)
    at /usr/src/grub2-1.96+20080413/kern/device.c:132
#3  0x0805f62c in pc_partition_map_iterate (disk=0x806e008, hook=0xbfd61cae)
    at /usr/src/grub2-1.96+20080413/partmap/pc.c:153
#4  0x0804e2ef in grub_partition_iterate (hook=0xbfd61cae) at
/usr/src/grub2-1.96+20080413/kern/partition.c:126
#5  0x0804b942 in iterate_disk (disk_name=0xbfd61c52 "hd0") at
/usr/src/grub2-1.96+20080413/kern/device.c:101
#6  0x08049860 in grub_util_biosdisk_iterate (hook=0xbfd61ca4) at
/usr/src/grub2-1.96+20080413/util/biosdisk.c:132
#7  0x0804ba44 in grub_disk_dev_iterate (hook=0xbfd61ca4) at
/usr/src/grub2-1.96+20080413/kern/disk.c:205
#8  0x0804b744 in grub_device_iterate (hook=0x80619b0 <grub_lvm_scan_device>)
    at /usr/src/grub2-1.96+20080413/kern/device.c:138
#9  0x080615b2 in grub_mod_init (mod=0x0) at
/usr/src/grub2-1.96+20080413/disk/lvm.c:576
#10 0x080615d2 in grub_lvm_init () at
/usr/src/grub2-1.96+20080413/disk/lvm.c:574
#11 0x080631b5 in grub_init_all () at grub_probe_init.c:45
#12 0x0804960e in main (argc=Cannot access memory at address 0x2c
) at /usr/src/grub2-1.96+20080413/util/grub-probe.c:356
(gdb) print dest
$26 = (void *) 0xbfd617bd
(gdb) print src
$27 = (const void *) 0x6
(gdb) print (char * ) src
$28 = 0x6 <Address 0x6 out of bounds>
(gdb) print (char * ) dest
$29 = 0xbfd617bd
"�\006\b�\027ֿ`c��@!��\210�\006\b�k\n\b�=\006\b\020\030ֿ\200�\006\b\210�\006\b\006"

Conclusion
=========
Line 316 of grub2-1.96+20080413/disk/lvm.c tries to find the VG id
however the failure of
grub_strstr (q, "id = \"") is not caught... the code expects that
every PV shall be assigned a VG which may not be the case.
316:  p = grub_strstr (q, "id = \"") + sizeof ("id = \"") - 1;

Someone who knows this code better may notice that the problem infact
starts a few lines earlier.. but I'm not sure about that! They might
also know where to jump to to handle the empty PV case properly!

I may be able to provide more debuging/anayisis if helped!

Regards
Alex Owen