Bug#520637: grub-common: grub-probe tries to scan raid physical volume as lvm physical volume and segfaults because of that

Nikita V. Youshchenko yoush at debian.org
Sat Mar 21 14:07:51 UTC 2009 

Package: grub-common
Version: 1.96+20080724-16
Severity: normal

Today, while installing security updates on a server running Debian Lenny
(amd64), I faced an issue with linux-image-2.6.26-1-amd64 package being
unable to configure.

That was caused by grub-update failure, which in turn was caused by
executeon of 'grub-probe --device-map=/boot/grub/device.map -t device /'
resulting into a segfault.

Program received signal SIGSEGV, Segmentation fault.
0x0000000000406199 in grub_strchr (s=0x0, c=125) at kern/misc.c:241
241       while (*s)
(gdb) where
#0  0x0000000000406199 in grub_strchr (s=0x0, c=125) at kern/misc.c:241
#1  0x00000000004229fa in grub_lvm_scan_device (name=0x17210c0 "hd0,2")
    at disk/lvm.c:524
#2  0x00000000004046ed in iterate_partition (disk=0x1721030,
    partition=0x7fff18bc04d0) at kern/device.c:132
#3  0x000000000041f341 in pc_partition_map_iterate (disk=0x1721030,
    hook=0x7fff18bc064f) at partmap/pc.c:155
#4  0x00000000004080cb in grub_partition_iterate (hook=0x7fff18bc064f)
    at kern/partition.c:124
#5  0x0000000000404781 in iterate_disk (disk_name=0x1721270 "hd0")
    at kern/device.c:101
#6  0x0000000000401ea8 in grub_util_biosdisk_iterate (hook=0x7fff18bc0638)
    at util/biosdisk.c:139
#7  0x0000000000404bde in grub_disk_dev_iterate (hook=0x7fff18bc0638)
    at kern/disk.c:205
#8  0x0000000000404640 in grub_device_iterate (
    hook=0x421ed0 <grub_lvm_scan_device>) at kern/device.c:138
#9  0x0000000000422b08 in grub_mod_init (mod=0x0) at disk/lvm.c:588
#10 0x0000000000422af0 in grub_lvm_init () at disk/lvm.c:586
#11 0x0000000000423d05 in grub_init_all () at grub_probe_init.c:45
#12 0x0000000000401d40 in main (argc=5, argv=0x7fff18bc07e8)
    at util/grub-probe.c:366

I've tried to debug the problem and found that it happens while
grub-probe parses lvm metadata read from /dev/sda2.

However, on my system, /dev/sda2 is used as a physical volume for raid5!

There indeed is an LVM physical volume over that raid array, so reading
sda2 as a raw device at some offsets may return data that looks like
LVM data. However, reading at different offset won't return data expected
by grub-probe's LVM metadata parser. So segfault.

Interesting, numerous previous runs of grub-update (and underlying
grub-probe) did not segfault. Don't know what and where changed such
that this issue was triggered.

For now, I was able to workaround the issue this way:

--- ./grub_probe_init.c.orig    2009-03-21 17:01:49.000000000 +0300
+++ ./grub_probe_init.c 2009-03-21 16:34:20.000000000 +0300
@@ -42,8 +42,8 @@
   grub_pc_partition_map_init ();
   grub_apple_partition_map_init ();
   grub_gpt_partition_map_init ();
-  grub_lvm_init ();
   grub_raid_init ();
+  grub_lvm_init ();
 }
 void
 grub_fini_all (void)
@@ -68,6 +68,6 @@
   grub_pc_partition_map_fini ();
   grub_apple_partition_map_fini ();
   grub_gpt_partition_map_fini ();
-  grub_lvm_fini ();
   grub_raid_fini ();
+  grub_lvm_fini ();
 }

So if raid module is initialized before lvm, grub-probe somehow detects that
sda2 is a raid physical volume, and does not try to parse lvm metadata from
there.

I'm unsure that this workaround is the solution, since both lvm-over-raid
and raid-over-lvm is possible. Although lvm-over-raid is much more common :).

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (640, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-1-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages grub-common depends on:
ii  base-files                    5          Debian base system miscellaneous f
ii  libc6                         2.7-18     GNU C Library: Shared libraries

grub-common recommends no packages.

Versions of packages grub-common suggests:
pn  multiboot-doc                 <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20090321/5dec31cf/attachment.pgp

More information about the Pkg-grub-devel mailing list