[Crash-utility] [PATCH]: double free in trace extension
Dave Anderson
anderson at redhat.com
Wed May 9 13:57:57 UTC 2012
----- Original Message -----
> >> First, just like some other contributors, I've come across an issue
> >> triggered by a dump being corrupt. In my case it's this code in
> >> kernel.c:cpu_maps_init():
> >>
> >> if (*maskptr & (0x1UL << c)) {
> >> cpu = (i * BITS_PER_LONG) + c;
> >> kt->cpu_flags[cpu] |= mapinfo[m].cpu_flag;
> >> }
> >>
> >> The mask is corrupt, making Crash believe there are more CPU's than the
> >> four we have allocated space for in kernel.c:kernel_init. How do you
> >> think this should be handled?
> >
> > Does the "crash --cpus <number> ..." command-line option work around it?
> >
>
> Nope, setting "--cpus 2" I still arrive at the code above with
>
> (gdb) p/x *maskptr
> $3 = 0x540dcebf
> (gdb)
>
> As you can see, it's not really a valid cpu mask. Either that or I'm
> totally deluded as to the capabilities of the hardware CPU-wise =o)
Right, I understand that cpu_maps_init() will still be called, and that
kt->cpu_flags will be invalid. But then what happens?
Dave
More information about the Crash-utility
mailing list