[Crash-utility] [PATCH] Fix incorrect hstate pointer arithmetic in "kmem -i" command

Thu Oct 29 00:35:19 UTC 2015

Without this patch we may access an arbitrary address and report an
incorrect total huge pages value.

Signed-off-by: Aaron Tomlin <atomlin at redhat.com>
---
 memory.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/memory.c b/memory.c
index 72218e7..613add7 100644
--- a/memory.c
+++ b/memory.c
@@ -15207,7 +15207,7 @@ next_physpage(ulonglong paddr, ulonglong *nextpaddr)
 static int
 get_hugetlb_total_pages(ulong *nr_total_pages)
 {
-	ulong hstate_p;
+	ulong hstate_p, vaddr;
 	int i, len;
 	ulong nr_huge_pages;
 	uint horder;
@@ -15224,13 +15224,16 @@ get_hugetlb_total_pages(ulong *nr_total_pages)
 		hstate_p = symbol_value("hstates");
 
 		for (i = 0; i < len; i++) {
-			hstate_p = hstate_p + (SIZE(hstate) * i);
+			vaddr = hstate_p + (SIZE(hstate) * i);
 
-			readmem(hstate_p + OFFSET(hstate_order),
+			readmem(vaddr + OFFSET(hstate_order),
 				KVADDR, &horder, sizeof(uint),
 				"hstate_order", FAULT_ON_ERROR);
 
-			readmem(hstate_p + OFFSET(hstate_nr_huge_pages),
+			if (!horder)
+				continue;
+
+			readmem(vaddr + OFFSET(hstate_nr_huge_pages),
 				KVADDR, &nr_huge_pages, sizeof(ulong),
 				"hstate_nr_huge_pages", FAULT_ON_ERROR);
 
-- 
2.4.3


