[Crash-utility] [PATCH] Fix incorrect hstate pointer arithmetic in "kmem -i" command
Dave Anderson
anderson at redhat.com
Thu Oct 29 15:28:57 UTC 2015
----- Original Message -----
> Without this patch we may access an arbitrary address and report an
> incorrect total huge pages value.
>
Hi Aaron,
Queued for crash-7.1.4:
https://github.com/crash-utility/crash/commit/3ed7a4e788d414c12dd4347ea6df2cd7c0b9f475
Thanks,
Dave
> Signed-off-by: Aaron Tomlin <atomlin at redhat.com>
> ---
> memory.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/memory.c b/memory.c
> index 72218e7..613add7 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -15207,7 +15207,7 @@ next_physpage(ulonglong paddr, ulonglong *nextpaddr)
> static int
> get_hugetlb_total_pages(ulong *nr_total_pages)
> {
> - ulong hstate_p;
> + ulong hstate_p, vaddr;
> int i, len;
> ulong nr_huge_pages;
> uint horder;
> @@ -15224,13 +15224,16 @@ get_hugetlb_total_pages(ulong *nr_total_pages)
> hstate_p = symbol_value("hstates");
>
> for (i = 0; i < len; i++) {
> - hstate_p = hstate_p + (SIZE(hstate) * i);
> + vaddr = hstate_p + (SIZE(hstate) * i);
>
> - readmem(hstate_p + OFFSET(hstate_order),
> + readmem(vaddr + OFFSET(hstate_order),
> KVADDR, &horder, sizeof(uint),
> "hstate_order", FAULT_ON_ERROR);
>
> - readmem(hstate_p + OFFSET(hstate_nr_huge_pages),
> + if (!horder)
> + continue;
> +
> + readmem(vaddr + OFFSET(hstate_nr_huge_pages),
> KVADDR, &nr_huge_pages, sizeof(ulong),
> "hstate_nr_huge_pages", FAULT_ON_ERROR);
>
> --
> 2.4.3
>
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility
>
More information about the Crash-utility
mailing list