[PATCH] makedumpfile: Fix the variable pfn_needed leaking

Minfei Huang mhuang at redhat.com
Wed Nov 12 04:05:35 PST 2014


On 11/11/14 at 04:54pm, Minfei Huang wrote:
> If the page pfn calculated by read_from_splitblock_table is bigger than
> pfn_needed, the variable pfn_needed will leak.
> 
> makedumpfile cannot assign the pfn averagely bacause of condition
> pfn_needed invalid.
> 
> Signed-off-by: Minfei Huang <mhuang at redhat.com>
> ---
>  makedumpfile.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/makedumpfile.c b/makedumpfile.c
> index 59c4952..8807a90 100644
> --- a/makedumpfile.c
> +++ b/makedumpfile.c
> @@ -8415,7 +8415,7 @@ calculate_end_pfn_by_splitblock(mdf_pfn_t start_pfn,
>  		return info->max_mapnr;
>  
>  	mdf_pfn_t end_pfn;
> -	long long pfn_needed, offset;
> +	long long pfn_needed, offset, per_splitblock_pfn;
>  	char *splitblock_value_offset;
>  
>  	pfn_needed = info->num_dumpable / info->num_dumpfile;
> @@ -8424,7 +8424,8 @@ calculate_end_pfn_by_splitblock(mdf_pfn_t start_pfn,
>  	end_pfn = start_pfn;
>  
>  	while (*cur_splitblock_num < splitblock->num && pfn_needed > 0) {
> -		pfn_needed -= read_from_splitblock_table(splitblock_value_offset);
> +		per_splitblock_pfn = read_from_splitblock_table(splitblock_value_offset); 
> +		pfn_needed = pfn_needed < per_splitblock_pfn ? 0 : pfn_needed - per_splitblock_pfn;
Hi, Wenjiang!

Sorry, my emall client didnot receive the mail by you, so I reply it
here.

The split->table is an array to record the pfn count which we need dump.
And the memory is divided by the size of info->splitblock_size, the pfn
count in each entry will be stored in the entry of split->table.

For the purpose, we want to average allocation to the pfns.

Here is a case:
There are 5 entries in the split->table, and the value is 4, 6, 4, 5, 5.
We want to split four pieces to write to four files, and every file will
be write 6 pfns.
Using the function calculate_end_pfn_by_splitblock, the first file will
be assigned all of the pfns(24 pfns).

pfn_needed is 6((4+6+4+5+5) / 4) when entry the function.
By the end of first loop, the variable pfn_needed = 2(6 - 4).
Then move on, the variable will leak to become huge number by the end of
second loop, because the return value of function read_from_splitblock_table
is 6. The variable pfn_needed is ~4(2 - 6), it is huge.
And the loop will break util *cur_splitblock_num == splitblock->num.

For above case, it is no sense to use split function, so we should add
the condition whether pfn_needed is bigger than the value of
read_from_splitblock_table.

Thanks
Minfei
>  		splitblock_value_offset += splitblock->entry_size;
>  		++*cur_splitblock_num;
>  	}
> -- 
> 1.8.3.1
> 



More information about the kexec mailing list