[PATCH] makedumpfile: xen: Fix get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.

HAGIO KAZUHITO(萩尾 一仁) k-hagio-ab at nec.com
Tue Sep 27 00:58:05 PDT 2022 

On 2022/09/26 16:24, dietmar.hahn at fujitsu.com wrote:
> Hi,
> I have a Linux-dom0 running with Xen. The extraction of the vmcore via
> makdumpfile shows the message:
> get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.
> 
> The commit 2651d571 changed the behaviour of init_xen_crash_info().
> With
> -       return TRUE;
> +       ret = TRUE;
> +
> +out_error:
> +       free(buf);
> the buffer is released but it's still used because of
> info->xen_crash_info.com = buf;
> This leads to random data in the buffer and later to the mentioned
> error.

Thank you for the report and patch, I missed that at review completely..

> 
> With the change back the memory is not released.
> But I'm not familiar enough with code to decide where to do this.

I've tweaked the patch, does this work for you?

Thanks,
Kazu

--
 From d2c336e0c1bb765675056ca942a884014c257f9a Mon Sep 17 00:00:00 2001
Subject: [PATCH] xen: Fix wrong free issue in init_xen_crash_info()

From: Dietmar Hahn <dietmar.hahn at fujitsu.com>

The commit 2651d5719a21 ("[PATCH 11/14] fix memory leak in
init_xen_crash_info()") changed the behaviour of the function and the
buf variable is always released, but it's still used later when
returning TRUE.  Without the patch, this leads to random data in the
buffer and later to the following error:

   get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.

Fixes: 2651d5719a21 ("[PATCH 11/14] fix memory leak in init_xen_crash_info()")
Signed-off-by: Dietmar Hahn <dietmar.hahn at fujitsu.com>
Signed-off-by: Kazuhito Hagio <k-hagio-ab at nec.com>
---
  makedumpfile.c | 7 ++++---
  1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/makedumpfile.c b/makedumpfile.c
index 65d1c7c2f02c..ff821ebd3eb0 100644
--- a/makedumpfile.c
+++ b/makedumpfile.c
@@ -9668,7 +9668,6 @@ init_xen_crash_info(void)
  {
  	off_t		offset_xen_crash_info;
  	unsigned long	size_xen_crash_info;
-	int		ret = FALSE;
  	void		*buf;
  
  	get_xen_crash_info(&offset_xen_crash_info, &size_xen_crash_info);
@@ -9710,11 +9709,11 @@ init_xen_crash_info(void)
  	else
  		info->xen_crash_info_v = 0;
  
-	ret = TRUE;
+	return TRUE;
  
  out_error:
  	free(buf);
-	return ret;
+	return FALSE;
  }
  
  int
@@ -12377,6 +12376,8 @@ out:
  			free(info->dump_header);
  		if (info->splitting_info != NULL)
  			free(info->splitting_info);
+		if (info->xen_crash_info.com != NULL)
+			free(info->xen_crash_info.com);
  		if (info->p2m_mfn_frame_list != NULL)
  			free(info->p2m_mfn_frame_list);
  		if (info->page_buf != NULL)
-- 
2.31.1

More information about the kexec mailing list