[Crash-utility] [PATCH] crash-trace-command: fix accessing uninitialized data (was: Re: crash utility trace extension module bug)
Dave Anderson
anderson at redhat.com
Thu May 20 14:49:52 UTC 2010
----- "Lai Jiangshan" <laijs at cn.fujitsu.com> wrote:
> Dave Anderson wrote:
> > Hello Lai,
> >
> > I was assigned a Red Hat bugzilla today, for which I am asking your
> > assistance:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=592887
> >
>
> Subject: [PATCH] crash-trace-command: fix accessing uninitialized
> data
>
> Caspar Zhang reported that trace show -c <CPU> causes seg fault.
> It's because the path is accessing some uninitialized data and causes
> seg fault.
>
> Reported-by: Caspar Zhang <czhang at redhat.com>
> Signed-off-by: Lai Jiangshan <laijs at cn.fujitsu.com>
Queued for the next release.
Thanks,
Dave
> ---
> diff --git a/extensions/trace.c b/extensions/trace.c
> index 975756b..89eb477 100755
> --- a/extensions/trace.c
> +++ b/extensions/trace.c
> @@ -279,8 +279,12 @@ static void ftrace_destroy_buffers(struct
> ring_buffer_per_cpu *buffers)
> {
> int i;
>
> - for (i = 0; i < nr_cpu_ids; i++)
> + for (i = 0; i < nr_cpu_ids; i++) {
> + if (!buffers[i].kaddr)
> + continue;
> +
> free(buffers[i].pages);
> + }
> }
>
> static int ftrace_init_buffers(struct ring_buffer_per_cpu *buffers,
> @@ -913,6 +917,7 @@ static int ftrace_dump_event_types(const char
> *events_path)
> }
>
> struct ring_buffer_per_cpu_stream {
> + struct ring_buffer_per_cpu *cpu_buffer;
> ulong *pages;
> void *curr_page;
> int available_pages;
> @@ -929,6 +934,7 @@ int ring_buffer_per_cpu_stream_init(struct
> ring_buffer_per_cpu *cpu_buffer,
> {
> unsigned i, count = 0;
>
> + s->cpu_buffer = cpu_buffer;
> s->curr_page = malloc(PAGESIZE());
> if (s->curr_page == NULL)
> return -1;
> @@ -1104,9 +1110,7 @@ static void __rbs_destroy(struct
> ring_buffer_stream *s, int *cpulist, int nr)
> int cpu;
>
> for (cpu = 0; cpu < nr; cpu++) {
> - if (!global_buffers[cpu].kaddr)
> - continue;
> - if (cpulist && !cpulist[cpu])
> + if (!s->ss[cpu].cpu_buffer)
> continue;
>
> ring_buffer_per_cpu_stream_destroy(s->ss + cpu);
> @@ -1132,6 +1136,7 @@ int ring_buffer_stream_init(struct
> ring_buffer_stream *s, int *cpulist)
> }
>
> for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
> + s->ss[cpu].cpu_buffer = NULL;
> s->es[cpu].data = NULL;
>
> if (!global_buffers[cpu].kaddr)
> @@ -1183,7 +1188,7 @@ static int ring_buffer_stream_pop_event(struct
> ring_buffer_stream *s,
>
> if (s->popped_cpu == nr_cpu_ids) {
> for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
> - if (!global_buffers[cpu].kaddr)
> + if (!s->ss[cpu].cpu_buffer)
> continue;
>
> ring_buffer_per_cpu_stream_pop_event(s->ss + cpu,
More information about the Crash-utility
mailing list