[Crash-utility] [PATCH] crash-trace-command: fix accessing uninitialized data (was: Re: crash utility trace extension module bug)

Dave Anderson anderson at redhat.com
Thu May 20 14:49:52 UTC 2010 

----- "Lai Jiangshan" <laijs at cn.fujitsu.com> wrote:

> Dave Anderson wrote:
> > Hello Lai,
> > 
> > I was assigned a Red Hat bugzilla today, for which I am asking your
> > assistance:
> > 
> >   https://bugzilla.redhat.com/show_bug.cgi?id=592887
> > 
> 
> Subject: [PATCH] crash-trace-command: fix accessing uninitialized
> data
> 
> Caspar Zhang reported that trace show -c <CPU> causes seg fault.
> It's because the path is accessing some uninitialized data and causes
> seg fault.
> 
> Reported-by: Caspar Zhang <czhang at redhat.com>
> Signed-off-by: Lai Jiangshan <laijs at cn.fujitsu.com>

Queued for the next release.

Thanks,
  Dave

> ---
> diff --git a/extensions/trace.c b/extensions/trace.c
> index 975756b..89eb477 100755
> --- a/extensions/trace.c
> +++ b/extensions/trace.c
> @@ -279,8 +279,12 @@ static void ftrace_destroy_buffers(struct
> ring_buffer_per_cpu *buffers)
>  {
>  	int i;
>  
> -	for (i = 0; i < nr_cpu_ids; i++)
> +	for (i = 0; i < nr_cpu_ids; i++) {
> +		if (!buffers[i].kaddr)
> +			continue;
> +
>  		free(buffers[i].pages);
> +	}
>  }
>  
>  static int ftrace_init_buffers(struct ring_buffer_per_cpu *buffers,
> @@ -913,6 +917,7 @@ static int ftrace_dump_event_types(const char
> *events_path)
>  }
>  
>  struct ring_buffer_per_cpu_stream {
> +	struct ring_buffer_per_cpu *cpu_buffer;
>  	ulong *pages;
>  	void *curr_page;
>  	int available_pages;
> @@ -929,6 +934,7 @@ int ring_buffer_per_cpu_stream_init(struct
> ring_buffer_per_cpu *cpu_buffer,
>  {
>  	unsigned i, count = 0;
>  
> +	s->cpu_buffer = cpu_buffer;
>  	s->curr_page = malloc(PAGESIZE());
>  	if (s->curr_page == NULL)
>  		return -1;
> @@ -1104,9 +1110,7 @@ static void __rbs_destroy(struct
> ring_buffer_stream *s, int *cpulist, int nr)
>  	int cpu;
>  
>  	for (cpu = 0; cpu < nr; cpu++) {
> -		if (!global_buffers[cpu].kaddr)
> -			continue;
> -		if (cpulist && !cpulist[cpu])
> +		if (!s->ss[cpu].cpu_buffer)
>  			continue;
>  
>  		ring_buffer_per_cpu_stream_destroy(s->ss + cpu);
> @@ -1132,6 +1136,7 @@ int ring_buffer_stream_init(struct
> ring_buffer_stream *s, int *cpulist)
>  	}
>  
>  	for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
> +		s->ss[cpu].cpu_buffer = NULL;
>  		s->es[cpu].data = NULL;
>  
>  		if (!global_buffers[cpu].kaddr)
> @@ -1183,7 +1188,7 @@ static int ring_buffer_stream_pop_event(struct
> ring_buffer_stream *s,
>  
>  	if (s->popped_cpu == nr_cpu_ids) {
>  		for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
> -			if (!global_buffers[cpu].kaddr)
> +			if (!s->ss[cpu].cpu_buffer)
>  				continue;
>  
>  			ring_buffer_per_cpu_stream_pop_event(s->ss + cpu,

More information about the Crash-utility mailing list