WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] fix read size in xendump.c

To: crash-utility@xxxxxxxxxx
Subject: [Xen-devel] [PATCH] fix read size in xendump.c
From: Isaku Yamahata <yamahata@xxxxxxxxxxxxx>
Date: Wed, 29 Aug 2007 20:58:24 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 29 Aug 2007 04:58:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i
Hi.
Recently I twisted the xen xm dump-core format so that the section
order was changed for optimization.
Although it shouldn't affect analysis tools, it revealed a bug.
The crash utility tries to read the file beyond EOF.
So far it wasn't issue because of section ordering.
This patch fixes it by calculating read size correctly

Dave, 
Although I don't think that it causes serious issues,
Could you check whether the minor update of the format affects
the crash utility?
http://article.gmane.org/gmane.comp.emulators.xen.ia64/7531
http://article.gmane.org/gmane.comp.emulators.xen.devel/42996


--- crash-4.0-4.6-ORIG/xendump.c        2007-08-28 00:51:11.000000000 +0900
+++ ./crash-4.0-4.6/xendump.c   2007-08-29 18:14:05.000000000 +0900
@@ -1289,9 +1289,8 @@ xc_core_mfn_to_page(ulong mfn, char *pgb
 
         for (b = 0, idx = -1, done = FALSE; 
             !done && (b < nr_pages); b += MAX_BATCH_SIZE) {
-
-                if (read(xd->xfd, tmp, sizeof(ulong) * MAX_BATCH_SIZE) != 
-                   (MAX_BATCH_SIZE * sizeof(ulong))) {
+               size_t size = sizeof(ulong) * MIN(MAX_BATCH_SIZE, nr_pages - b);
+                if (read(xd->xfd, tmp, size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return NULL;
                }
@@ -1348,13 +1347,11 @@ xc_core_elf_mfn_to_page(ulong mfn, char 
 {
        int i, b, idx, done;
        off_t offset;
-       size_t size;
        uint nr_pages;
        ulong tmp;
        struct xen_dumpcore_p2m p2m_batch[MAX_BATCH_SIZE];
 
         offset = xd->xc_core.header.xch_index_offset;
-       size = sizeof(struct xen_dumpcore_p2m) * MAX_BATCH_SIZE;
        nr_pages = xd->xc_core.header.xch_nr_pages;
 
         if (lseek(xd->xfd, offset, SEEK_SET) == -1)
@@ -1362,7 +1359,8 @@ xc_core_elf_mfn_to_page(ulong mfn, char 
 
         for (b = 0, idx = -1, done = FALSE; 
             !done && (b < nr_pages); b += MAX_BATCH_SIZE) {
-
+               size_t size = sizeof(struct xen_dumpcore_p2m) *
+                       MIN(MAX_BATCH_SIZE, nr_pages - b);
                 if (read(xd->xfd, &p2m_batch[0], size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return NULL;
@@ -1437,9 +1435,9 @@ xc_core_mfn_to_page_index(ulong mfn)
                 nr_pages *= 2;
 
         for (b = 0; b < nr_pages; b += MAX_BATCH_SIZE) {
-
-                if (read(xd->xfd, tmp, sizeof(ulong) * MAX_BATCH_SIZE) != 
-                   (MAX_BATCH_SIZE * sizeof(ulong))) {
+               size_t size =
+                       sizeof(ulong) * MIN(MAX_BATCH_SIZE, nr_pages - b);
+                if (read(xd->xfd, tmp, size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return MFN_NOT_FOUND;
                }
@@ -1469,20 +1467,19 @@ xc_core_elf_mfn_to_page_index(ulong mfn)
 {
         int i, b;
        off_t offset;
-       size_t size;
        uint nr_pages;
         ulong tmp;
         struct xen_dumpcore_p2m p2m_batch[MAX_BATCH_SIZE];
 
         offset = xd->xc_core.header.xch_index_offset;
-        size = sizeof(struct xen_dumpcore_p2m) * MAX_BATCH_SIZE;
        nr_pages = xd->xc_core.header.xch_nr_pages;
 
         if (lseek(xd->xfd, offset, SEEK_SET) == -1)
                 error(FATAL, "cannot lseek to page index\n");
 
         for (b = 0; b < nr_pages; b += MAX_BATCH_SIZE) {
-
+               size_t size = sizeof(struct xen_dumpcore_p2m) *
+                       MIN(MAX_BATCH_SIZE, nr_pages - b);
                 if (read(xd->xfd, &p2m_batch[0], size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return MFN_NOT_FOUND;
@@ -1563,8 +1560,9 @@ check_next_4:
                nr_pages = xd->xc_core.header.xch_nr_pages;
 
                for (b = 0; b < nr_pages; b += MAX_BATCH_SIZE) {
-                       if (read(xd->xfd, tmp, sizeof(ulong) * MAX_BATCH_SIZE) 
!=
-                           (MAX_BATCH_SIZE * sizeof(ulong))) {
+                       size_t size = sizeof(ulong) *
+                               MIN(MAX_BATCH_SIZE, nr_pages - b);
+                       if (read(xd->xfd, tmp, size) != size) {
                                error(INFO, "cannot read index page %d\n", b);
                                return FALSE;
                        }
@@ -1595,8 +1593,9 @@ show_64bit_mfns:
                nr_pages = xd->xc_core.header.xch_nr_pages;
 
                for (b = 0; b < nr_pages; b += MAX_BATCH_SIZE) {
-                       if (read(xd->xfd, tmp64, sizeof(ulonglong) * 
MAX_BATCH_SIZE) !=
-                           (MAX_BATCH_SIZE * sizeof(ulonglong))) {
+                       size_t size = sizeof(ulonglong) *
+                               MIN(MAX_BATCH_SIZE, nr_pages - b);
+                       if (read(xd->xfd, tmp64, size) != size) {
                                error(INFO, "cannot read index page %d\n", b);
                                return FALSE;
                        }
@@ -1709,13 +1708,11 @@ xc_core_elf_pfn_to_page_index(ulong pfn)
 {
         int i, b, start_index;
        off_t offset;
-       size_t size;
        uint nr_pages;
         ulong tmp;
         struct xen_dumpcore_p2m p2m_batch[MAX_BATCH_SIZE];
 
         offset = xd->xc_core.header.xch_index_offset;
-        size = sizeof(struct xen_dumpcore_p2m) * MAX_BATCH_SIZE;
        nr_pages = xd->xc_core.header.xch_nr_pages;
 
        /*
@@ -1744,7 +1741,8 @@ xc_core_elf_pfn_to_page_index(ulong pfn)
                 error(FATAL, "cannot lseek to page index\n");
 
         for (b = start_index; b < nr_pages; b += MAX_BATCH_SIZE) {
-
+               size_t size = sizeof(struct xen_dumpcore_p2m) *
+                       MIN(MAX_BATCH_SIZE, nr_pages - b);
                 if (read(xd->xfd, &p2m_batch[0], size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return PFN_NOT_FOUND;
@@ -1838,13 +1836,11 @@ xc_core_elf_pfn_valid(ulong pfn)
 {
         int i, b, start_index;
        off_t offset;
-       size_t size;
        uint nr_pages;
         ulong tmp;
         uint64_t pfn_batch[MAX_BATCH_SIZE];
 
         offset = xd->xc_core.header.xch_index_offset;
-        size = sizeof(uint64_t) * MAX_BATCH_SIZE;
        nr_pages = xd->xc_core.header.xch_nr_pages;
 
        /*
@@ -1873,7 +1869,8 @@ xc_core_elf_pfn_valid(ulong pfn)
                 error(FATAL, "cannot lseek to page index\n");
 
         for (b = start_index; b < nr_pages; b += MAX_BATCH_SIZE) {
-
+               size_t size = sizeof(uint64_t) *
+                       MIN(MAX_BATCH_SIZE, nr_pages - b);
                 if (read(xd->xfd, &pfn_batch[0], size) != size) {
                         error(INFO, "cannot read index page %d\n", b);
                        return PFN_NOT_FOUND;

-- 
yamahata

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] fix read size in xendump.c, Isaku Yamahata <=