On 2022/09/26 16:24, dietmar.hahn@xxxxxxxxxxx wrote:
> Hi,
> I have a Linux-dom0 running with Xen. The extraction of the vmcore via
> makdumpfile shows the message:
> get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.
>
> The commit 2651d571 changed the behaviour of init_xen_crash_info().
> With
> - return TRUE;
> + ret = TRUE;
> +
> +out_error:
> + free(buf);
> the buffer is released but it's still used because of
> info->xen_crash_info.com = buf;
> This leads to random data in the buffer and later to the mentioned
> error.
Thank you for the report and patch, I missed that at review completely..
>
> With the change back the memory is not released.
> But I'm not familiar enough with code to decide where to do this.
I've tweaked the patch, does this work for you?
Thanks,
Kazu
--
From d2c336e0c1bb765675056ca942a884014c257f9a Mon Sep 17 00:00:00 2001
Subject: [PATCH] xen: Fix wrong free issue in init_xen_crash_info()
From: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxx>
The commit 2651d5719a21 ("[PATCH 11/14] fix memory leak in
init_xen_crash_info()") changed the behaviour of the function and the
buf variable is always released, but it's still used later when
returning TRUE. Without the patch, this leads to random data in the
buffer and later to the following error:
get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.
Fixes: 2651d5719a21 ("[PATCH 11/14] fix memory leak in init_xen_crash_info()")
Signed-off-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxx>
Signed-off-by: Kazuhito Hagio <k-hagio-ab@xxxxxxx>
---
makedumpfile.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/makedumpfile.c b/makedumpfile.c
index 65d1c7c2f02c..ff821ebd3eb0 100644
--- a/makedumpfile.c
+++ b/makedumpfile.c
@@ -9668,7 +9668,6 @@ init_xen_crash_info(void)
{
off_t offset_xen_crash_info;
unsigned long size_xen_crash_info;
- int ret = FALSE;
void *buf;
get_xen_crash_info(&offset_xen_crash_info, &size_xen_crash_info);
@@ -9710,11 +9709,11 @@ init_xen_crash_info(void)
else
info->xen_crash_info_v = 0;
- ret = TRUE;
+ return TRUE;
out_error:
free(buf);
- return ret;
+ return FALSE;
}
int
@@ -12377,6 +12376,8 @@ out:
free(info->dump_header);
if (info->splitting_info != NULL)
free(info->splitting_info);
+ if (info->xen_crash_info.com != NULL)
+ free(info->xen_crash_info.com);
if (info->p2m_mfn_frame_list != NULL)
free(info->p2m_mfn_frame_list);
if (info->page_buf != NULL)
--
2.31.1
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
