From: HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab@xxxxxxx> wrote Tuesday, September 27, 2022 9:58 AM
>
> On 2022/09/26 16:24, dietmar.hahn@xxxxxxxxxxx wrote:
> > Hi,
> > I have a Linux-dom0 running with Xen. The extraction of the vmcore via
> > makdumpfile shows the message:
> > get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.
> >
> > The commit 2651d571 changed the behaviour of init_xen_crash_info().
> > With
> > - return TRUE;
> > + ret = TRUE;
> > +
> > +out_error:
> > + free(buf);
> > the buffer is released but it's still used because of
> > info->xen_crash_info.com = buf;
> > This leads to random data in the buffer and later to the mentioned
> > error.
>
> Thank you for the report and patch, I missed that at review completely..
>
> >
> > With the change back the memory is not released.
> > But I'm not familiar enough with code to decide where to do this.
>
> I've tweaked the patch, does this work for you?
Yes, much better.
My test cases are working.
Many thanks!
Dietmar.
>
> Thanks,
> Kazu
>
> --
> From d2c336e0c1bb765675056ca942a884014c257f9a Mon Sep 17 00:00:00 2001
> Subject: [PATCH] xen: Fix wrong free issue in init_xen_crash_info()
>
> From: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxx>
>
> The commit 2651d5719a21 ("[PATCH 11/14] fix memory leak in
> init_xen_crash_info()") changed the behaviour of the function and the
> buf variable is always released, but it's still used later when
> returning TRUE. Without the patch, this leads to random data in the
> buffer and later to the following error:
>
> get_xen_basic_info_x86_64: Can't get the symbol of xenheap_phys_end.
>
> Fixes: 2651d5719a21 ("[PATCH 11/14] fix memory leak in init_xen_crash_info()")
> Signed-off-by: Dietmar Hahn <dietmar.hahn@xxxxxxxxxxx>
> Signed-off-by: Kazuhito Hagio <k-hagio-ab@xxxxxxx>
> ---
> makedumpfile.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/makedumpfile.c b/makedumpfile.c
> index 65d1c7c2f02c..ff821ebd3eb0 100644
> --- a/makedumpfile.c
> +++ b/makedumpfile.c
> @@ -9668,7 +9668,6 @@ init_xen_crash_info(void)
> {
> off_t offset_xen_crash_info;
> unsigned long size_xen_crash_info;
> - int ret = FALSE;
> void *buf;
>
> get_xen_crash_info(&offset_xen_crash_info, &size_xen_crash_info);
> @@ -9710,11 +9709,11 @@ init_xen_crash_info(void)
> else
> info->xen_crash_info_v = 0;
>
> - ret = TRUE;
> + return TRUE;
>
> out_error:
> free(buf);
> - return ret;
> + return FALSE;
> }
>
> int
> @@ -12377,6 +12376,8 @@ out:
> free(info->dump_header);
> if (info->splitting_info != NULL)
> free(info->splitting_info);
> + if (info->xen_crash_info.com != NULL)
> + free(info->xen_crash_info.com);
> if (info->p2m_mfn_frame_list != NULL)
> free(info->p2m_mfn_frame_list);
> if (info->page_buf != NULL)
> --
> 2.31.1
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
