Received: by 10.223.164.202 with SMTP id h10csp124853wrb; Tue, 14 Nov 2017 12:10:59 -0800 (PST) X-Google-Smtp-Source: AGs4zMYDMBvB9UnVQZtZcEtHi/mm0WVODWUmIOOvQmSZqxnp14diAShmjyCzFYSpPjxl88faLXDn X-Received: by 10.99.190.70 with SMTP id g6mr13464818pgo.322.1510690259204; Tue, 14 Nov 2017 12:10:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510690259; cv=none; d=google.com; s=arc-20160816; b=IyI5nvxKDdL0p6eOjf56mnfJE7OGA5sV0jrDsHrT+YQNHieVX0ESbhevvoJQoxeI85 nmvRwuEVtqV/s3GRVAePjFo8kC2cHDjoIRATMEFCTkX3ScT1STD+RVA3oFULt1uMfNFj mReK1ZnlBy5BuFF1y2ltqces3GLVh199VmLxEUqR+N4eZN8WZUVxnGIjrroIFT1C7FeN ZM5ngICYeLb6N6RHaOW6og8xhHy8i23Jmube8Sy7wY7zXda2GxdHtiTAIbPrIqlFSlZ2 QkAbzasRC1mSL4mFnDLNHFuPUqUvO2Y+CGlRipWHd7LAnl9LNvYKOsXEvTJpBqe8D+61 pA1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:reply-to:message-id:date:subject:cc:to :from:arc-authentication-results; bh=Fqr/U7DQi8PXCyctkObSSSnkKBz8ECHHdSQ0TXtCUmE=; b=PSMvn+lIB3tRL0MLSuxEe3Uqqjpfkh7u3a1X0JYJldno8Gn6j0GZ8a8CN4pmam+8jz 4w9BVKBa58AoYMmWv95oM7sJDS4pn+mUe53hYzLhg4flNHr2jM1VAGA9oDzO+opOcI5t oKUg3NmrU+PHFDxjpYqmlNCI/G4os5Uqv/N2yRCodu9oFpR6+/505QDQd/MFixJUt+ti xhZ3xE5zHnZhB7YXNLw92aImTKO3bjSaWJWP9CCiMUtUlyuiL4k1RUDtui5PZGpRcPqY 9fCxem00YQn9qh8T4FgAvCQ6ARrYEJK+gG6+BbZ+TrRbtbBq3wRYTGKjNaWEvSBgPlu3 ePqA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=exchange.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3si9640303pls.513.2017.11.14.12.10.46; Tue, 14 Nov 2017 12:10:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=exchange.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756155AbdKNUJb (ORCPT + 88 others); Tue, 14 Nov 2017 15:09:31 -0500 Received: from a2nlsmtp01-02.prod.iad2.secureserver.net ([198.71.225.36]:43294 "EHLO a2nlsmtp01-02.prod.iad2.secureserver.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755715AbdKNUHw (ORCPT ); Tue, 14 Nov 2017 15:07:52 -0500 Received: from linuxonhyperv.com ([107.180.71.197]) by : HOSTING RELAY : with SMTP id EhTtecHUdGgZeEhTteI2KP; Tue, 14 Nov 2017 13:06:50 -0700 x-originating-ip: 107.180.71.197 Received: from kys by linuxonhyperv.com with local (Exim 4.89) (envelope-from ) id 1eEhTt-0004JP-Re; Tue, 14 Nov 2017 13:06:49 -0700 From: kys@exchange.microsoft.com To: gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, devel@linuxdriverproject.org, olaf@aepfle.de, apw@canonical.com, vkuznets@redhat.com, jasowang@redhat.com, leann.ogasawara@canonical.com, marcelo.cerri@canonical.com, sthemmin@microsoft.com Cc: Paul Meyer , Long Li , stable@vger.kernel.org, "K. Y. Srinivasan" Subject: [PATCH 1/1] hv: kvp: Avoid reading past allocated blocks from KVP file Date: Tue, 14 Nov 2017 13:06:47 -0700 Message-Id: <1510690007-16549-1-git-send-email-kys@exchange.microsoft.com> X-Mailer: git-send-email 1.7.1 Reply-To: kys@microsoft.com X-CMAE-Envelope: MS4wfLdvaBDoknfxhlePZlKhVy15M3zx5oGfreicHDLCuk1FEdGqjjBUcfEBmnvIvFmnlRFR+WFDGA4foclK28ueJDtDwEneVSf3Lcm1yGnQz/pKuChcOCFT 4uJlnPCtjTmWtJ7hIRsw/5b60zl58ikb03aekTGRBjk6US4/SM5dpuzsbyjkghHRNCoSY2igxu7noELuEg/2vIhZ2h8q10uTnSstOiaaasSo3LnFtHLLyyvn OJOlcq4xmHlnGkdNSCnObAXV6oY6XmJ6GHzXLj2K/PF+EPoMh4RidWXA3AxxoU4x+qlxnW5J3pYNBHWtXXgtPDpm/mxG/Y/57XvX6KzO5EHuLyusObBsiID6 MD77DU87oFgCus5tqt1amvOsWc26yJDzVGLNa/s7TaCpvSRPq46OXsRfP0lxzNAjLl2mmz6g/DidHC+yj+KkC1D6F99lEKtUqwz8/qkr6yETwr7jxcc/o78n WVfR4SeVRPYp02/HtDJXdgVmrvOfoiq12TaDHBKGiLESApeeYnQpzZ4bKOo43vbZc/d7HQOLXQz5hc/pSvRNMLg52xztB96D6974lCwmN2e8TQJX2YBIqVaS bvsXLBzEvKjAxHlwODF6f53Q6T+yaHLpxZ7UUf7+bZqPjQ== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Paul Meyer While reading in more than one block (50) of KVP records, the allocation goes per block, but the reads used the total number of allocated records (without resetting the pointer/stream). This causes the records buffer to overrun when the refresh reads more than one block over the previous capacity (e.g. reading more than 100 KVP records whereas the in-memory database was empty before). Fix this by reading the correct number of KVP records from file each time. Signed-off-by: Paul Meyer Signed-off-by: Long Li Cc: stable@vger.kernel.org Signed-off-by: K. Y. Srinivasan --- tools/hv/hv_kvp_daemon.c | 70 +++++++++------------------------------------ 1 files changed, 14 insertions(+), 56 deletions(-) diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index eaa3bec..4c99c57 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c @@ -193,11 +193,14 @@ static void kvp_update_mem_state(int pool) for (;;) { readp = &record[records_read]; records_read += fread(readp, sizeof(struct kvp_record), - ENTRIES_PER_BLOCK * num_blocks, - filep); + ENTRIES_PER_BLOCK * num_blocks - records_read, + filep); if (ferror(filep)) { - syslog(LOG_ERR, "Failed to read file, pool: %d", pool); + syslog(LOG_ERR, + "Failed to read file, pool: %d; error: %d %s", + pool, errno, strerror(errno)); + kvp_release_lock(pool); exit(EXIT_FAILURE); } @@ -210,6 +213,7 @@ static void kvp_update_mem_state(int pool) if (record == NULL) { syslog(LOG_ERR, "malloc failed"); + kvp_release_lock(pool); exit(EXIT_FAILURE); } continue; @@ -224,15 +228,11 @@ static void kvp_update_mem_state(int pool) fclose(filep); kvp_release_lock(pool); } + static int kvp_file_init(void) { int fd; - FILE *filep; - size_t records_read; char *fname; - struct kvp_record *record; - struct kvp_record *readp; - int num_blocks; int i; int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; @@ -246,61 +246,19 @@ static int kvp_file_init(void) for (i = 0; i < KVP_POOL_COUNT; i++) { fname = kvp_file_info[i].fname; - records_read = 0; - num_blocks = 1; sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */); if (fd == -1) return 1; - - filep = fopen(fname, "re"); - if (!filep) { - close(fd); - return 1; - } - - record = malloc(alloc_unit * num_blocks); - if (record == NULL) { - fclose(filep); - close(fd); - return 1; - } - for (;;) { - readp = &record[records_read]; - records_read += fread(readp, sizeof(struct kvp_record), - ENTRIES_PER_BLOCK, - filep); - - if (ferror(filep)) { - syslog(LOG_ERR, "Failed to read file, pool: %d", - i); - exit(EXIT_FAILURE); - } - - if (!feof(filep)) { - /* - * We have more data to read. - */ - num_blocks++; - record = realloc(record, alloc_unit * - num_blocks); - if (record == NULL) { - fclose(filep); - close(fd); - return 1; - } - continue; - } - break; - } kvp_file_info[i].fd = fd; - kvp_file_info[i].num_blocks = num_blocks; - kvp_file_info[i].records = record; - kvp_file_info[i].num_records = records_read; - fclose(filep); - + kvp_file_info[i].num_blocks = 1; + kvp_file_info[i].records = malloc(alloc_unit); + if (kvp_file_info[i].records == NULL) + return 1; + kvp_file_info[i].num_records = 0; + kvp_update_mem_state(i); } return 0; -- 1.7.1 From 1584099811158536963@xxx Wed Nov 15 03:08:24 +0000 2017 X-GM-THRID: 1584099479529122520 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread