97 lines
2.9 KiB
Diff
97 lines
2.9 KiB
Diff
From 6c350eb9af2e36c40f4c1f2122e4b5b270c011b2 Mon Sep 17 00:00:00 2001
|
|
From: Weiping Zhang <zhangweiping@didiglobal.com>
|
|
Date: Fri, 8 Nov 2019 23:43:55 +0800
|
|
Subject: [PATCH 41/53] fix invalid pointer dereference banned_cpumask_from_ui
|
|
|
|
The memory of cpu_ban_string was release in sock_handle function,
|
|
so the banned_cpumask_from_ui will dereference an invalid memory.
|
|
|
|
Fix this issue by delay release memory.
|
|
|
|
Reproduce:
|
|
echo "settings cpus 0-3" | nc -U `find /var/run/irqbalance/ -name *sock`
|
|
|
|
Signed-off-by: Weiping Zhang <zhangweiping@didiglobal.com>
|
|
---
|
|
cputree.c | 7 ++++++-
|
|
irqbalance.c | 21 ++++++++++++++++++---
|
|
2 files changed, 24 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/cputree.c b/cputree.c
|
|
index 305f617..4c5fdf5 100644
|
|
--- a/cputree.c
|
|
+++ b/cputree.c
|
|
@@ -39,6 +39,7 @@
|
|
#include "irqbalance.h"
|
|
|
|
extern char *banned_cpumask_from_ui;
|
|
+extern char *cpu_ban_string;
|
|
|
|
GList *cpus;
|
|
GList *cache_domains;
|
|
@@ -104,9 +105,13 @@ static void setup_banned_cpus(void)
|
|
cpus_clear(nohz_full);
|
|
|
|
/* A manually specified cpumask overrides auto-detection. */
|
|
- if (banned_cpumask_from_ui != NULL) {
|
|
+ if (cpu_ban_string != NULL && banned_cpumask_from_ui != NULL) {
|
|
cpulist_parse(banned_cpumask_from_ui,
|
|
strlen(banned_cpumask_from_ui), banned_cpus);
|
|
+ /* release it safety, it was allocated in sock_handle */
|
|
+ free(cpu_ban_string);
|
|
+ cpu_ban_string = NULL;
|
|
+ banned_cpumask_from_ui = NULL;
|
|
goto out;
|
|
}
|
|
if (getenv("IRQBALANCE_BANNED_CPUS")) {
|
|
diff --git a/irqbalance.c b/irqbalance.c
|
|
index c9379ad..7630e38 100644
|
|
--- a/irqbalance.c
|
|
+++ b/irqbalance.c
|
|
@@ -65,6 +65,7 @@ int sleep_interval = SLEEP_INTERVAL;
|
|
int last_interval;
|
|
GMainLoop *main_loop;
|
|
|
|
+char *cpu_ban_string = NULL;
|
|
char *banned_cpumask_from_ui = NULL;
|
|
|
|
static void sleep_approx(int seconds)
|
|
@@ -469,7 +470,14 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
|
|
free(irq_string);
|
|
} else if (!(strncmp(buff + strlen("settings "), "cpus ",
|
|
strlen("cpus")))) {
|
|
- char *cpu_ban_string = malloc(
|
|
+ /*
|
|
+ * if cpu_ban_string has not been consumed,
|
|
+ * just ignore this request.
|
|
+ */
|
|
+ if (cpu_ban_string != NULL)
|
|
+ goto out_close;
|
|
+
|
|
+ cpu_ban_string = malloc(
|
|
sizeof(char) * (recv_size - strlen("settings cpus ")));
|
|
|
|
if (!cpu_ban_string)
|
|
@@ -479,9 +487,16 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
|
|
banned_cpumask_from_ui = strtok(cpu_ban_string, " ");
|
|
if (!strncmp(banned_cpumask_from_ui, "NULL", strlen("NULL"))) {
|
|
banned_cpumask_from_ui = NULL;
|
|
+ free(cpu_ban_string);
|
|
+ cpu_ban_string = NULL;;
|
|
+ } else {
|
|
+ /*
|
|
+ * don't free cpu_ban_string at here, it will be
|
|
+ * released after we have store it to @banned_cpus
|
|
+ * in setup_banned_cpus function.
|
|
+ */
|
|
+ need_rescan = 1;
|
|
}
|
|
- need_rescan = 1;
|
|
- free(cpu_ban_string);
|
|
}
|
|
}
|
|
if (!strncmp(buff, "setup", strlen("setup"))) {
|
|
--
|
|
2.23.0
|
|
|