From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932684AbdJaUEQ (ORCPT ); Tue, 31 Oct 2017 16:04:16 -0400 Received: from mail-by2nam01on0095.outbound.protection.outlook.com ([104.47.34.95]:55271 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753728AbdJaUEO (ORCPT ); Tue, 31 Oct 2017 16:04:14 -0400 From: Long Li To: Long Li , KY Srinivasan , "Haiyang Zhang" , Stephen Hemminger , "devel@linuxdriverproject.org" , "linux-kernel@vger.kernel.org" CC: "stable@vger.kernel.org" , Paul Meyer Subject: RE: [PATCH] hv: kvp: Avoid reading past allocated blocks from KVP file Thread-Topic: [PATCH] hv: kvp: Avoid reading past allocated blocks from KVP file Thread-Index: AQHTUnq6Id7s/QmDm0WEYOOgVoCo5KL+Yaug Date: Tue, 31 Oct 2017 20:04:11 +0000 Message-ID: References: <20171031190042.7967-1-longli@exchange.microsoft.com> In-Reply-To: <20171031190042.7967-1-longli@exchange.microsoft.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [131.107.160.166] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;MWHPR21MB0176;6:ZKK6JWAvZeXv++Mk5gW10dB9QwbF9VZ5oLOBgLimEhIJbF4pxtW0weQAKML7l76Xkdoe6xLjhBeF/svDk3fY0Bv1LEHcSAVcDdHXrs+cvX2ppM+SIpdsJ2VR8W96pwTEpWJSVs6r0sNEWOQAvuoeqsISyz297TIyTqizP0nVpi/T51dVYuEbIEG2Hl4vKnRYoYugSasLtX4ZKcwnsWJh454fSmwnhsqlVEvdmnFNl5Ye2HYz3qbkg1czjIjGXvMESraz7rcUm1IZW3lVlD5Xv3HRagrJdqSzUfGPE70bL/xBlwMqVY75NvjrhhAyEw24+EKHtyVdC5aDQe1NTASFtq1xmTt8y74XEvdaBAnBUoM=;5:ZbSnOv5HEEQ0Mr0aQzYsZrZgB6bItqnebLqayhN0ZYQ4ub5bwnbvaKY5G8rlBBZ7on08BtcQbKkQLW1xZqq30TsaeMpyDLh0pzCHo4zhRhJ8uz2IPvbKQ8e32xeI8ijk2shKB7xAAVLNoBybCIm+6nLdS4snzjM3ospNKWE82OA=;24:b5k2L+Y3ta4jQxSXAMbXWHq7dvnWrFdckqmrkgHZw7HoUnPPbKHuMAQCt6Y+ht+xc4ialApSTfzIYLMIRFaF+6rPLHNjL91ed4jbg08CR7o=;7:VsAEE0SgEzKBYtqtrthZfP6+s8FFELD0BTxWw1nfumCU1D0k4JANnLvFQv3lECu+L3qdbh0dJ0Fc7GZ3pKHrKu3FnXjxIqtYNfR0M6YLS+tlxlAe/T5YDNaZRvvOotHkHmYACDxms4Uo4t4EHFfa/H9QiQPpyudoxOb/BcSG39VBeddw98dYBRp3r4auGfLDkMUzx+p63Qpt8NOGL76xkV8dcnmYRy7dXPI/+xpQfDs+qFlnsElMcb7BHZoJ/OGQ x-ms-exchange-antispam-srfa-diagnostics: SSOS;SSOR; x-o365eop-header: O365_EOP: Allow for Unauthenticated Relay x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY) x-forefront-antispam-report: SFV:SKI;SCL:-1;SFV:NSPM;SFS:(10019020)(6009001)(346002)(376002)(39860400002)(47760400005)(199003)(189002)(7736002)(107886003)(53936002)(2950100002)(305945005)(7696004)(33656002)(22452003)(316002)(2501003)(4326008)(101416001)(76176999)(54356999)(2900100001)(68736007)(50986999)(10090500001)(110136005)(8990500004)(97736004)(74316002)(2421001)(6246003)(14454004)(77096006)(229853002)(10290500003)(54906003)(25786009)(2561002)(6436002)(6506006)(2906002)(9686003)(1511001)(5660300001)(102836003)(8676002)(86612001)(81156014)(86362001)(81166006)(966005)(6306002)(99286003)(3846002)(6116002)(8936002)(106356001)(3280700002)(66066001)(3660700001)(105586002)(478600001)(189998001)(2201001)(55016002);DIR:OUT;SFP:1102;SCL:1;SRVR:MWHPR21MB0176;H:MWHPR21MB0190.namprd21.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; x-ms-office365-filtering-correlation-id: 7c94db0c-0be4-48ab-9bd5-08d5209a8d88 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603238);SRVR:MWHPR21MB0176; x-ms-traffictypediagnostic: MWHPR21MB0176: authentication-results: spf=none (sender IP is ) smtp.mailfrom=longli@microsoft.com; x-exchange-antispam-report-test: UriScan:(89211679590171)(189930954265078)(219752817060721); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3231020)(100000703101)(100105400095)(93006095)(93001095)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123560025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:MWHPR21MB0176;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:MWHPR21MB0176; x-forefront-prvs: 04772EA191 spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 X-OriginatorOrg: microsoft.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7c94db0c-0be4-48ab-9bd5-08d5209a8d88 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2017 20:04:11.3448 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0176 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfs id v9VK4KQT031328 > From: Paul Meyer > > While reading in more than one block (50) of KVP records, the allocation goes > per block, but the reads used the total number of allocated records (without > resetting the pointer/stream). This causes the records buffer to overrun when > the refresh reads more than one block over the previous capacity (e.g. reading > more than 100 KVP records whereas the in-memory database was empty before). > > Fix this by reading the correct number of KVP records from file each time. Please drop this patch. I have sent a v2. > > Signed-off-by: Paul Meyer > Reviewed-by: Long Li > --- > tools/hv/hv_kvp_daemon.c | 66 ++++++++---------------------------------------- > 1 file changed, 10 insertions(+), 56 deletions(-) > > diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index > eaa3bec..2094036 100644 > --- a/tools/hv/hv_kvp_daemon.c > +++ b/tools/hv/hv_kvp_daemon.c > @@ -193,11 +193,13 @@ static void kvp_update_mem_state(int pool) > for (;;) { > readp = &record[records_read]; > records_read += fread(readp, sizeof(struct kvp_record), > - ENTRIES_PER_BLOCK * num_blocks, > - filep); > + ENTRIES_PER_BLOCK * num_blocks - records_read, > + filep); > > if (ferror(filep)) { > - syslog(LOG_ERR, "Failed to read file, pool: %d", pool); > + syslog(LOG_ERR, > + "Failed to read file, pool: %d; error: %d %s", > + pool, errno, strerror(errno)); > exit(EXIT_FAILURE); > } > > @@ -224,15 +226,11 @@ static void kvp_update_mem_state(int pool) > fclose(filep); > kvp_release_lock(pool); > } > + > static int kvp_file_init(void) > { > int fd; > - FILE *filep; > - size_t records_read; > char *fname; > - struct kvp_record *record; > - struct kvp_record *readp; > - int num_blocks; > int i; > int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK; > > @@ -246,61 +244,17 @@ static int kvp_file_init(void) > > for (i = 0; i < KVP_POOL_COUNT; i++) { > fname = kvp_file_info[i].fname; > - records_read = 0; > - num_blocks = 1; > sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i); > fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- > */); > > if (fd == -1) > return 1; > > - > - filep = fopen(fname, "re"); > - if (!filep) { > - close(fd); > - return 1; > - } > - > - record = malloc(alloc_unit * num_blocks); > - if (record == NULL) { > - fclose(filep); > - close(fd); > - return 1; > - } > - for (;;) { > - readp = &record[records_read]; > - records_read += fread(readp, sizeof(struct kvp_record), > - ENTRIES_PER_BLOCK, > - filep); > - > - if (ferror(filep)) { > - syslog(LOG_ERR, "Failed to read file, pool: %d", > - i); > - exit(EXIT_FAILURE); > - } > - > - if (!feof(filep)) { > - /* > - * We have more data to read. > - */ > - num_blocks++; > - record = realloc(record, alloc_unit * > - num_blocks); > - if (record == NULL) { > - fclose(filep); > - close(fd); > - return 1; > - } > - continue; > - } > - break; > - } > kvp_file_info[i].fd = fd; > - kvp_file_info[i].num_blocks = num_blocks; > - kvp_file_info[i].records = record; > - kvp_file_info[i].num_records = records_read; > - fclose(filep); > - > + kvp_file_info[i].num_blocks = 1; > + kvp_file_info[i].records = malloc(alloc_unit); > + kvp_file_info[i].num_records = 0; > + kvp_update_mem_state(i); > } > > return 0; > -- > 2.7.4 > > _______________________________________________ > devel mailing list > devel@linuxdriverproject.org > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdriverdev.li > nuxdriverproject.org%2Fmailman%2Flistinfo%2Fdriverdev- > devel&data=02%7C01%7Clongli%40microsoft.com%7C3d25aed8f1a14fb966170 > 8d52091db50%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6364507 > 33196130349&sdata=7SZq7ER6YQo5ci6GmtPZUsL41g%2BERq2sswLeZNEb43k% > 3D&reserved=0