rpms
/
smc-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
smc-tools/SOURCES/0001-smc-tools-stats-Fix-me...

75 lines
2.2 KiB
Diff
Raw Blame History

From f365663e86fd06075bd5fe2d30bab0a64dc27b18 Mon Sep 17 00:00:00 2001
From: Guvenc Gulce <guvenc@linux.ibm.com>
Date: Fri, 16 Jul 2021 09:54:03 +0200
Subject: [PATCH 1/3] smc-tools: stats: Fix memory overread in
is_data_consistent()
Fix memory overread in is_data_consistent() and merge_cache()
functions.
Signed-off-by: Guvenc Gulce <guvenc@linux.ibm.com>
---
README.md | 1 +
stats.c | 13 +++++++------
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index 2397475..5047f62 100644
--- a/README.md
+++ b/README.md
@@ -47,6 +47,7 @@ Release History:
- `smc_run`: Add various command-line switches
Bug fixes:
+ - `smcd`/`smcr`: stats: Fix memory overread in is_data_consistent()
- `smc_chk`: Remove 'EXPERIMENTAL' flag
- `smc_chk`: Improve cleanup
- `smc_chk`: Start server with intended port
diff --git a/stats.c b/stats.c
index 2a00e42..d3a814f 100644
--- a/stats.c
+++ b/stats.c
@@ -900,7 +900,7 @@ static int is_data_consistent ()
cache++;
}
- size_fback = size + 2 * SMC_MAX_FBACK_RSN_CNT;
+ size_fback = 2 * SMC_MAX_FBACK_RSN_CNT;
kern_fbck = (struct smc_stats_fback *)&smc_rsn;
for (i = 0; i < size_fback; i++) {
val_err = kern_fbck->fback_code;
@@ -924,8 +924,8 @@ static int is_data_consistent ()
static void merge_cache ()
{
int size, i, size_fback, val_err, cache_cnt;
+ struct smc_stats_fback *kern_fbck;
__u64 *kernel, *cache;
- int *kern_fbck;
if (!is_data_consistent()) {
unlink(cache_file_path);
@@ -938,15 +938,16 @@ static void merge_cache ()
for (i = 0; i < size; i++)
*(kernel++) -= *(cache++);
- size_fback = size + 2 * SMC_MAX_FBACK_RSN_CNT;
- kern_fbck = (int *)&smc_rsn;
+ size_fback = 2 * SMC_MAX_FBACK_RSN_CNT;
+ kern_fbck = (struct smc_stats_fback *)&smc_rsn;
for (i = 0; i < size_fback; i++) {
- val_err = *(kern_fbck++);
+ val_err = kern_fbck->fback_code;
if (i < SMC_MAX_FBACK_RSN_CNT)
cache_cnt = get_fback_err_cache_count(smc_rsn_c.srv, val_err);
else
cache_cnt = get_fback_err_cache_count(smc_rsn_c.clnt, val_err);
- *(kern_fbck++) -= cache_cnt;
+ kern_fbck->count -= cache_cnt;
+ kern_fbck++;
}
smc_rsn.srv_fback_cnt -= smc_rsn_c.srv_fback_cnt;
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink