[erlang-patches] [PATCH] Fix memory corruption when reading topology information
Sverker Eriksson
sverker@REDACTED
Wed Mar 14 17:52:11 CET 2012
I found two other places in erl_misc_utils.c where the same mistake
seems to be done.
Do you have some test to share that provokes this bug?
diff --git a/erts/lib_src/common/erl_misc_utils.c
b/erts/lib_src/common/erl_misc_utils.c
index 4806311..162c908 100644
--- a/erts/lib_src/common/erl_misc_utils.c
+++ b/erts/lib_src/common/erl_misc_utils.c
@@ -727,7 +727,7 @@ adjust_processor_nodes(erts_cpu_info_t *cpuinfo, int
no_nodes)
prev = NULL;
this = &cpuinfo->topology[0];
- last = &cpuinfo->topology[cpuinfo->configured-1];
+ last = &cpuinfo->topology[cpuinfo->topology_size-1];
while (1) {
if (processor == this->processor) {
if (node != this->node)
@@ -939,7 +939,7 @@ read_topology(erts_cpu_info_t *cpuinfo)
if (res > 1) {
prev = this++;
- last = &cpuinfo->topology[cpuinfo->configured-1];
+ last = &cpuinfo->topology[cpuinfo->topology_size-1];
while (1) {
this->thread = ((this->node == prev->node
@@ -1094,7 +1094,7 @@ read_topology(erts_cpu_info_t *cpuinfo)
if (res > 1) {
prev = this++;
- last = &cpuinfo->topology[cpuinfo->configured-1];
+ last = &cpuinfo->topology[cpuinfo->topology_size-1];
while (1) {
this->thread = ((this->node == prev->node
/Sverker, Erlang/OTP Ericsson
Benjamin Herrenschmidt wrote:
> On Tue, 2012-03-13 at 14:50 +0100, Gustav Simonsson wrote:
>
>> Hi Benjamin,
>>
>> We discovered this error in a few other places, and will create a
>> slightly larger internal patch for this issue.
>> Thank you for finding this error and reporting it!
>>
>
> Thanks. Any chance you can CC me on the patch ? I'd like to try to get
> it included/backported in some distro as it prevents anything using
> erlang from running on some setups. (Typically if you have unplugged
> CPU, which is common when running KVM on POWER7 machines where the host
> has to unplug the SMT threads).
>
> Cheers,
> Ben.
>
>
>> Regards,
>> Gustav Simonsson
>> Erlang/OTP team
>>
>>
>> On 2012-03-09 04:23, Benjamin Herrenschmidt wrote:
>>
>>> If the number of processors actually found while reading sysfs
>>> is lower than the configured value, we realloc() the cpuinfo array
>>> to the smaller size, but we then iterate it using the original
>>> configured size, thus corrupting memory beyond the allocated
>>> block.
>>>
>>> Signed-off-by: Benjamin Herrenschmidt<benh@REDACTED>
>>> ---
>>>
>>> diff -urN otp_src_R15B.orig/erts/lib_src/common/erl_misc_utils.c otp_src_R15B/erts/lib_src/common/erl_misc_utils.c
>>> --- otp_src_R15B.orig/erts/lib_src/common/erl_misc_utils.c 2011-12-14 21:22:11.000000000 +1100
>>> +++ otp_src_R15B/erts/lib_src/common/erl_misc_utils.c 2012-03-08 14:40:18.111420986 +1100
>>> @@ -939,7 +939,7 @@
>>>
>>> if (res> 1) {
>>> prev = this++;
>>> - last =&cpuinfo->topology[cpuinfo->configured-1];
>>> + last =&cpuinfo->topology[cpuinfo->topology_size-1];
>>>
>>> while (1) {
>>> this->thread = ((this->node == prev->node
>>>
>>>
>>>
>>> _______________________________________________
>>> erlang-patches mailing list
>>> erlang-patches@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-patches
>>>
>
>
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches
>
>
More information about the erlang-patches
mailing list