Merge pull request #141 from dublio/master

fix invalid pointer dereference banned_cpumask_from_ui
Irqbalance · Nov 8, 2019 · 3cbccb9 · 3cbccb9
2 parents 4577d31 + 6c350eb
commit 3cbccb9
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/cputree.c b/cputree.c
@@ -39,6 +39,7 @@
 #include "irqbalance.h"
 
 extern char *banned_cpumask_from_ui;
+extern char *cpu_ban_string;
 
 GList *cpus;
 GList *cache_domains;
@@ -104,9 +105,13 @@ static void setup_banned_cpus(void)
 	cpus_clear(nohz_full);
 
 	/* A manually specified cpumask overrides auto-detection. */
-	if (banned_cpumask_from_ui != NULL) {
+	if (cpu_ban_string != NULL && banned_cpumask_from_ui != NULL) {
 		cpulist_parse(banned_cpumask_from_ui,
 			strlen(banned_cpumask_from_ui), banned_cpus);
+		/* release it safety, it was allocated in sock_handle */
+		free(cpu_ban_string);
+		cpu_ban_string = NULL;
+		banned_cpumask_from_ui = NULL;
 		goto out;
 	}
 	if (getenv("IRQBALANCE_BANNED_CPUS"))  {

diff --git a/irqbalance.c b/irqbalance.c
@@ -65,6 +65,7 @@ int sleep_interval = SLEEP_INTERVAL;
 int last_interval;
 GMainLoop *main_loop;
 
+char *cpu_ban_string = NULL;
 char *banned_cpumask_from_ui = NULL;
 
 static void sleep_approx(int seconds)
@@ -469,7 +470,14 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 				free(irq_string);
 			} else if (!(strncmp(buff + strlen("settings "), "cpus ",
 							strlen("cpus")))) {
-				char *cpu_ban_string = malloc(
+				/*
+				 * if cpu_ban_string has not been consumed,
+				 * just ignore this request.
+				 */
+				if (cpu_ban_string != NULL)
+					goto out_close;
+
+				cpu_ban_string = malloc(
 						sizeof(char) * (recv_size - strlen("settings cpus ")));
 
 				if (!cpu_ban_string)
@@ -479,9 +487,16 @@ gboolean sock_handle(gint fd, GIOCondition condition, gpointer user_data __attri
 				banned_cpumask_from_ui = strtok(cpu_ban_string, " ");
 				if (!strncmp(banned_cpumask_from_ui, "NULL", strlen("NULL"))) {
 					banned_cpumask_from_ui = NULL;
+					free(cpu_ban_string);
+					cpu_ban_string = NULL;;
+				} else {
+					/*
+					 * don't free cpu_ban_string at here, it will be
+					 * released after we have store it to @banned_cpus
+					 * in setup_banned_cpus function.
+					 */
+					need_rescan = 1;
 				}
-				need_rescan = 1;
-				free(cpu_ban_string);
 			}
 		}
 		if (!strncmp(buff, "setup", strlen("setup"))) {