Fix irq count sharing #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The irq count was shared beetween all object with the same type but it must be shared beetween children list only. Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>
Closed
pseiderer
added a commit
to pseiderer/irqbalance
that referenced
this pull request
Feb 21, 2021
Fix start position for the SETTINGS/CPU ban menu.
Fixes (start irqbalance-ui, press F4, press c, press Enter):
$ irqbalance-ui
Segmentation fault (core dumped)
$ gdb irqbalance-ui core
Program terminated with signal SIGSEGV, Segmentation fault.
#0 toggle_cpu (cpu_list=cpu_list@entry=0x90e170,
cpu_number=cpu_number@entry=-1) at ui/ui.c:192
192 entry_data = (cpu_ban_t *)(entry->data);
(gdb) where
#0 toggle_cpu (cpu_list=cpu_list@entry=0x90e170,
cpu_number=cpu_number@entry=-1) at ui/ui.c:192
Irqbalance#1 0x00013d4c in handle_cpu_banning () at ui/ui.c:254
Irqbalance#2 0x0001371c in settings () at ui/ui.c:598
Irqbalance#3 0x0001199c in key_loop (data=<optimized out>) at ui/irqbalance-ui.c:378
Irqbalance#4 0xb6ed9ae8 in ?? ()
For the starting position '5' cpu_number is calculated as '-1'.
Fix the same off by one for the SETUP IRQS/IRQ banning menu.
Signed-off-by: Peter Seiderer <ps.report@gmx.net>
liuchao173
added a commit
to liuchao173/irqbalance
that referenced
this pull request
Dec 1, 2021
Stroul, strlen, strtok will read or write out of bounds when recv_msg doesn't include '\0'. Especially strtok will write '\0' when it find a space, which may overwrite the head of the chunk in glibc, and irqbalance will core dump. core's stack: (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 Irqbalance#1 0x00007f7a4def7b41 in __GI_abort () at abort.c:79 Irqbalance#2 0x00007f7a4df3835b in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f7a4e03f885 "%s\n") at ../sysdeps/posix/libc_fatal.c:181 Irqbalance#3 0x00007f7a4df3eaca in malloc_printerr (str=str@entry=0x7f7a4e040b08 "corrupted size vs. prev_size while consolidating") at malloc.c:5390 Irqbalance#4 0x00007f7a4df3f910 in _int_free (av=0x7f7a4e06eaa0 <main_arena>, p=0x55f837b201f0, have_lock=<optimized out>) at malloc.c:4332 Irqbalance#5 0x00007f7a4e2e4796 in magazine_cache_trim (stamp=<optimized out>, ix=<optimized out>, allocator=0x7f7a4e399dc0 <allocator>) at ../glib/gslice.c:678 Irqbalance#6 magazine_cache_push_magazine (ix=<optimized out>, magazine_chunks=<optimized out>, count=51) at ../glib/gslice.c:709 Irqbalance#7 0x00007f7a4e2e483c in thread_memory_magazine2_unload (tmem=tmem@entry=0x55f837af3660, ix=ix@entry=1) at ../glib/gslice.c:808 Irqbalance#8 0x00007f7a4e2e5dd9 in g_slice_free_chain_with_offset (mem_size=24, mem_chain=<optimized out>, next_offset=8) at ../glib/gslice.c:1198 Irqbalance#9 0x00007f7a4e2c2502 in g_list_free (list=<optimized out>) at ../glib/glist.c:182 Irqbalance#10 0x000055f836036210 in free_cpu_topo (data=0x55f837b77100) at cputree.c:544 Irqbalance#11 0x00007f7a4e2c2f6d in g_list_foreach (list=<optimized out>, list@entry=0x55f837b970c0, func=0x55f836036200 <free_cpu_topo>, user_data=user_data@entry=0x0) at ../glib/glist.c:1069 Irqbalance#12 0x00007f7a4e2c2f9b in g_list_free_full (list=0x55f837b970c0, free_func=<optimized out>) at ../glib/glist.c:223 Irqbalance#13 0x000055f83603780b in clear_cpu_tree () at cputree.c:559 Irqbalance#14 0x000055f83603873d in free_object_tree () at irqbalance.c:248 Irqbalance#15 0x000055f83603bb04 in scan (data=data@entry=0x0) at irqbalance.c:301 Irqbalance#16 0x00007f7a4e2c768d in g_timeout_dispatch (source=0x55f837afd000, callback=0x55f83603baa0 <poll_hint_affinity_and_scan>, user_data=0x0) at ../glib/gmain.c:4705 Irqbalance#17 0x00007f7a4e2c6ba4 in g_main_dispatch (context=0x55f837b39af0) at ../glib/gmain.c:3216 Irqbalance#18 g_main_context_dispatch (context=context@entry=0x55f837b39af0) at ../glib/gmain.c:3881 Irqbalance#19 0x00007f7a4e2c6f40 in g_main_context_iterate (context=0x55f837b39af0, block=block@entry=1, dispatch=dispatch@entry=1, self=self@entry=0x55f837b38000) at ../glib/gmain.c:3954 Irqbalance#20 0x00007f7a4e2c721d in g_main_loop_run (loop=0x55f837afc3e0) at ../glib/gmain.c:4148 Irqbalance#21 0x000055f836032ec8 in main (argc=3, argv=<optimized out>) at irqbalance.c:706 (gdb) x/128gx 0x55f837b20180 0x55f837b20180: 0x0000000000000000 0x0000000100000000 0x55f837b20190: 0x0000000000000000 0x000055f837b275d0 0x55f837b201a0: 0x0000000000000000 0x0000000000000051 0x55f837b201b0: 0x312c30312c392c34 0x2c37312c35312c33 0x55f837b201c0: 0x37322c34322c3232 0x332c32332c30332c 0x55f837b201d0: 0x2c34342c30342c38 0x39342c38342c3634 0x55f837b201e0: 0x352c32342c31322c 0x332c33322c312c32 0x55f837b201f0: 0x2c30322c32352c31 0x0000000000000001 0x55f837b20200: 0x000055f837bf23f0 0x000055f837b7c870 0x55f837b20210: 0x0000000000000000 0x0000000000000000 (gdb) p (char*)0x55f837b201b0 $1 = 0x55f837b201b0 "4,9,10,13,15,17,22,24,27,30,32,38,40,44,46,48,49,21,42,52,1,23,31,52,20,\001" asan log: ==3703578==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60600000011e at pc 0x7f86ade5687e bp 0x7ffce9f7ff60 sp 0x7ffce9f7f708 READ of size 63 at 0x60600000011e thread T0 #0 0x7f86ade5687d (/usr/lib64/libasan.so.4+0x5387d) ??:? Irqbalance#1 0x56438e80affe (/usr/sbin/irqbalance+0x11ffe) /usr/src/debug/irqbalance-1.8.0.x86_64/cputree.c:121 Irqbalance#2 0x56438e80e97a (/usr/sbin/irqbalance+0x1597a) /usr/src/debug/irqbalance-1.8.0.x86_64/irqbalance.c:241 Irqbalance#3 0x56438e8167f7 (/usr/sbin/irqbalance+0x1d7f7) /usr/src/debug/irqbalance-1.8.0.x86_64/irqbalance.c:308 Irqbalance#4 0x7f86add1568c (/usr/lib64/libglib-2.0.so.0+0x5168c) ??:? Irqbalance#5 0x7f86add14ba3 in g_main_context_dispatch (/usr/lib64/libglib-2.0.so.0+0x50ba3) ??:? Irqbalance#6 0x7f86add14f3f (/usr/lib64/libglib-2.0.so.0+0x50f3f) ??:? Irqbalance#7 0x7f86add1521c in g_main_loop_run (/usr/lib64/libglib-2.0.so.0+0x5121c) ??:? Irqbalance#8 0x56438e8025e2 (/usr/sbin/irqbalance+0x95e2) /usr/src/debug/irqbalance-1.8.0.x86_64/irqbalance.c:706 Irqbalance#9 0x7f86ad930c86 in __libc_start_main (/usr/lib64/libc.so.6+0x25c86) /usr/src/debug/glibc-2.28/csu/../csu/libc-start.c:308 Irqbalance#10 0x56438e802919 (/usr/sbin/irqbalance+0x9919) ??:? 0x60600000011e is located 0 bytes to the right of 62-byte region [0x6060000000e0,0x60600000011e) allocated by thread T0 here: #0 0x7f86adee3e70 in __interceptor_malloc (/usr/lib64/libasan.so.4+0xe0e70) ??:? Irqbalance#1 0x56438e80dfa8 (/usr/sbin/irqbalance+0x14fa8) /usr/src/debug/irqbalance-1.8.0.x86_64/irqbalance.c:505 Irqbalance#2 0x56438e81ab7f (/usr/sbin/irqbalance+0x21b7f) ??:0
liuchao173
added a commit
to liuchao173/irqbalance
that referenced
this pull request
Jun 30, 2022
when invoking setup_irqs in settings or invoking settings in setup_irqs, it doesn't break but enters another while loop. For example: # gdb program `pidof irqbalance-ui` (gdb) bt #0 0x0000ffffb0dcc7b0 in poll () from /usr/lib64/libc.so.6 Irqbalance#1 0x0000ffffb0e9097c in _nc_timed_wait () from /usr/lib64/libtinfo.so.6 Irqbalance#2 0x0000ffffb0ecc154 in _nc_wgetch () from /usr/lib64/libncursesw.so.6 Irqbalance#3 0x0000ffffb0eccb18 in wgetch () from /usr/lib64/libncursesw.so.6 Irqbalance#4 0x00000000004045d4 in setup_irqs () at ui/ui.c:637 Irqbalance#5 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#6 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#7 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#8 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#9 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#10 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#11 0x0000000000404084 in settings () at ui/ui.c:614 Irqbalance#12 0x0000000000401fac in key_loop (data=<optimized out>) at ui/irqbalance-ui.c:387 Irqbalance#13 0x0000ffffb105371c in ?? () from /usr/lib64/libglib-2.0.so.0 Irqbalance#14 0x0000ffffb1052a84 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 Irqbalance#15 0x0000ffffb1052e38 in ?? () from /usr/lib64/libglib-2.0.so.0 Irqbalance#16 0x0000ffffb1053188 in g_main_loop_run () from /usr/lib64/libglib-2.0.so.0 Irqbalance#17 0x000000000040196c in main (argc=<optimized out>, argv=<optimized out>) at ui/irqbalance-ui.c:445 Signed-off-by: Liu Chao <liuchao173@huawei.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The irq count was shared beetween all object with the
same type but it must be shared beetween children list
only.
Signed-off-by: Serj Kalichev serj.kalichev@gmail.com