hv: kvp: Avoid reading past allocated blocks from KVP file

While reading in more than one block (50) of KVP records, the allocation goes per block, but the reads used the total number of allocated records (without resetting the pointer/stream). This causes the records buffer to overrun when the refresh reads more than one block over the previous capacity (e.g. reading more than 100 KVP records whereas the in-memory database was empty before). Fix this by reading the correct number of KVP records from file each time. Signed-off-by: Paul Meyer <Paul.Meyer@microsoft.com> Signed-off-by: Long Li <longli@microsoft.com> Cc: stable@vger.kernel.org Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Paul Meyer <Paul.Meyer@microsoft.com> 2017-11-14 15:06:47 -0500
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-11-28 10:56:26 -0500
commit: 297d6b6e56c2977fc504c61bbeeaa21296923f89 (patch)
tree: f9bb8a9204769647e7341dca0f26d1a6cc77e360 /tools
parent: 7fa32e5ec28b1609abc0b797b58267f725fc3964 (diff)
1 files changed, 14 insertions, 56 deletions
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index eaa3bec273c8..4c99c57736ce 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -193,11 +193,14 @@ static void kvp_update_mem_state(int pool)
        for (;;) {
                readp = &record[records_read];
                records_read += fread(readp, sizeof(struct kvp_record),
-                                        ENTRIES_PER_BLOCK * num_blocks,
+                                ENTRIES_PER_BLOCK * num_blocks - records_read,
-                                        filep);
+                                filep);
                if (ferror(filep)) {
-                        syslog(LOG_ERR, "Failed to read file, pool: %d", pool);
+                        syslog(LOG_ERR,
+                                "Failed to read file, pool: %d; error: %d %s",
+                                 pool, errno, strerror(errno));
+                        kvp_release_lock(pool);
                        exit(EXIT_FAILURE);
                }
@@ -210,6 +213,7 @@ static void kvp_update_mem_state(int pool)
                        if (record == NULL) {
                                syslog(LOG_ERR, "malloc failed");
+                                kvp_release_lock(pool);
                                exit(EXIT_FAILURE);
                        }
                        continue;
@@ -224,15 +228,11 @@ static void kvp_update_mem_state(int pool)
        fclose(filep);
        kvp_release_lock(pool);
 }
 static int kvp_file_init(void)
 {
        int  fd;
-        FILE *filep;
-        size_t records_read;
        char *fname;
-        struct kvp_record *record;
-        struct kvp_record *readp;
-        int num_blocks;
        int i;
        int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK;
@@ -246,61 +246,19 @@ static int kvp_file_init(void)
        for (i = 0; i < KVP_POOL_COUNT; i++) {
                fname = kvp_file_info[i].fname;
-                records_read = 0;
-                num_blocks = 1;
                sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i);
                fd = open(fname, O_RDWR | O_CREAT | O_CLOEXEC, 0644 /* rw-r--r-- */);
                if (fd == -1)
                        return 1;
-                filep = fopen(fname, "re");
-                if (!filep) {
-                        close(fd);
-                        return 1;
-                }
-                record = malloc(alloc_unit * num_blocks);
-                if (record == NULL) {
-                        fclose(filep);
-                        close(fd);
-                        return 1;
-                }
-                for (;;) {
-                        readp = &record[records_read];
-                        records_read += fread(readp, sizeof(struct kvp_record),
-                                        ENTRIES_PER_BLOCK,
-                                        filep);
-                        if (ferror(filep)) {
-                                syslog(LOG_ERR, "Failed to read file, pool: %d",
-                                       i);
-                                exit(EXIT_FAILURE);
-                        }
-                        if (!feof(filep)) {
-                                /*
-                                 * We have more data to read.
-                                 */
-                                num_blocks++;
-                                record = realloc(record, alloc_unit *
-                                                num_blocks);
-                                if (record == NULL) {
-                                        fclose(filep);
-                                        close(fd);
-                                        return 1;
-                                }
-                                continue;
-                        }
-                        break;
-                }
                kvp_file_info[i].fd = fd;
-                kvp_file_info[i].num_blocks = num_blocks;
+                kvp_file_info[i].num_blocks = 1;
-                kvp_file_info[i].records = record;
+                kvp_file_info[i].records = malloc(alloc_unit);
-                kvp_file_info[i].num_records = records_read;
+                if (kvp_file_info[i].records == NULL)
-                fclose(filep);
+                        return 1;
+                kvp_file_info[i].num_records = 0;
+                kvp_update_mem_state(i);
        }
        return 0;
author	Paul Meyer <Paul.Meyer@microsoft.com>	2017-11-14 15:06:47 -0500
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-11-28 10:56:26 -0500
commit	297d6b6e56c2977fc504c61bbeeaa21296923f89 (patch)
tree	f9bb8a9204769647e7341dca0f26d1a6cc77e360 /tools
parent	7fa32e5ec28b1609abc0b797b58267f725fc3964 (diff)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c index eaa3bec273c8..4c99c57736ce 100644 --- a/tools/hv/hv_kvp_daemon.c +++ b/tools/hv/hv_kvp_daemon.c
@@ -193,11 +193,14 @@ static void kvp_update_mem_state(int pool)
193	for (;;) {	193	for (;;) {
194	readp = &record[records_read];	194	readp = &record[records_read];
195	records_read += fread(readp, sizeof(struct kvp_record),	195	records_read += fread(readp, sizeof(struct kvp_record),
196	ENTRIES_PER_BLOCK * num_blocks,	196	ENTRIES_PER_BLOCK * num_blocks - records_read,
197	filep);	197	filep);
198		198
199	if (ferror(filep)) {	199	if (ferror(filep)) {
200	syslog(LOG_ERR, "Failed to read file, pool: %d", pool);	200	syslog(LOG_ERR,
		201	"Failed to read file, pool: %d; error: %d %s",
		202	pool, errno, strerror(errno));
		203	kvp_release_lock(pool);
201	exit(EXIT_FAILURE);	204	exit(EXIT_FAILURE);
202	}	205	}
203		206
@@ -210,6 +213,7 @@ static void kvp_update_mem_state(int pool)
210		213
211	if (record == NULL) {	214	if (record == NULL) {
212	syslog(LOG_ERR, "malloc failed");	215	syslog(LOG_ERR, "malloc failed");
		216	kvp_release_lock(pool);
213	exit(EXIT_FAILURE);	217	exit(EXIT_FAILURE);
214	}	218	}
215	continue;	219	continue;
@@ -224,15 +228,11 @@ static void kvp_update_mem_state(int pool)
224	fclose(filep);	228	fclose(filep);
225	kvp_release_lock(pool);	229	kvp_release_lock(pool);
226	}	230	}
		231
227	static int kvp_file_init(void)	232	static int kvp_file_init(void)
228	{	233	{
229	int fd;	234	int fd;
230	FILE *filep;
231	size_t records_read;
232	char *fname;	235	char *fname;
233	struct kvp_record *record;
234	struct kvp_record *readp;
235	int num_blocks;
236	int i;	236	int i;
237	int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK;	237	int alloc_unit = sizeof(struct kvp_record) * ENTRIES_PER_BLOCK;
238		238
@@ -246,61 +246,19 @@ static int kvp_file_init(void)
246		246
247	for (i = 0; i < KVP_POOL_COUNT; i++) {	247	for (i = 0; i < KVP_POOL_COUNT; i++) {
248	fname = kvp_file_info[i].fname;	248	fname = kvp_file_info[i].fname;
249	records_read = 0;
250	num_blocks = 1;
251	sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i);	249	sprintf(fname, "%s/.kvp_pool_%d", KVP_CONFIG_LOC, i);
252	fd = open(fname, O_RDWR \| O_CREAT \| O_CLOEXEC, 0644 /* rw-r--r-- */);	250	fd = open(fname, O_RDWR \| O_CREAT \| O_CLOEXEC, 0644 /* rw-r--r-- */);
253		251
254	if (fd == -1)	252	if (fd == -1)
255	return 1;	253	return 1;
256		254
257
258	filep = fopen(fname, "re");
259	if (!filep) {
260	close(fd);
261	return 1;
262	}
263
264	record = malloc(alloc_unit * num_blocks);
265	if (record == NULL) {
266	fclose(filep);
267	close(fd);
268	return 1;
269	}
270	for (;;) {
271	readp = &record[records_read];
272	records_read += fread(readp, sizeof(struct kvp_record),
273	ENTRIES_PER_BLOCK,
274	filep);
275
276	if (ferror(filep)) {
277	syslog(LOG_ERR, "Failed to read file, pool: %d",
278	i);
279	exit(EXIT_FAILURE);
280	}
281
282	if (!feof(filep)) {
283	/*
284	* We have more data to read.
285	*/
286	num_blocks++;
287	record = realloc(record, alloc_unit *
288	num_blocks);
289	if (record == NULL) {
290	fclose(filep);
291	close(fd);
292	return 1;
293	}
294	continue;
295	}
296	break;
297	}
298	kvp_file_info[i].fd = fd;	255	kvp_file_info[i].fd = fd;
299	kvp_file_info[i].num_blocks = num_blocks;	256	kvp_file_info[i].num_blocks = 1;
300	kvp_file_info[i].records = record;	257	kvp_file_info[i].records = malloc(alloc_unit);
301	kvp_file_info[i].num_records = records_read;	258	if (kvp_file_info[i].records == NULL)
302	fclose(filep);	259	return 1;
303		260	kvp_file_info[i].num_records = 0;
		261	kvp_update_mem_state(i);
304	}	262	}
305		263
306	return 0;	264	return 0;