[Nut-upsuser] Bug#439055: hid driver tries to mmap huge area, fails

Justin Piszcz jpiszcz at lucidpixels.com
Sat Sep 8 08:55:21 UTC 2007



On Sat, 8 Sep 2007, Justin Piszcz wrote:

>
>
> On Sat, 8 Sep 2007, Arjen de Korte wrote:
>
>>>> I tried stracing /lib/nut/newhidups:
>>>>
>>>> write(2, "Path: UPS.Battery.ff86001b, Type"..., 59) = 59
>>>> write(2, "entering path_to_string()\n", 26) = 26
>>>> write(2, "Looking up 00840004\n", 20)   = 20
>>>> write(2, "Looking up 00840012\n", 20)   = 20
>>>> write(2, "Looking up ff860016\n", 20)   = 20
>>>> write(2, "entering string_to_path()\n", 26) = 26
>>>> write(2, "parsing UPS\n", 12)           = 12
>>>> write(2, "Looking up UPS\n", 15)        = 15
>>>> write(2, "hid_lookup_usage: found 840004\n", 31) = 31
>>>> write(2, "parsing Battery\n", 16)       = 16
>>>> write(2, "Looking up Battery\n", 19)    = 19
>>>> write(2, "hid_lookup_usage: found 840012\n", 31) = 31
>>>> write(2, "parsing APCBattReplaceDate\n", 27) = 27
>>>> write(2, "Looking up APCBattReplaceDate\n", 30) = 30
>>>> write(2, "hid_lookup_usage: found ff860016"..., 33) = 33
>>>> write(2, "Path depth = 3\n", 15)        = 15
>>>> write(2, "0: Usage(00840004)\n", 19)    = 19
>>>> write(2, "1: Usage(00840012)\n", 19)    = 19
>>>> write(2, "2: Usage(ff860016)\n", 19)    = 19
>>>> mmap2(NULL, 822218752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
>>>> brk(0x31078000)                         = 0x46000
>>>> mmap2(NULL, 822349824, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
>>>> mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xa221a000
>>>> munmap(0xa221a000, 942080)              = 0
>>>> munmap(0xa2400000, 106496)              = 0
>>>> mprotect(0xa2300000, 135168, PROT_READ|PROT_WRITE) = 0
>>>> mmap2(NULL, 822218752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
>>>> write(2, "Can\'t retrieve Report 69 (12): C"..., 54) = 54
>>
>> It looks like it fails while attempting to read a variable from the UPS
>> (it would be better though to run the driver in debug mode though, mmap
>> should only be used as a last resort).
>>
>>
>>>> These mmaps are suspicious. 822218752 bytes is 784 megabytes. I have
>>>> attached the whole strace. I also have this problem with nut 2.2.0,
>>>> using the usbhid-ups driver, strace looks the same. The strace using
>>>> version 2.0.4-4 shows much more sane looking mmaps:
>>>>
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4
>>>> mmap2(NULL, 22877, PROT_READ, MAP_PRIVATE, 4, 0) = 0x40157000
>>
>> That may just be a coincidence. We had a problem with uninitialized
>> storage space in the hidparser, which caused the size of expected
>> replies from the UPS to be calculated wrong for report ids 64-255. Since
>> the driver will attempt to allocate the length of the expected reply
>> *before* reading it, this may case this problem.
>>
>> This bug has been in the newhidups driver from day 1, so this is not
>> something that was introduced after nut-2.0.4. It has been fixed in SVN
>> version 1079 though, so could you try out the development version from
>> the trunk?
>>
>> Best regards, Arjen
>>
>> _______________________________________________
>> Nut-upsuser mailing list
>> Nut-upsuser at lists.alioth.debian.org
>> http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser
>>
>
> Is there a way I can install it to a $PREFIX_DIRECTORY and not have it
> install it to /lib and all over the place and have it still work?  Last
> time I tried I did not have much luck..
>
> Justin.
>
> _______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser
>

$ ./configure --with-user=nut --with-group=nut 
--prefix=/app/nut-trunk-1091

checking sys/time.h presence... yes
checking for sys/time.h... yes
./configure: line 5460: NUT_TYPE_SOCKLEN_T: command not found
./configure: line 5461: NUT_TYPE_UINT16_T: command not found
./configure: line 5462: NUT_TYPE_UINT8_T: command not found
checking for --with-all... not given
./configure: line 5492: syntax error near unexpected token `serial,'
./configure: line 5492: `NUT_ARG_WITH(serial, build and install serial 
drivers, yes)'

autoconf/automake do not produce a working configure and no configure in 
trunk?



More information about the Nut-upsuser mailing list