* [uml-devel] UML crashes when built with _FORTIFY_SOURCE
@ 2008-10-24 23:08 Roman Yepishev
2008-10-31 19:14 ` Jeff Dike
0 siblings, 1 reply; 3+ messages in thread
From: Roman Yepishev @ 2008-10-24 23:08 UTC (permalink / raw)
To: user-mode-linux-devel
Hello,
When UML kernel is built with _FORTIFY_SOURCE defined, then all
arguments for snprintf, printf etc. are checked by glibc.
mconsole_init defines file[256] which is used later to construct the
socket path.
file is then passed to os_create_unix_socket which in turn uses
sockaddr_un to describe the socket.
The problem happens when snprintf tries to fit file into sun_path
which is only 108 bytes long. The checks fail and kernel abort()s.
Temporary solution is to fix file declaration to be 108 or less bytes
but checks should be introduced when socket path is constructed.
The complete history of bug is here:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/284631
--
Regards,
Roman Yepishev
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [uml-devel] UML crashes when built with _FORTIFY_SOURCE
2008-10-24 23:08 [uml-devel] UML crashes when built with _FORTIFY_SOURCE Roman Yepishev
@ 2008-10-31 19:14 ` Jeff Dike
2008-11-03 21:35 ` Roman Yepishev
0 siblings, 1 reply; 3+ messages in thread
From: Jeff Dike @ 2008-10-31 19:14 UTC (permalink / raw)
To: Roman Yepishev; +Cc: user-mode-linux-devel
On Sat, Oct 25, 2008 at 02:08:31AM +0300, Roman Yepishev wrote:
> Temporary solution is to fix file declaration to be 108 or less bytes
> but checks should be introduced when socket path is constructed.
I don't really understand what you mean by checks being introduced,
but how do you like the patch below?
Jeff
--
Work email - jdike at linux dot intel dot com
diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c
index 19d579d..cc88ef7 100644
--- a/arch/um/drivers/mconsole_kern.c
+++ b/arch/um/drivers/mconsole_kern.c
@@ -785,11 +785,12 @@ static int __init mconsole_init(void)
/* long to avoid size mismatch warnings from gcc */
long sock;
int err;
- char file[256];
+ char file[UM_UNIX_PATH_MAX];
if (umid_file_name("mconsole", file, sizeof(file)))
return -1;
- snprintf(mconsole_socket_name, sizeof(file), "%s", file);
+ snprintf(mconsole_socket_name, sizeof(file) - 1, "%s", file);
+ file[sizeof(file) - 1] = '\0';
sock = os_create_unix_socket(file, sizeof(file), 1);
if (sock < 0) {
diff --git a/arch/um/drivers/mconsole_user.c b/arch/um/drivers/mconsole_user.c
index f8cf4c8..f00735e 100644
--- a/arch/um/drivers/mconsole_user.c
+++ b/arch/um/drivers/mconsole_user.c
@@ -9,7 +9,7 @@
#include <unistd.h>
#include <sys/socket.h>
#include <sys/uio.h>
-#include <sys/un.h>
+#include <linux/un.h>
#include "kern_constants.h"
#include "mconsole.h"
#include "user.h"
@@ -37,7 +37,7 @@ static struct mconsole_command commands[] = {
};
/* Initialized in mconsole_init, which is an initcall */
-char mconsole_socket_name[256];
+char mconsole_socket_name[UNIX_PATH_MAX];
static int mconsole_reply_v0(struct mc_request *req, char *reply)
{
diff --git a/arch/um/sys-i386/user-offsets.c b/arch/um/sys-i386/user-offsets.c
index 5f883bf..5e4ae72 100644
--- a/arch/um/sys-i386/user-offsets.c
+++ b/arch/um/sys-i386/user-offsets.c
@@ -2,8 +2,10 @@
#include <stddef.h>
#include <signal.h>
#include <sys/poll.h>
+#include <sys/socket.h>
#include <sys/user.h>
#include <sys/mman.h>
+#include <linux/un.h>
#include <asm/ptrace.h>
#define DEFINE(sym, val) \
@@ -50,4 +52,6 @@ void foo(void)
DEFINE(UM_PROT_READ, PROT_READ);
DEFINE(UM_PROT_WRITE, PROT_WRITE);
DEFINE(UM_PROT_EXEC, PROT_EXEC);
+
+ DEFINE(UM_UNIX_PATH_MAX, UNIX_PATH_MAX);
}
diff --git a/arch/um/sys-x86_64/user-offsets.c b/arch/um/sys-x86_64/user-offsets.c
index 9735854..e47b3bd 100644
--- a/arch/um/sys-x86_64/user-offsets.c
+++ b/arch/um/sys-x86_64/user-offsets.c
@@ -4,6 +4,7 @@
#include <sys/poll.h>
#include <sys/mman.h>
#include <sys/user.h>
+#include <linux/un.h>
#define __FRAME_OFFSETS
#include <asm/ptrace.h>
#include <asm/types.h>
@@ -62,4 +63,6 @@ void foo(void)
DEFINE(UM_PROT_READ, PROT_READ);
DEFINE(UM_PROT_WRITE, PROT_WRITE);
DEFINE(UM_PROT_EXEC, PROT_EXEC);
+
+ DEFINE(UM_UNIX_PATH_MAX, UNIX_PATH_MAX);
}
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [uml-devel] UML crashes when built with _FORTIFY_SOURCE
2008-10-31 19:14 ` Jeff Dike
@ 2008-11-03 21:35 ` Roman Yepishev
0 siblings, 0 replies; 3+ messages in thread
From: Roman Yepishev @ 2008-11-03 21:35 UTC (permalink / raw)
To: Jeff Dike; +Cc: user-mode-linux-devel
On Fri, Oct 31, 2008 at 9:14 PM, Jeff Dike <jdike@addtoit.com> wrote:
> On Sat, Oct 25, 2008 at 02:08:31AM +0300, Roman Yepishev wrote:
>> Temporary solution is to fix file declaration to be 108 or less bytes
>> but checks should be introduced when socket path is constructed.
>
> I don't really understand what you mean by checks being introduced,
> but how do you like the patch below?
>
> Jeff
>
> --
> Work email - jdike at linux dot intel dot com
>
[patch skipped]
Looks great, checked on i386 system - successfully builds and runs
with _FORTIFY_SOURCE.
By "checks" i meant the case when uml_dir and/or umid is too long to be used.
Currently the execution continues with a humble message
NET: Registered protocol family 1
>umid_file_name : buffer too short
Checking host MADV_REMOVE support...OK
Host TLS support detected
I guess this case should be documented somehow as well.
--
Regards,
Roman Yepishev
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-11-03 21:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-10-24 23:08 [uml-devel] UML crashes when built with _FORTIFY_SOURCE Roman Yepishev
2008-10-31 19:14 ` Jeff Dike
2008-11-03 21:35 ` Roman Yepishev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.