From: Oleg Nesterov <oleg@redhat.com>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: viro@zeniv.linux.org.uk, rostedt@goodmis.org, fweisbec@gmail.com,
mingo@redhat.com, akpm@linux-foundation.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] argv_split: Return NULL if argument contains no non-whitespace.
Date: Sat, 14 Sep 2013 17:41:44 +0200 [thread overview]
Message-ID: <20130914154144.GA7884@redhat.com> (raw)
In-Reply-To: <201309141632.GHD86439.VLOOOFQFJtSMFH@I-love.SAKURA.ne.jp>
On 09/14, Tetsuo Handa wrote:
>
> # echo '|' > /proc/sys/kernel/core_pattern
>
> and got
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
Hmm. This was fixed by 264b83c07a8 "usermodehelper: check
subprocess_info->path != NULL".
But then this check was removed by 7f57cfa4e2a "usermodehelper:
kill the sub_info->path[0] check".
Note that the changelog says "do_execve(NULL) is safe" and I certainly
tested this case when I sent the patch...
Now it is crashes in path_openat() because pathname->name is NULL.
Something was changed, perhaps or (I'm afraid) I misread that code and
my testing was wrong. do_filp_open/etc were changed to accept
"struct filename *" a long ago.
> upon core dump because helper_argv[0] == NULL at
>
> helper_argv = argv_split(GFP_KERNEL, cn.corename, NULL);
> call_usermodehelper_setup(helper_argv[0], ...);
Are you sure? See above.
> --- a/lib/argv_split.c
> +++ b/lib/argv_split.c
> @@ -50,7 +50,7 @@ EXPORT_SYMBOL(argv_free);
> * quote processing is performed. Multiple whitespace characters are
> * considered to be a single argument separator. The returned array
> * is always NULL-terminated. Returns NULL on memory allocation
> - * failure.
> + * failure or @str being empty or @str containing only white-space.
> *
> * The source string at `str' may be undergoing concurrent alteration via
> * userspace sysctl activity (at least). The argv_split() implementation
> @@ -68,6 +68,10 @@ char **argv_split(gfp_t gfp, const char *str, int *argcp)
> return NULL;
>
> argc = count_argc(argv_str);
> + if (!argc) {
> + kfree(argv_str);
> + return NULL;
> + }
Yes, this is what 264b83c07a8 suggested... But I am not sure, if nothing
else pr_warn("failed to allocate memory") from do_coredump() doesn't look
nice in this case.
Perhaps
--- x/kernel/kmod.c
+++ x/kernel/kmod.c
@@ -571,6 +571,9 @@ int call_usermodehelper_exec(struct subp
DECLARE_COMPLETION_ONSTACK(done);
int retval = 0;
+ if (!sub_info->path)
+ return -EXXX;
+
helper_lock();
if (!khelper_wq || usermodehelper_disabled) {
retval = -EBUSY;
?
Oleg.
next prev parent reply other threads:[~2013-09-14 15:48 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-14 7:32 [PATCH] argv_split: Return NULL if argument contains no non-whitespace Tetsuo Handa
2013-09-14 15:41 ` Oleg Nesterov [this message]
2013-09-15 0:10 ` [PATCH] argv_split: Return NULL if argument contains nonon-whitespace Tetsuo Handa
2013-09-15 14:23 ` [PATCH] kmod: Check for NULL at call_usermodehelper_exec() Tetsuo Handa
2013-09-15 16:31 ` Oleg Nesterov
2013-09-15 17:02 ` Tetsuo Handa
2013-09-15 17:15 ` Oleg Nesterov
2013-09-15 17:26 ` Tetsuo Handa
2013-09-15 17:34 ` Oleg Nesterov
2013-09-23 21:12 ` Tetsuo Handa
2013-09-23 21:30 ` Andrew Morton
2013-09-24 14:58 ` Tetsuo Handa
2013-09-15 16:26 ` [PATCH] argv_split: Return NULL if argument contains nonon-whitespace Oleg Nesterov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130914154144.GA7884@redhat.com \
--to=oleg@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rostedt@goodmis.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.