From: Chen Gang <gang.chen@asianux.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Stephen Boyd <sboyd@codeaurora.org>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] kernel: kallsyms: memory override issue, need check destination buffer length
Date: Mon, 15 Apr 2013 12:30:11 +0800 [thread overview]
Message-ID: <516B8253.7010104@asianux.com> (raw)
In-Reply-To: <87y5ck8s5x.fsf@rustcorp.com.au>
On 2013年04月15日 10:05, Rusty Russell wrote:
> Chen Gang <gang.chen@asianux.com> writes:
>> > We don't export any symbols > 128 characters, but if we did then
>> > kallsyms_expand_symbol() would overflow the buffer handed to it.
>> > So we need check destination buffer length when copying.
>> >
>> > the related test:
>> > if we define an EXPORT function which name more than 128.
>> > will panic when call kallsyms_lookup_name by init_kprobes on booting.
>> > after check the length (provide this patch), it is ok.
>> >
>> > Implementaion:
>> > add additional destination buffer length parameter (maxlen)
>> > if uncompressed string is too long (>= maxlen), it will be truncated.
>> > not check the parameters whether valid, since it is a static function.
> Found a bug already:
>
> kernel/kallsyms.c: In function ‘kallsyms_lookup’:
> kernel/kallsyms.c:305:78: error: negative width in bit-field ‘<anonymous>’
> kernel/kallsyms.c: In function ‘lookup_symbol_name’:
> kernel/kallsyms.c:327:78: error: negative width in bit-field ‘<anonymous>’
> kernel/kallsyms.c: In function ‘lookup_symbol_attrs’:
> kernel/kallsyms.c:346:69: error: negative width in bit-field ‘<anonymous>’
>
oh... it is my fault, I will send v3.
I only tested kallsyms_on_each_symbol and kallsyms_lookup_name (they
were of cause OK). , not test others.
ARRAY_SIZE is really valuable to help find bugs.
and next, after code changes, I should compile it again, at least.
:-)
> Cheers,
--
Chen Gang
Asianux Corporation
next prev parent reply other threads:[~2013-04-15 4:30 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-11 3:15 [PATCH] kernel: kallsyms: memory override issue, need check destination buffer length Chen Gang
2013-04-11 4:08 ` Rusty Russell
2013-04-11 4:19 ` Chen Gang
2013-04-11 5:32 ` [PATCH v2] " Chen Gang
2013-04-12 9:48 ` Chen Gang
2013-04-15 2:05 ` Rusty Russell
2013-04-15 4:30 ` Chen Gang [this message]
2013-04-15 4:47 ` [PATCH v3] " Chen Gang
2013-04-15 5:48 ` Rusty Russell
2013-04-16 1:19 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=516B8253.7010104@asianux.com \
--to=gang.chen@asianux.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=sboyd@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.