From: Rusty Russell <rusty@rustcorp.com.au>
To: Chen Gang <gang.chen@asianux.com>
Cc: Stephen Boyd <sboyd@codeaurora.org>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] kernel: kallsyms: memory override issue, need check destination buffer length
Date: Mon, 15 Apr 2013 11:35:30 +0930 [thread overview]
Message-ID: <87y5ck8s5x.fsf@rustcorp.com.au> (raw)
In-Reply-To: <51664B04.7000207@asianux.com>
Chen Gang <gang.chen@asianux.com> writes:
> We don't export any symbols > 128 characters, but if we did then
> kallsyms_expand_symbol() would overflow the buffer handed to it.
> So we need check destination buffer length when copying.
>
> the related test:
> if we define an EXPORT function which name more than 128.
> will panic when call kallsyms_lookup_name by init_kprobes on booting.
> after check the length (provide this patch), it is ok.
>
> Implementaion:
> add additional destination buffer length parameter (maxlen)
> if uncompressed string is too long (>= maxlen), it will be truncated.
> not check the parameters whether valid, since it is a static function.
Found a bug already:
kernel/kallsyms.c: In function ‘kallsyms_lookup’:
kernel/kallsyms.c:305:78: error: negative width in bit-field ‘<anonymous>’
kernel/kallsyms.c: In function ‘lookup_symbol_name’:
kernel/kallsyms.c:327:78: error: negative width in bit-field ‘<anonymous>’
kernel/kallsyms.c: In function ‘lookup_symbol_attrs’:
kernel/kallsyms.c:346:69: error: negative width in bit-field ‘<anonymous>’
Cheers,
Rusty.
next prev parent reply other threads:[~2013-04-15 3:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-11 3:15 [PATCH] kernel: kallsyms: memory override issue, need check destination buffer length Chen Gang
2013-04-11 4:08 ` Rusty Russell
2013-04-11 4:19 ` Chen Gang
2013-04-11 5:32 ` [PATCH v2] " Chen Gang
2013-04-12 9:48 ` Chen Gang
2013-04-15 2:05 ` Rusty Russell [this message]
2013-04-15 4:30 ` Chen Gang
2013-04-15 4:47 ` [PATCH v3] " Chen Gang
2013-04-15 5:48 ` Rusty Russell
2013-04-16 1:19 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y5ck8s5x.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=akpm@linux-foundation.org \
--cc=gang.chen@asianux.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sboyd@codeaurora.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.