From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chen Gang Subject: Re: [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing Date: Tue, 28 May 2013 19:21:01 +0800 Message-ID: <51A4931D.9090209@asianux.com> References: <51A1E3B3.4060901@asianux.com> <51A2BE2C.2000004@asianux.com> <20130528104250.GE10474@mudshark.cambridge.arm.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20130528104250.GE10474@mudshark.cambridge.arm.com> Sender: linux-kernel-owner@vger.kernel.org To: Will Deacon Cc: Catalin Marinas , "vgupta@synopsys.com" , Tony Lindgren , Santosh Shilimkar , Andrew Morton , Rusty Russell , "linux-arm-kernel@lists.infradead.org" , "linux-kernel@vger.kernel.org" , Linux-Arch List-Id: linux-arch.vger.kernel.org On 05/28/2013 06:42 PM, Will Deacon wrote: > Hello, > > On Mon, May 27, 2013 at 03:00:12AM +0100, Chen Gang wrote: >> > >> > When failure occurs at the last looping cycle (when 'i == 0'), it will >> > print "bad PC value" instead of "(%08x) ", which needs additional 1 >> > byte. >> > >> > If not add 1 byte, the 'str' may be memory overflow. >> > >> > >> > Signed-off-by: Chen Gang >> > --- >> > arch/arm64/kernel/traps.c | 2 +- >> > 1 files changed, 1 insertions(+), 1 deletions(-) >> > >> > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c >> > index 61d7dd2..c2f68d2 100644 >> > --- a/arch/arm64/kernel/traps.c >> > +++ b/arch/arm64/kernel/traps.c >> > @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs) >> > { >> > unsigned long addr = instruction_pointer(regs); >> > mm_segment_t fs; >> > - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str; >> > + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str; >> > int i; > Whilst this code is difficult to follow, I don't think it's incorrect. > The size of the str array is: > > sizeof("00000000 ") = 8 ('0's) + 1 (space) + 1 (NUL) = 10 bytes Oh, it is my fault, I miss the "1 (NUL)". > *5 = 50 bytes > +2 (for the two brackets when i == 0) = 52 bytes > +1 (this is for the "bad PC value") = 53 bytes > > In the worst case (when the PC is bad) we print: > > "%08x " x4 = (8 + 1 + 1) *4 = 40 bytes Actually, it is 36 bytes, for sprintf() return the length excluding NUL. (although, we still need notice the last NUL) > "bad PC value" = 12 + 1 = 13 bytes > > so again, 53 bytes. > So again, 49 bytes. ;-) > .. or have I missed a character somewhere? > NO, I missed characters, but you 'find' more characters. :-) All together, this patch is incorrect, original implementation will not cause issue. Thanks -- Chen Gang Asianux Corporation From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from intranet.asianux.com ([58.214.24.6]:12184 "EHLO intranet.asianux.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758755Ab3E1LV5 (ORCPT ); Tue, 28 May 2013 07:21:57 -0400 Message-ID: <51A4931D.9090209@asianux.com> Date: Tue, 28 May 2013 19:21:01 +0800 From: Chen Gang MIME-Version: 1.0 Subject: Re: [PATCH v2] arch: arm64: kernel: sprintf(), 'str' needs additional 1 byte for failure processing References: <51A1E3B3.4060901@asianux.com> <51A2BE2C.2000004@asianux.com> <20130528104250.GE10474@mudshark.cambridge.arm.com> In-Reply-To: <20130528104250.GE10474@mudshark.cambridge.arm.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: linux-arch-owner@vger.kernel.org List-ID: To: Will Deacon Cc: Catalin Marinas , "vgupta@synopsys.com" , Tony Lindgren , Santosh Shilimkar , Andrew Morton , Rusty Russell , "linux-arm-kernel@lists.infradead.org" , "linux-kernel@vger.kernel.org" , Linux-Arch Message-ID: <20130528112101.KG-pIdHyaHfBhOO4G4MDNnbjBupT-P2qyHEs-Ofk4xo@z> On 05/28/2013 06:42 PM, Will Deacon wrote: > Hello, > > On Mon, May 27, 2013 at 03:00:12AM +0100, Chen Gang wrote: >> > >> > When failure occurs at the last looping cycle (when 'i == 0'), it will >> > print "bad PC value" instead of "(%08x) ", which needs additional 1 >> > byte. >> > >> > If not add 1 byte, the 'str' may be memory overflow. >> > >> > >> > Signed-off-by: Chen Gang >> > --- >> > arch/arm64/kernel/traps.c | 2 +- >> > 1 files changed, 1 insertions(+), 1 deletions(-) >> > >> > diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c >> > index 61d7dd2..c2f68d2 100644 >> > --- a/arch/arm64/kernel/traps.c >> > +++ b/arch/arm64/kernel/traps.c >> > @@ -100,7 +100,7 @@ static void dump_instr(const char *lvl, struct pt_regs *regs) >> > { >> > unsigned long addr = instruction_pointer(regs); >> > mm_segment_t fs; >> > - char str[sizeof("00000000 ") * 5 + 2 + 1], *p = str; >> > + char str[sizeof("00000000 ") * 5 + 2 + 1 + 1], *p = str; >> > int i; > Whilst this code is difficult to follow, I don't think it's incorrect. > The size of the str array is: > > sizeof("00000000 ") = 8 ('0's) + 1 (space) + 1 (NUL) = 10 bytes Oh, it is my fault, I miss the "1 (NUL)". > *5 = 50 bytes > +2 (for the two brackets when i == 0) = 52 bytes > +1 (this is for the "bad PC value") = 53 bytes > > In the worst case (when the PC is bad) we print: > > "%08x " x4 = (8 + 1 + 1) *4 = 40 bytes Actually, it is 36 bytes, for sprintf() return the length excluding NUL. (although, we still need notice the last NUL) > "bad PC value" = 12 + 1 = 13 bytes > > so again, 53 bytes. > So again, 49 bytes. ;-) > .. or have I missed a character somewhere? > NO, I missed characters, but you 'find' more characters. :-) All together, this patch is incorrect, original implementation will not cause issue. Thanks -- Chen Gang Asianux Corporation