[PATCH] modpost: fix segfault with short symbol names

linux-kbuild.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] modpost: fix segfault with short symbol names
@ 2009-12-12 11:02 Michal Marek
  2009-12-12 15:26 ` Segher Boessenkool
  2009-12-14 23:41 ` Rusty Russell
  0 siblings, 2 replies; 8+ messages in thread
From: Michal Marek @ 2009-12-12 11:02 UTC (permalink / raw)
  To: Rusty Russell; +Cc: linux-kbuild, linux-kernek

memcmp() is wrong here, the symbol name can be shorter than KSYMTAB_PFX
or CRC_PFX.

Signed-off-by: Michal Marek <mmarek@suse.cz>
---
 scripts/mod/modpost.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 801a16a..065ee0b 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -515,7 +515,7 @@ static void handle_modversions(struct module *mod, struct elf_info *info,
 		break;
 	case SHN_ABS:
 		/* CRC'd symbol */
-		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
+		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
 			crc = (unsigned int) sym->st_value;
 			sym_update_crc(symname + strlen(CRC_PFX), mod, crc,
 					export);
@@ -559,7 +559,7 @@ static void handle_modversions(struct module *mod, struct elf_info *info,
 		break;
 	default:
 		/* All exported symbols */
-		if (memcmp(symname, KSYMTAB_PFX, strlen(KSYMTAB_PFX)) == 0) {
+		if (strncmp(symname, KSYMTAB_PFX, strlen(KSYMTAB_PFX)) == 0) {
 			sym_add_exported(symname + strlen(KSYMTAB_PFX), mod,
 					export);
 		}
-- 
1.6.5.3


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-12 11:02 [PATCH] modpost: fix segfault with short symbol names Michal Marek
@ 2009-12-12 15:26 ` Segher Boessenkool
  2009-12-14 10:06   ` Michal Marek
  2009-12-14 23:41 ` Rusty Russell
  1 sibling, 1 reply; 8+ messages in thread
From: Segher Boessenkool @ 2009-12-12 15:26 UTC (permalink / raw)
  To: Michal Marek; +Cc: Rusty Russell, linux-kbuild

> memcmp() is wrong here, the symbol name can be shorter than  
> KSYMTAB_PFX
> or CRC_PFX.

> -		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
> +		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {

This doesn't change anything.  In both cases the function will return 0
only if all strlen(CRC_PFX) chars match, and in both cases it can access
strlen(CRC_PFX) chars (strncmp() is allowed to access characters after
the first \0 just fine).


Segher


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-12 15:26 ` Segher Boessenkool
@ 2009-12-14 10:06   ` Michal Marek
  2009-12-14 12:29     ` Segher Boessenkool
  2009-12-14 13:33     ` Segher Boessenkool
  0 siblings, 2 replies; 8+ messages in thread
From: Michal Marek @ 2009-12-14 10:06 UTC (permalink / raw)
  To: Segher Boessenkool; +Cc: Rusty Russell, linux-kbuild

On Sat, Dec 12, 2009 at 04:26:20PM +0100, Segher Boessenkool wrote:
> >memcmp() is wrong here, the symbol name can be shorter than
> >KSYMTAB_PFX
> >or CRC_PFX.
> 
> >-		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
> >+		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
> 
> This doesn't change anything.  In both cases the function will return 0
> only if all strlen(CRC_PFX) chars match, and in both cases it can access
> strlen(CRC_PFX) chars (strncmp() is allowed to access characters after
> the first \0 just fine).

str(n)cmp is not allowed to access characters past the NUL byte.

Michal

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-14 10:06   ` Michal Marek
@ 2009-12-14 12:29     ` Segher Boessenkool
  2009-12-14 13:33     ` Segher Boessenkool
  1 sibling, 0 replies; 8+ messages in thread
From: Segher Boessenkool @ 2009-12-14 12:29 UTC (permalink / raw)
  To: Michal Marek; +Cc: Rusty Russell, linux-kbuild

>>> memcmp() is wrong here, the symbol name can be shorter than
>>> KSYMTAB_PFX
>>> or CRC_PFX.
>>
>>> -		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
>>> +		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
>>
>> This doesn't change anything.  In both cases the function will  
>> return 0
>> only if all strlen(CRC_PFX) chars match, and in both cases it can  
>> access
>> strlen(CRC_PFX) chars (strncmp() is allowed to access characters  
>> after
>> the first \0 just fine).
>
> str(n)cmp is not allowed to access characters past the NUL byte.

You are wrong.  strncmp() _is_ allowed to do that.  So this patch
doesn't change anything.


Segher


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-14 10:06   ` Michal Marek
  2009-12-14 12:29     ` Segher Boessenkool
@ 2009-12-14 13:33     ` Segher Boessenkool
  2009-12-14 16:32       ` Michal Marek
  2009-12-15  5:14       ` Rusty Russell
  1 sibling, 2 replies; 8+ messages in thread
From: Segher Boessenkool @ 2009-12-14 13:33 UTC (permalink / raw)
  To: Michal Marek; +Cc: Segher Boessenkool, Rusty Russell, linux-kbuild

> On Sat, Dec 12, 2009 at 04:26:20PM +0100, Segher Boessenkool wrote:
>> >memcmp() is wrong here, the symbol name can be shorter than
>> >KSYMTAB_PFX
>> >or CRC_PFX.
>>
>> >-		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
>> >+		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
>>
>> This doesn't change anything.  In both cases the function will return 0
>> only if all strlen(CRC_PFX) chars match, and in both cases it can access
>> strlen(CRC_PFX) chars (strncmp() is allowed to access characters after
>> the first \0 just fine).
>
> str(n)cmp is not allowed to access characters past the NUL byte.

Let me apologise for the confusion.

strncmp() _can_ access characters past the first NUL byte; and
many implementations do so (they do accesses per 32-bit word,
for example).  But strncmp() behaves as-if it didn't compare
anything past the first null character, so for example causing
a page fault if the string ends just before the end of a memory
page isn't allowed; OTOH, the parameters to memcmp() are required
to point to two objects, each at least "len" bytes big.

So the patch fixes a real problem.  I'm sorry for being dense.

Acked-by: Segher Boessenkool <segher@kernel.crashing.org>

Segher

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-14 13:33     ` Segher Boessenkool
@ 2009-12-14 16:32       ` Michal Marek
  2009-12-15  5:14       ` Rusty Russell
  1 sibling, 0 replies; 8+ messages in thread
From: Michal Marek @ 2009-12-14 16:32 UTC (permalink / raw)
  To: Segher Boessenkool; +Cc: Rusty Russell, linux-kbuild

On 14.12.2009 14:33, Segher Boessenkool wrote:
> So the patch fixes a real problem.  I'm sorry for being dense.
> 
> Acked-by: Segher Boessenkool <segher@kernel.crashing.org>

Thanks :). Rusty, I sent the patch to you because you have some other
modpost stuff in the rr tree. But I can add it to the kbuild tree as
well if you want.

Michal

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-12 11:02 [PATCH] modpost: fix segfault with short symbol names Michal Marek
  2009-12-12 15:26 ` Segher Boessenkool
@ 2009-12-14 23:41 ` Rusty Russell
  1 sibling, 0 replies; 8+ messages in thread
From: Rusty Russell @ 2009-12-14 23:41 UTC (permalink / raw)
  To: Michal Marek; +Cc: linux-kbuild, linux-kernek

On Sat, 12 Dec 2009 09:32:24 pm Michal Marek wrote:
> memcmp() is wrong here, the symbol name can be shorter than KSYMTAB_PFX
> or CRC_PFX.
> 
> Signed-off-by: Michal Marek <mmarek@suse.cz>

Thanks, applied.

Rusty.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] modpost: fix segfault with short symbol names
  2009-12-14 13:33     ` Segher Boessenkool
  2009-12-14 16:32       ` Michal Marek
@ 2009-12-15  5:14       ` Rusty Russell
  1 sibling, 0 replies; 8+ messages in thread
From: Rusty Russell @ 2009-12-15  5:14 UTC (permalink / raw)
  To: Segher Boessenkool; +Cc: Michal Marek, linux-kbuild, linux-kernel

On Tue, 15 Dec 2009 12:03:12 am Segher Boessenkool wrote:
> > On Sat, Dec 12, 2009 at 04:26:20PM +0100, Segher Boessenkool wrote:
> >> >-		if (memcmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
> >> >+		if (strncmp(symname, CRC_PFX, strlen(CRC_PFX)) == 0) {
> >>
> >> This doesn't change anything.  In both cases the function will return 0
> >> only if all strlen(CRC_PFX) chars match, and in both cases it can access
> >> strlen(CRC_PFX) chars (strncmp() is allowed to access characters after
> >> the first \0 just fine).
> >
> > str(n)cmp is not allowed to access characters past the NUL byte.
> 
> Let me apologise for the confusion.

Mea culpas must be short, to avoid wasting even more time.  And they must be
at least as absolute as the incorrect assertion was.  This helps us lurkers
and archive readers flush the crap from their brains.

Your mails used _ for emphasis and "You are wrong.".  Ouch.  I suggest:

	"I am *wrong*.  Sorry Michal for the brain fart."

Also, please stop channeling Richard B. Johnson.
Rusty.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2009-12-15  5:14 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-12-12 11:02 [PATCH] modpost: fix segfault with short symbol names Michal Marek
2009-12-12 15:26 ` Segher Boessenkool
2009-12-14 10:06   ` Michal Marek
2009-12-14 12:29     ` Segher Boessenkool
2009-12-14 13:33     ` Segher Boessenkool
2009-12-14 16:32       ` Michal Marek
2009-12-15  5:14       ` Rusty Russell
2009-12-14 23:41 ` Rusty Russell

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).