From: Greg KH <greg@kroah.com>
To: Chuck Ebbert <76306.1226@compuserve.com>
Cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Ingo Molnar <mingo@elte.hu>,
linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: Fw: Re: oops in choose_configuration()
Date: Tue, 7 Mar 2006 16:54:55 -0800 [thread overview]
Message-ID: <20060308005455.GA23921@kroah.com> (raw)
In-Reply-To: <200603071657_MC3-1-BA0F-6372@compuserve.com>
On Tue, Mar 07, 2006 at 04:54:24PM -0500, Chuck Ebbert wrote:
> In-Reply-To: <Pine.LNX.4.64.0603051840280.13139@g5.osdl.org>
>
> On Sun, 5 Mar 2006 19:27:53 -0800, Linus Torvalds wrote:
>
> > So I'd be more inclined to blame a buffer overflow on a kmalloc, and the
> > obvious target is the "add_uevent_var()" thing, since all/many of the
> > corruptions seem to come from uevent environment variable strings.
>
> At least one susbsystem rolls its own method of adding env vars to the
> uevent buffer, and it's so broken it triggers the WARN_ON() in
> lib/vsprintf.c::vsnprintf() by passing a negative length to that function.
> Start at drivers/input/input.c::input_dev_uevent() and watch the fun.
All of the INPUT_ADD_HOTPLUG_VAR() calls do use add_uevent_var(), so we
should be safe there. The other calls also look safe, if not a bit
wierd... So I don't see how we could change this to be any safer, do
you?
> I reported this to linux-kernel, the input maintainer and the author
> of that code on Feb. 26:
>
> http://lkml.org/lkml/2006/2/26/39
We should have fixed that already by increasing the size of the buffer,
but yes, we should catch errors in the MODALIAS function, that would
have stopped that previous overflow. Are you still seeing problems now?
thanks,
greg k-h
next prev parent reply other threads:[~2006-03-08 0:55 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-07 21:54 Fw: Re: oops in choose_configuration() Chuck Ebbert
2006-03-08 0:54 ` Greg KH [this message]
2006-03-08 0:57 ` Linus Torvalds
2006-03-08 1:13 ` Dmitry Torokhov
2006-03-08 1:27 ` Greg KH
2006-03-08 3:22 ` Dmitry Torokhov
2006-03-08 5:23 ` Greg KH
2006-03-08 6:06 ` Dmitry Torokhov
2006-03-08 6:15 ` Greg KH
2006-03-08 4:28 ` Joe Korty
2006-03-08 4:44 ` Dmitry Torokhov
-- strict thread matches above, loose matches on Subject: below --
2006-03-08 3:29 Chuck Ebbert
2006-03-08 3:48 ` Dmitry Torokhov
2006-03-08 4:01 ` Linus Torvalds
[not found] <20060304121723.19fe9b4b.akpm@osdl.org>
[not found] ` <Pine.LNX.4.64.0603041235110.22647@g5.osdl.org>
[not found] ` <20060304213447.GA4445@kroah.com>
[not found] ` <20060304135138.613021bd.akpm@osdl.org>
[not found] ` <20060304221810.GA20011@kroah.com>
2006-03-05 23:48 ` Andrew Morton
2006-03-06 3:27 ` Linus Torvalds
2006-03-06 8:48 ` Andrew Morton
2006-03-08 1:31 ` Greg KH
2006-03-08 1:49 ` Andrew Morton
2006-03-06 5:00 ` Linus Torvalds
2006-03-06 7:47 ` Mike Galbraith
2006-03-07 5:51 ` Mike Galbraith
2006-03-07 5:56 ` Nick Piggin
2006-03-06 9:14 ` Ingo Molnar
2006-03-06 10:31 ` Andrew Morton
2006-03-06 11:04 ` Jesper Juhl
2006-03-06 11:15 ` Andrew Morton
2006-03-06 15:59 ` Dave Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060308005455.GA23921@kroah.com \
--to=greg@kroah.com \
--cc=76306.1226@compuserve.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox