* [PATCH] um: mconsole: validate notify socket path length
@ 2026-03-29 3:09 Pengpeng Hou
2026-03-31 15:16 ` kernel test robot
2026-03-31 15:38 ` kernel test robot
0 siblings, 2 replies; 3+ messages in thread
From: Pengpeng Hou @ 2026-03-29 3:09 UTC (permalink / raw)
To: richard, anton.ivanov, johannes; +Cc: linux-um, linux-kernel, pengpeng
mconsole_notify() copies the notify socket path into sockaddr_un.sun_path with strcpy(). There is no local check that the supplied path fits in the fixed Unix-domain socket path buffer.
Reject notify socket paths that do not fit in sun_path instead of copying them blindly.
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
---
arch/um/drivers/mconsole_user.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/arch/um/drivers/mconsole_user.c b/arch/um/drivers/mconsole_user.c
index a04cd13c6315..2c0d2984055c 100644
--- a/arch/um/drivers/mconsole_user.c
+++ b/arch/um/drivers/mconsole_user.c
@@ -198,8 +198,11 @@ int mconsole_notify(char *sock_name, int type, const void *data, int len)
if (err)
return err;
+ memset(&target, 0, sizeof(target));
target.sun_family = AF_UNIX;
- strcpy(target.sun_path, sock_name);
+ if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
+ sizeof(target.sun_path))
+ return -EINVAL;
packet.magic = MCONSOLE_MAGIC;
packet.version = MCONSOLE_VERSION;
--
2.50.1 (Apple Git-155)
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] um: mconsole: validate notify socket path length
2026-03-29 3:09 [PATCH] um: mconsole: validate notify socket path length Pengpeng Hou
@ 2026-03-31 15:16 ` kernel test robot
2026-03-31 15:38 ` kernel test robot
1 sibling, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-03-31 15:16 UTC (permalink / raw)
To: Pengpeng Hou, richard, anton.ivanov, johannes
Cc: oe-kbuild-all, linux-um, linux-kernel, pengpeng
Hi Pengpeng,
kernel test robot noticed the following build errors:
[auto build test ERROR on uml/next]
[also build test ERROR on wireless-next/main wireless/main uml/fixes linus/master v7.0-rc6 next-20260330]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Pengpeng-Hou/um-mconsole-validate-notify-socket-path-length/20260331-052930
base: https://git.kernel.org/pub/scm/linux/kernel/git/uml/linux next
patch link: https://lore.kernel.org/r/20260329030945.32368-1-pengpeng%40iscas.ac.cn
patch subject: [PATCH] um: mconsole: validate notify socket path length
config: um-i386_defconfig (https://download.01.org/0day-ci/archive/20260331/202603312336.UUqJ8pFo-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260331/202603312336.UUqJ8pFo-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603312336.UUqJ8pFo-lkp@intel.com/
All errors (new ones prefixed by >>):
arch/um/drivers/mconsole_user.c: In function 'mconsole_notify':
>> arch/um/drivers/mconsole_user.c:203:13: error: implicit declaration of function 'snprintf' [-Wimplicit-function-declaration]
203 | if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
| ^~~~~~~~
arch/um/drivers/mconsole_user.c:14:1: note: 'snprintf' is defined in header '<stdio.h>'; this is probably fixable by adding '#include <stdio.h>'
13 | #include "mconsole.h"
+++ |+#include <stdio.h>
14 |
vim +/snprintf +203 arch/um/drivers/mconsole_user.c
180
181 int mconsole_notify(char *sock_name, int type, const void *data, int len)
182 {
183 struct sockaddr_un target;
184 struct mconsole_notify packet;
185 int n, err = 0;
186
187 lock_notify();
188 if (notify_sock < 0) {
189 notify_sock = socket(PF_UNIX, SOCK_DGRAM, 0);
190 if (notify_sock < 0) {
191 err = -errno;
192 printk(UM_KERN_ERR "mconsole_notify - socket failed, "
193 "errno = %d\n", errno);
194 }
195 }
196 unlock_notify();
197
198 if (err)
199 return err;
200
201 memset(&target, 0, sizeof(target));
202 target.sun_family = AF_UNIX;
> 203 if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] um: mconsole: validate notify socket path length
2026-03-29 3:09 [PATCH] um: mconsole: validate notify socket path length Pengpeng Hou
2026-03-31 15:16 ` kernel test robot
@ 2026-03-31 15:38 ` kernel test robot
1 sibling, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-03-31 15:38 UTC (permalink / raw)
To: Pengpeng Hou, richard, anton.ivanov, johannes
Cc: llvm, oe-kbuild-all, linux-um, linux-kernel, pengpeng
Hi Pengpeng,
kernel test robot noticed the following build errors:
[auto build test ERROR on uml/next]
[also build test ERROR on wireless-next/main wireless/main uml/fixes linus/master v7.0-rc6 next-20260330]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Pengpeng-Hou/um-mconsole-validate-notify-socket-path-length/20260331-052930
base: https://git.kernel.org/pub/scm/linux/kernel/git/uml/linux next
patch link: https://lore.kernel.org/r/20260329030945.32368-1-pengpeng%40iscas.ac.cn
patch subject: [PATCH] um: mconsole: validate notify socket path length
config: um-defconfig (https://download.01.org/0day-ci/archive/20260331/202603312307.FOQx0THR-lkp@intel.com/config)
compiler: clang version 23.0.0git (https://github.com/llvm/llvm-project 2cd67b8b69f78e3f95918204320c3075a74ba16c)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260331/202603312307.FOQx0THR-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603312307.FOQx0THR-lkp@intel.com/
All errors (new ones prefixed by >>):
>> arch/um/drivers/mconsole_user.c:203:6: error: call to undeclared function 'snprintf'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
203 | if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
| ^
1 error generated.
vim +/snprintf +203 arch/um/drivers/mconsole_user.c
180
181 int mconsole_notify(char *sock_name, int type, const void *data, int len)
182 {
183 struct sockaddr_un target;
184 struct mconsole_notify packet;
185 int n, err = 0;
186
187 lock_notify();
188 if (notify_sock < 0) {
189 notify_sock = socket(PF_UNIX, SOCK_DGRAM, 0);
190 if (notify_sock < 0) {
191 err = -errno;
192 printk(UM_KERN_ERR "mconsole_notify - socket failed, "
193 "errno = %d\n", errno);
194 }
195 }
196 unlock_notify();
197
198 if (err)
199 return err;
200
201 memset(&target, 0, sizeof(target));
202 target.sun_family = AF_UNIX;
> 203 if (snprintf(target.sun_path, sizeof(target.sun_path), "%s", sock_name) >=
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-03-31 15:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-29 3:09 [PATCH] um: mconsole: validate notify socket path length Pengpeng Hou
2026-03-31 15:16 ` kernel test robot
2026-03-31 15:38 ` kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox