* NULL terminate over-long /proc/kallsyms symbols
@ 2006-07-05 16:59 Andreas Gruenbacher
2006-07-05 17:03 ` Daniel Bonekeeper
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Andreas Gruenbacher @ 2006-07-05 16:59 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel
Got a customer bug report (https://bugzilla.novell.com/190296)
about kernel symbols longer than 127 characters which end up in
a string buffer that is not NULL terminated, leading to garbage
in /proc/kallsyms. Using strlcpy prevents this from happening,
even though such symbols still won't come out right.
A better fix would be to not use a fixed-size buffer, but it's
probably not worth the trouble. (Modversion'ed symbols even have
a length limit of 60.)
(This patch has been ested on a 2.6.16 kernel.)
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Index: linux-2.6.17/kernel/module.c
===================================================================
--- linux-2.6.17.orig/kernel/module.c
+++ linux-2.6.17/kernel/module.c
@@ -1935,7 +1935,7 @@ struct module *module_get_kallsym(unsign
if (symnum < mod->num_symtab) {
*value = mod->symtab[symnum].st_value;
*type = mod->symtab[symnum].st_info;
- strncpy(namebuf,
+ strlcpy(namebuf,
mod->strtab + mod->symtab[symnum].st_name,
127);
mutex_unlock(&module_mutex);
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 16:59 NULL terminate over-long /proc/kallsyms symbols Andreas Gruenbacher
@ 2006-07-05 17:03 ` Daniel Bonekeeper
2006-07-05 17:06 ` Christoph Hellwig
2006-07-06 18:00 ` Avi Kivity
2006-07-05 17:13 ` Andreas Schwab
2006-07-05 19:34 ` Andrew Morton
2 siblings, 2 replies; 7+ messages in thread
From: Daniel Bonekeeper @ 2006-07-05 17:03 UTC (permalink / raw)
To: Andreas Gruenbacher; +Cc: Andrew Morton, linux-kernel
Got a " You are not authorized to access bug #190296. To see this bug,
you must first log in to an account with the appropriate permissions."
on the referred bugzilla page.
What kind of symbol uses more than 127 characters, anyways ?
Daniel
--
What this world needs is a good five-dollar plasma weapon.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 17:03 ` Daniel Bonekeeper
@ 2006-07-05 17:06 ` Christoph Hellwig
2006-07-06 18:00 ` Avi Kivity
1 sibling, 0 replies; 7+ messages in thread
From: Christoph Hellwig @ 2006-07-05 17:06 UTC (permalink / raw)
To: Daniel Bonekeeper; +Cc: Andreas Gruenbacher, Andrew Morton, linux-kernel
On Wed, Jul 05, 2006 at 01:03:14PM -0400, Daniel Bonekeeper wrote:
> Got a " You are not authorized to access bug #190296. To see this bug,
> you must first log in to an account with the appropriate permissions."
> on the referred bugzilla page.
>
> What kind of symbol uses more than 127 characters, anyways ?
Yes, good question. Maybe we should just put an upper limit on symbol
length in the module postprocessing so people don't do such stupid things.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 16:59 NULL terminate over-long /proc/kallsyms symbols Andreas Gruenbacher
2006-07-05 17:03 ` Daniel Bonekeeper
@ 2006-07-05 17:13 ` Andreas Schwab
2006-07-05 19:34 ` Andrew Morton
2 siblings, 0 replies; 7+ messages in thread
From: Andreas Schwab @ 2006-07-05 17:13 UTC (permalink / raw)
To: Andreas Gruenbacher; +Cc: Andrew Morton, linux-kernel
Andreas Gruenbacher <agruen@suse.de> writes:
> Index: linux-2.6.17/kernel/module.c
> ===================================================================
> --- linux-2.6.17.orig/kernel/module.c
> +++ linux-2.6.17/kernel/module.c
> @@ -1935,7 +1935,7 @@ struct module *module_get_kallsym(unsign
> if (symnum < mod->num_symtab) {
> *value = mod->symtab[symnum].st_value;
> *type = mod->symtab[symnum].st_info;
> - strncpy(namebuf,
> + strlcpy(namebuf,
> mod->strtab + mod->symtab[symnum].st_name,
> 127);
Just a minor point: you probably also want to change 127 to 128.
Unfortunately sizeof does not work here, despite the declaration.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 16:59 NULL terminate over-long /proc/kallsyms symbols Andreas Gruenbacher
2006-07-05 17:03 ` Daniel Bonekeeper
2006-07-05 17:13 ` Andreas Schwab
@ 2006-07-05 19:34 ` Andrew Morton
2006-07-05 19:42 ` Andreas Gruenbacher
2 siblings, 1 reply; 7+ messages in thread
From: Andrew Morton @ 2006-07-05 19:34 UTC (permalink / raw)
To: Andreas Gruenbacher; +Cc: linux-kernel
Andreas Gruenbacher <agruen@suse.de> wrote:
>
> Got a customer bug report (https://bugzilla.novell.com/190296)
> about kernel symbols longer than 127 characters which end up in
> a string buffer that is not NULL terminated, leading to garbage
> in /proc/kallsyms. Using strlcpy prevents this from happening,
> even though such symbols still won't come out right.
>
> A better fix would be to not use a fixed-size buffer, but it's
> probably not worth the trouble. (Modversion'ed symbols even have
> a length limit of 60.)
>
> (This patch has been ested on a 2.6.16 kernel.)
>
> Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
>
> Index: linux-2.6.17/kernel/module.c
> ===================================================================
> --- linux-2.6.17.orig/kernel/module.c
> +++ linux-2.6.17/kernel/module.c
> @@ -1935,7 +1935,7 @@ struct module *module_get_kallsym(unsign
> if (symnum < mod->num_symtab) {
> *value = mod->symtab[symnum].st_value;
> *type = mod->symtab[symnum].st_info;
> - strncpy(namebuf,
> + strlcpy(namebuf,
> mod->strtab + mod->symtab[symnum].st_name,
> 127);
> mutex_unlock(&module_mutex);
Yeah, that assume-the-caller-gave-us-a-128-byte-buffer is a bit rude. How
about this?
include/linux/module.h | 6 ++----
kernel/kallsyms.c | 4 ++--
kernel/module.c | 11 ++++-------
3 files changed, 8 insertions(+), 13 deletions(-)
diff -puN kernel/module.c~null-terminate-over-long-proc-kallsyms-symbols kernel/module.c
--- a/kernel/module.c~null-terminate-over-long-proc-kallsyms-symbols
+++ a/kernel/module.c
@@ -2019,10 +2019,8 @@ const char *module_address_lookup(unsign
return NULL;
}
-struct module *module_get_kallsym(unsigned int symnum,
- unsigned long *value,
- char *type,
- char namebuf[128])
+struct module *module_get_kallsym(unsigned int symnum, unsigned long *value,
+ char *type, char *name, size_t namelen)
{
struct module *mod;
@@ -2031,9 +2029,8 @@ struct module *module_get_kallsym(unsign
if (symnum < mod->num_symtab) {
*value = mod->symtab[symnum].st_value;
*type = mod->symtab[symnum].st_info;
- strncpy(namebuf,
- mod->strtab + mod->symtab[symnum].st_name,
- 127);
+ strlcpy(name, mod->strtab + mod->symtab[symnum].st_name,
+ namelen);
mutex_unlock(&module_mutex);
return mod;
}
diff -puN include/linux/module.h~null-terminate-over-long-proc-kallsyms-symbols include/linux/module.h
--- a/include/linux/module.h~null-terminate-over-long-proc-kallsyms-symbols
+++ a/include/linux/module.h
@@ -362,10 +362,8 @@ int is_module_address(unsigned long addr
/* Returns module and fills in value, defined and namebuf, or NULL if
symnum out of range. */
-struct module *module_get_kallsym(unsigned int symnum,
- unsigned long *value,
- char *type,
- char namebuf[128]);
+struct module *module_get_kallsym(unsigned int symnum, unsigned long *value,
+ char *type, char *name, size_t namelen);
/* Look for this name: can be of form module:name. */
unsigned long module_kallsyms_lookup_name(const char *name);
diff -puN kernel/kallsyms.c~null-terminate-over-long-proc-kallsyms-symbols kernel/kallsyms.c
--- a/kernel/kallsyms.c~null-terminate-over-long-proc-kallsyms-symbols
+++ a/kernel/kallsyms.c
@@ -275,8 +275,8 @@ static void upcase_if_global(struct kall
static int get_ksymbol_mod(struct kallsym_iter *iter)
{
iter->owner = module_get_kallsym(iter->pos - kallsyms_num_syms,
- &iter->value,
- &iter->type, iter->name);
+ &iter->value, &iter->type,
+ iter->name, sizeof(iter->name));
if (iter->owner == NULL)
return 0;
_
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 19:34 ` Andrew Morton
@ 2006-07-05 19:42 ` Andreas Gruenbacher
0 siblings, 0 replies; 7+ messages in thread
From: Andreas Gruenbacher @ 2006-07-05 19:42 UTC (permalink / raw)
To: Andrew Morton; +Cc: linux-kernel
On Wednesday, 5. July 2006 21:34, Andrew Morton wrote:
> Yeah, that assume-the-caller-gave-us-a-128-byte-buffer is a bit rude. How
> about this?
That's better, thanks.
Andreas
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: NULL terminate over-long /proc/kallsyms symbols
2006-07-05 17:03 ` Daniel Bonekeeper
2006-07-05 17:06 ` Christoph Hellwig
@ 2006-07-06 18:00 ` Avi Kivity
1 sibling, 0 replies; 7+ messages in thread
From: Avi Kivity @ 2006-07-06 18:00 UTC (permalink / raw)
To: Daniel Bonekeeper; +Cc: Andreas Gruenbacher, Andrew Morton, linux-kernel
Daniel Bonekeeper wrote:
>
> Got a " You are not authorized to access bug #190296. To see this bug,
> you must first log in to an account with the appropriate permissions."
> on the referred bugzilla page.
>
> What kind of symbol uses more than 127 characters, anyways ?
>
Maybe C++ mangled names.
I've seen names longer than early machines' main memory.
--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2006-07-06 18:00 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-05 16:59 NULL terminate over-long /proc/kallsyms symbols Andreas Gruenbacher
2006-07-05 17:03 ` Daniel Bonekeeper
2006-07-05 17:06 ` Christoph Hellwig
2006-07-06 18:00 ` Avi Kivity
2006-07-05 17:13 ` Andreas Schwab
2006-07-05 19:34 ` Andrew Morton
2006-07-05 19:42 ` Andreas Gruenbacher
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox