From: Jens Axboe <axboe@kernel.dk>
To: Tejun Heo <tj@kernel.org>
Cc: Dave Jones <davej@redhat.com>,
Linux Kernel <linux-kernel@vger.kernel.org>,
Szymon Gruszczynski <sz.gruszczynski@googlemail.com>,
Fedora Kernel Team <kernel-team@fedoraproject.org>,
Al Viro <viro@zeniv.linux.org>
Subject: Re: [PATCH] block: fix buffer overflow when printing partition UUIDs
Date: Tue, 15 May 2012 08:22:31 +0200 [thread overview]
Message-ID: <4FB1F627.3080809@kernel.dk> (raw)
In-Reply-To: <20120514210353.GJ2366@google.com>
On 05/14/2012 11:03 PM, Tejun Heo wrote:
> 6d1d8050b4bc8 "block, partition: add partition_meta_info to hd_struct"
> added part_unpack_uuid() which assumes that the passed in buffer has
> enough space for sprintfing "%pU" - 37 characters including '\0'.
>
> Unfortunately, b5af921ec0233 "init: add support for root devices
> specified by partition UUID" supplied 33 bytes buffer to the function
> leading to the following panic with stackprotector enabled.
>
> Kernel panic - not syncing: stack-protector: Kernel stack corrupted in: ffffffff81b14c7e
>
> [<ffffffff815e226b>] panic+0xba/0x1c6
> [<ffffffff81b14c7e>] ? printk_all_partitions+0x259/0x26xb
> [<ffffffff810566bb>] __stack_chk_fail+0x1b/0x20
> [<ffffffff81b15c7e>] printk_all_paritions+0x259/0x26xb
> [<ffffffff81aedfe0>] mount_block_root+0x1bc/0x27f
> [<ffffffff81aee0fa>] mount_root+0x57/0x5b
> [<ffffffff81aee23b>] prepare_namespace+0x13d/0x176
> [<ffffffff8107eec0>] ? release_tgcred.isra.4+0x330/0x30
> [<ffffffff81aedd60>] kernel_init+0x155/0x15a
> [<ffffffff81087b97>] ? schedule_tail+0x27/0xb0
> [<ffffffff815f4d24>] kernel_thread_helper+0x5/0x10
> [<ffffffff81aedc0b>] ? start_kernel+0x3c5/0x3c5
> [<ffffffff815f4d20>] ? gs_change+0x13/0x13
>
> Increase the buffer size, remove the dangerous part_unpack_uuid() and
> use snprintf() directly from printk_all_partitions().
Ooops, thanks Tejun, applied for current branch.
--
Jens Axboe
prev parent reply other threads:[~2012-05-15 6:22 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-09 19:58 stack overflow in printk_all_partitions Dave Jones
2012-05-14 21:03 ` [PATCH] block: fix buffer overflow when printing partition UUIDs Tejun Heo
2012-05-15 6:22 ` Jens Axboe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FB1F627.3080809@kernel.dk \
--to=axboe@kernel.dk \
--cc=davej@redhat.com \
--cc=kernel-team@fedoraproject.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sz.gruszczynski@googlemail.com \
--cc=tj@kernel.org \
--cc=viro@zeniv.linux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).