[PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[Troels Walsted Hansen]

Hi all.

I found a bug in the sysklogd package version 1.4. When it encounters a zero
byte in the kernel logging output, the text parser enters a busy loop. I
came upon it when the 3c59x driver from kernel 2.4.0 started outputting two
zero bytes for the product code of my laptop's 3Com card. It could be argued
that the kernel should never output zero bytes in the logging info, but
obviously that will happen from time to time.

I fear this bug might be considered a security issue as well, if the kernel
can be coerced to output a zero byte somehow, all kernel logging will stop.

I have included a patch to klogd.c to correct the issue.

--- sysklogd-1.4.orig/klogd.c	Mon Sep 18 09:34:11 2000
+++ sysklogd-1.4/klogd.c	Thu Jan 11 09:26:10 2001
@@ -739,6 +758,13 @@
 		  break;  /* full line_buff or end of input buffer */
                }

+               if( *ptr == '\0' ) /* zero byte */
+               {
+                  ptr++;	/* skip zero byte */
+                  space -= 1;
+                  len   -= 1;
+                  break;
+               }
                if( *ptr == '\n' )  /* newline */
                {
                   ptr++;	/* skip newline */

--
Troels Walsted Hansen
troels@thule.no

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[Manfred]

Zitiere Troels Walsted Hansen <troels@thule.no>:

> Hi all.
> 
> I found a bug in the sysklogd package version 1.4. When it encounters a
> zero
> byte in the kernel logging output, the text parser enters a busy loop.

That finally explains the "klogd eats 100% cpu time" reports with ~2.2.10:

We (I and Andrea) fixed several bugs in the kernel code, but none of them
explained why klogd entered a busy loop. 


--
	Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[Andrew Morton]

Troels Walsted Hansen wrote:
> 
> Hi all.
> 
> I found a bug in the sysklogd package version 1.4. When it encounters a zero
> byte in the kernel logging output, the text parser enters a busy loop. I
> came upon it when the 3c59x driver from kernel 2.4.0 started outputting two
> zero bytes for the product code of my laptop's 3Com card. It could be argued
> that the kernel should never output zero bytes in the logging info, but
> obviously that will happen from time to time.

Yep.  %02x%02x it now is.

The code in question was snitched from pcmcia-cs's 3c575_cb.c, and
I assume David would have heard if it was busting klogd.  Maybe
there's a klogd version problem, or maybe your NIC's EEPROM is hosed?

-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

RE: [PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[Troels Walsted Hansen]

> Yep.  %02x%02x it now is.

I suppose it might be worthwhile to search the kernel sources for other
instances of printk("%c"), there's no telling when all distributions will be
up to date with new sysklogd releases...

> The code in question was snitched from pcmcia-cs's 3c575_cb.c, and
> I assume David would have heard if it was busting klogd.  Maybe
> there's a klogd version problem, or maybe your NIC's EEPROM is hosed?

I believe I have the latest version of klogd...

My NIC is a 3Com PCI 3c556 Laptop Tornado, in a Dell Latitude C600 laptop.
The driver reports the product code as "00" and the rev as "00.0", the date
however is "03-01-00" which sounds fairly reasonable (although the laptop is
brand new).

Needless to say, it also works fine, otherwise I would probably have
attacked the driver first...

--
Troels Walsted Hansen
troels@thule.no

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Re: [PATCH] klogd busy loop on zero byte (output from 3c59x driver)

[David Hinds]

On Thu, Jan 11, 2001 at 11:03:31PM +1100, Andrew Morton wrote:
> 
> Yep.  %02x%02x it now is.
> 
> The code in question was snitched from pcmcia-cs's 3c575_cb.c, and
> I assume David would have heard if it was busting klogd.  Maybe
> there's a klogd version problem, or maybe your NIC's EEPROM is hosed?

I haven't heard of it before: I've never seen a card claim to have 0's
for its ascii product code.  What card is it, exactly?

-- Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/