lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49DBFEB0.9080308@cn.fujitsu.com>
Date:	Wed, 08 Apr 2009 09:32:32 +0800
From:	Li Zefan <lizf@...fujitsu.com>
To:	mingo@...hat.com
CC:	hpa@...or.com, acme@...hat.com, linux-kernel@...r.kernel.org,
	alan.brunelle@...com, jens.axboe@...cle.com, tglx@...utronix.de,
	linux-tip-commits@...r.kernel.org
Subject: Re: [tip:tracing/blktrace-v2] blktrace: fix a bug in blk_msg_write()

Hi Ingo,

Though Carl <chlunde@...g.uio.no>'s patch has been applied,
(a4b3ada83d06554d307dd54abdc62b2e5648264a), this patch hasn't
been dropped, thus the code in -tip looks like:

static ssize_t blk_msg_write(...)
{
	...
        if (copy_from_user(msg, buffer, count)) {
                kfree(msg);
                return -EFAULT;
        }
        msg[count] = '\0';	<---

        msg[count] = '\0';	<---
	...
}


Li Zefan wrote:
> Commit-ID:  48cefde3c17bbf37fee99e2889bcc718e5805dfa
> Gitweb:     http://git.kernel.org/tip/48cefde3c17bbf37fee99e2889bcc718e5805dfa
> Author:     Li Zefan <lizf@...fujitsu.com>
> AuthorDate: Fri, 3 Apr 2009 15:31:34 +0800
> Committer:  Ingo Molnar <mingo@...e.hu>
> CommitDate: Fri, 3 Apr 2009 13:15:53 +0200
> 
> blktrace: fix a bug in blk_msg_write()
> 
> Impact: fix corrupted blkparse output
> 
> This is another long-standing blktrace bug:
> 
>  (console 1)
>  # echo -n 'a' > /sys/kernel/debug/block/sda/msg
>  (console 2)
>  # blktrace -d /dev/sda -a pc -o - | blkparse -i -
>   8,0    0        0     0.000000000     0  m   N a������@��
> 
> We should terminate the msg buffer with '\0'.
> 
> Signed-off-by: Li Zefan <lizf@...fujitsu.com>
> Cc: Arnaldo Carvalho de Melo <acme@...hat.com>
> Cc: "Alan D. Brunelle" <alan.brunelle@...com>
> Cc: Jens Axboe <jens.axboe@...cle.com>
> LKML-Reference: <49D5BB56.7000807@...fujitsu.com>
> Signed-off-by: Ingo Molnar <mingo@...e.hu>
> 
> 
> ---
>  kernel/trace/blktrace.c |    5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
> index 947c5b3..b7fa92c 100644
> --- a/kernel/trace/blktrace.c
> +++ b/kernel/trace/blktrace.c
> @@ -327,10 +327,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer,
>  	char *msg;
>  	struct blk_trace *bt;
>  
> -	if (count > BLK_TN_MAX_MSG)
> +	if (count >= BLK_TN_MAX_MSG)
>  		return -EINVAL;
>  
> -	msg = kmalloc(count, GFP_KERNEL);
> +	msg = kmalloc(count + 1, GFP_KERNEL);
>  	if (msg == NULL)
>  		return -ENOMEM;
>  
> @@ -338,6 +338,7 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer,
>  		kfree(msg);
>  		return -EFAULT;
>  	}
> +	msg[count] = '\0';
>  
>  	bt = filp->private_data;
>  	__trace_note_message(bt, "%s", msg);
> 
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ