lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20121229175625.GA1963@kroah.com>
Date:	Sat, 29 Dec 2012 09:56:25 -0800
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Roland Dreier <roland@...nel.org>
Cc:	Kay Sievers <kay@...y.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org,
	Roland Dreier <roland@...estorage.com>
Subject: Re: [PATCH] printk: Fix incorrect length from print_time() when
 seconds > 99999

On Fri, Dec 28, 2012 at 08:23:04PM -0800, Roland Dreier wrote:
> From: Roland Dreier <roland@...estorage.com>
> 
> print_prefix() passes a NULL buf to print_time() to get the length of
> the time prefix; when printk times are enabled, the current code just
> returns the constant 15, which matches the format "[%5lu.%06lu] " used
> to print the time value.  However, this is obviously incorrect when
> the whole seconds part of the time gets beyond 5 digits (100000
> seconds is a bit more than a day of uptime).
> 
> The simple fix is to use snprintf(NULL, 0, ...) to calculate the
> actual length of the time prefix.  This could be micro-optimized but
> it seems better to have simpler, more readable code here.
> 
> The bug leads to the syslog system call miscomputing which messages
> fit into the userspace buffer.  If there are enough messages to fill
> log_buf_len and some have a timestamp >= 100000, dmesg may fail with:
> 
>     # dmesg
>     klogctl: Bad address
> 
> When this happens, strace shows that the failure is indeed EFAULT due
> to the kernel mistakenly accessing past the end of dmesg's buffer,
> since dmesg asks the kernel how big a buffer it needs, allocates a bit
> more, and then gets an error when it asks the kernel to fill it:
> 
>     syslog(0xa, 0, 0)                       = 1048576
>     mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4d25d2000
>     syslog(0x3, 0x7fa4d25d2010, 0x100008)   = -1 EFAULT (Bad address)
> 
> Signed-off-by: Roland Dreier <roland@...estorage.com>

Nice work.  When did you start seeing this problem, 3.6 or so?  I ask as
it's probably something that should go to stable as well if so.

Andrew seems to be keeping the printk patches these days, so I'll let
him pick this up with:

Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ