| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1356811734.16149.1.camel@joe-AO722> Date: Sat, 29 Dec 2012 12:08:54 -0800 From: Joe Perches <joe@...ches.com> To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Sylvain Munaut <s.munaut@...tever-company.com> Cc: Roland Dreier <roland@...nel.org>, Kay Sievers <kay@...y.org>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, Roland Dreier <roland@...estorage.com> Subject: Re: [PATCH] printk: Fix incorrect length from print_time() when seconds > 99999 On Sat, 2012-12-29 at 09:56 -0800, Greg Kroah-Hartman wrote: > On Fri, Dec 28, 2012 at 08:23:04PM -0800, Roland Dreier wrote: > > From: Roland Dreier <roland@...estorage.com> > > > > print_prefix() passes a NULL buf to print_time() to get the length of > > the time prefix; when printk times are enabled, the current code just > > returns the constant 15, which matches the format "[%5lu.%06lu] " used > > to print the time value. However, this is obviously incorrect when > > the whole seconds part of the time gets beyond 5 digits (100000 > > seconds is a bit more than a day of uptime). > > > > The simple fix is to use snprintf(NULL, 0, ...) to calculate the > > actual length of the time prefix. This could be micro-optimized but > > it seems better to have simpler, more readable code here. > > > > The bug leads to the syslog system call miscomputing which messages > > fit into the userspace buffer. If there are enough messages to fill > > log_buf_len and some have a timestamp >= 100000, dmesg may fail with: > > > > # dmesg > > klogctl: Bad address > > > > When this happens, strace shows that the failure is indeed EFAULT due > > to the kernel mistakenly accessing past the end of dmesg's buffer, > > since dmesg asks the kernel how big a buffer it needs, allocates a bit > > more, and then gets an error when it asks the kernel to fill it: > > > > syslog(0xa, 0, 0) = 1048576 > > mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa4d25d2000 > > syslog(0x3, 0x7fa4d25d2010, 0x100008) = -1 EFAULT (Bad address) > > > > Signed-off-by: Roland Dreier <roland@...estorage.com> > > Nice work. When did you start seeing this problem, 3.6 or so? I ask as > it's probably something that should go to stable as well if so. > > Andrew seems to be keeping the printk patches these days, so I'll let > him pick this up with: Sylvan Munaut did something similar https://lkml.org/lkml/2012/12/5/168 It's been around quite awhile. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists