lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 18 Nov 2014 12:37:32 -0500
From:	Steven Rostedt <rostedt@...dmis.org>
To:	Petr Mladek <pmladek@...e.cz>
Cc:	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jiri Kosina <jkosina@...e.cz>
Subject: Re: [PATCH 2/2] tracing: Use trace_seq_used() and seq_buf_used()
 instead of len

On Tue, 18 Nov 2014 17:33:54 +0100
Petr Mladek <pmladek@...e.cz> wrote:

> On Mon 2014-11-17 14:12:15, Steven Rostedt wrote:
> > 
> > > I don't like the fact that I did a code structure change with this
> > > patch. This patch should be just a simple conversion of len to
> > > seq_buf_used(). I'm going to strip this change out and put it before
> > > this patch.
> > 
> > 
> > As the seq_buf->len will soon be +1 size when there's an overflow, we
> > must use trace_seq_used() or seq_buf_used() methods to get the real
> > length. This will prevent buffer overflow issues if just the len
> > of the seq_buf descriptor is used to copy memory.
> > 
> > Link: http://lkml.kernel.org/r/20141114121911.09ba3d38@gandalf.local.home
> > 
> > Reported-by: Petr Mladek <pmladek@...e.cz>
> > Signed-off-by: Steven Rostedt <rostedt@...dmis.org>
> > ---
> >  include/linux/trace_seq.h            | 20 +++++++++++++++++++-
> >  kernel/trace/seq_buf.c               |  2 +-
> >  kernel/trace/trace.c                 | 22 +++++++++++-----------
> >  kernel/trace/trace_events.c          |  9 ++++++---
> >  kernel/trace/trace_functions_graph.c |  5 ++++-
> >  kernel/trace/trace_seq.c             |  2 +-
> >  6 files changed, 42 insertions(+), 18 deletions(-)
> 
> [...]
> 
> 
> > --- a/kernel/trace/trace.c
> > +++ b/kernel/trace/trace.c
> > @@ -944,10 +944,10 @@ static ssize_t trace_seq_to_buffer(struct trace_seq *s, void *buf, size_t cnt)
> >  {
> >  	int len;
> >  
> > -	if (s->seq.len <= s->seq.readpos)
> > +	if (trace_seq_used(s) <= s->seq.readpos)
> >  		return -EBUSY;
> >  
> > -	len = s->seq.len - s->seq.readpos;
> > +	len = trace_seq_used(s) - s->seq.readpos;
> >  	if (cnt > len)
> >  		cnt = len;
> >  	memcpy(buf, s->buffer + s->seq.readpos, cnt);
> 
> 
> There is one more dangerous usage in trace_printk_seq(). It is on
> three lines there.

You totally confused me. What usage in trace_printk_seq(), and what
three lines?

In this patch, trace_printk_seq() looks like this:

int trace_print_seq(struct seq_file *m, struct trace_seq *s)
{
        int ret;

        __trace_seq_init(s);

        ret = seq_buf_print_seq(m, &s->seq);

        /*
         * Only reset this buffer if we successfully wrote to the
         * seq_file buffer. This lets the caller try again or
         * do something else with the contents.
         */
        if (!ret)
                trace_seq_init(s);

        return ret;
}



-- Steve


> 
> The rest looks good.
> 
> Best Regards,
> Petr

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ