lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2bd72a2f0af948d29eb201e3072e514e@AcuMS.aculab.com>
Date:   Thu, 12 Nov 2020 13:49:27 +0000
From:   David Laight <David.Laight@...LAB.COM>
To:     'Rob Landley' <rob@...dley.net>,
        kernel test robot <oliver.sang@...el.com>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        0day robot <lkp@...el.com>,
        "lkp@...ts.01.org" <lkp@...ts.01.org>
Subject: RE: ac0e958a00:
 Kernel_panic-not_syncing:stack-protector:Kernel_stack_is_corrupted_in:run_init_process

From: Rob Landley
> Sent: 12 November 2020 12:46
> 
> On 11/12/20 1:11 AM, kernel test robot wrote:
> >
> > Greeting,
> >
> > FYI, we noticed the following commit (built with gcc-9):
> 
> Blah, switched from strlcpy to sprintf due to the lack of spaces and didn't
> adjust the size.
> 
> (And yes, the compiler's lifetime analysis should free the stack space before
> the tail call, and I'd assume exec restarts the stack anyway.)
> 
> Second-attempt-by: Rob Landley <rob@...dley.net>
> ---
> 
>  init/main.c |   15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/init/main.c b/init/main.c
> index 130376ec10ba..e92320816ef8 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -1328,15 +1328,16 @@ static void __init do_pre_smp_initcalls(void)
>  static int run_init_process(const char *init_filename)
>  {
>  	const char *const *p;
> +	char buf[512], *s = buf;
> 
>  	argv_init[0] = init_filename;
> -	pr_info("Run %s as init process\n", init_filename);
> -	pr_debug("  with arguments:\n");
> -	for (p = argv_init; *p; p++)
> -		pr_debug("    %s\n", *p);
> -	pr_debug("  with environment:\n");
> -	for (p = envp_init; *p; p++)
> -		pr_debug("    %s\n", *p);
> +
> +	for (p = (void *)envp_init; *p; p++)
> +		s += sprintf(s, "%.*s ", (int)(sizeof(buf)-(s-buf)-2), *p);
> +	for (p = (void *)argv_init; *p; p++)
> +		s += sprintf(s, "%.*s ", (int)(sizeof(buf)-(s-buf)-2), *p);
> +	pr_info("Run init: %s\n", buf);
> +

Why not use scnprintf() as:
	len += scnprintf(buf + len, 256 - len, " %s", *p);

or even:
	s = buf + sizeof buf;
	len = sizeof buf;
	...
		len -= scnprintf(s - len, len, " %s", *p);

and remove the " " before the %s in the final pr_info().

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ