lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m7fqnnouanoiplm5vyt6su62txcm3zqqv2flgovlqggjecjauo@b3zkvy4yeamx>
Date: Fri, 7 Nov 2025 17:50:08 -0500
From: Aaron Tomlin <atomlin@...mlin.com>
To: Petr Mladek <pmladek@...e.com>
Cc: Petr Pavlu <petr.pavlu@...e.com>, Steven Rostedt <rostedt@...dmis.org>, 
	Alexei Starovoitov <ast@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, 
	Kees Cook <kees@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	John Fastabend <john.fastabend@...il.com>, Masami Hiramatsu <mhiramat@...nel.org>, 
	Mark Rutland <mark.rutland@....com>, Luis Chamberlain <mcgrof@...nel.org>, 
	Daniel Gomez <da.gomez@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>, 
	linux-kernel@...r.kernel.org, bpf@...r.kernel.org, linux-modules@...r.kernel.org, 
	linux-trace-kernel@...r.kernel.org
Subject: Re: [PATCH 5/6] kallsyms: Clean up @namebuf initialization in
 kallsyms_lookup_buildid()

On Wed, Nov 05, 2025 at 03:23:17PM +0100, Petr Mladek wrote:
> The function kallsyms_lookup_buildid() initializes the given @namebuf
> by clearing the first and the last byte. It is not clear why.
> 
> The 1st byte makes sense because some callers ignore the return code
> and expect that the buffer contains a valid string, for example:
> 
>   - function_stat_show()
>     - kallsyms_lookup()
>       - kallsyms_lookup_buildid()
> 
> The initialization of the last byte does not make much sense because it
> can later be overwritten. Fortunately, it seems that all called
> functions behave correctly:
> 
>   -  kallsyms_expand_symbol() explicitly adds the trailing '\0'
>      at the end of the function.
> 
>   - All *__address_lookup() functions either use the safe strscpy()
>     or they do not touch the buffer at all.
> 
> Document the reason for clearing the first byte. And remove the useless
> initialization of the last byte.
> 
> Signed-off-by: Petr Mladek <pmladek@...e.com>
> ---
>  kernel/kallsyms.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
> index 71868a76e9a1..ff7017337535 100644
> --- a/kernel/kallsyms.c
> +++ b/kernel/kallsyms.c
> @@ -352,7 +352,12 @@ static int kallsyms_lookup_buildid(unsigned long addr,
>  {
>  	int ret;
>  
> -	namebuf[KSYM_NAME_LEN - 1] = 0;
> +	/*
> +	 * kallsyms_lookus() returns pointer to namebuf on success and
> +	 * NULL on error. But some callers ignore the return value.
> +	 * Instead they expect @namebuf filled either with valid
> +	 * or empty string.
> +	 */
>  	namebuf[0] = 0;
>  
>  	if (is_ksym_addr(addr)) {
> -- 
> 2.51.1
> 
> 

Reviewed-by: Aaron Tomlin <atomlin@...mlin.com>

-- 
Aaron Tomlin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ