Re: [ 1/1] printk: fix buffer overflow when calling log_prefix function from call_console_drivers
From: Satoru Takeuchi
Date: Wed Feb 20 2013 - 10:56:23 EST
At Wed, 20 Feb 2013 14:43:09 +0100,
Alexandre SIMON wrote:
>
> [Satoru Takeuchi] wrote the following on [20/02/2013 14:02]:
> [...]
> >
> > I reviewed this patch and it seems to be good for me. Since I'm not good at
> > printk code, I want to confirm whether what I think is correct or not.
> > Is the following my understanding correct?
>
> No problem, it's nice to talk about this patch !
...
> > In this case, only LOG_BUF(cur_index) is safe to access and
> >
> > - "LOG_BUF(cur_index) + 1" as p[1],
> > - "LOG_BUF(cur_index) + 2" as p[2], and
> > - "LOG_BUF(cur_index) + 1 or more" as simple_strtoul(&p[1], &endp, 10)
> >
> > in log_prefix() are not to do so. Hence touching them would cause the system hang as you
> > said as follows.
>
> Yes, your analyze is totally right. Your figure is clear and shows exactly when the problem occurs in the "borderline case".
> The initial code does not check that the "cur_index" can be at the end of "log_buf" whereas "log_prefix" function may access to one, two or more indexes after.
Alex, thank you for quick response and the detailed explanation.
Greg, then I can say this patch looks correct and 3.0.66-rc1 version is too.
Thanks,
Satoru
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/