gh0s7/mckernel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ubsan: remove most sprintf calls

Browse Source 
sprintf is implemented as snprintf(..., INT_MAX, ...) which will overflow
the argument pointer for the end, then fix the end to be -1.
This technically works but we know the actual buffer size in all these
call sites, might as well do this properly

Change-Id: I807d09f46a0221f539063fda515e1c504e658d40
This commit is contained in:
Dominique Martinet
2018-12-26 15:08:41 +09:00
parent bc2a444828
commit 4bdd9cf512
3 changed files with 28 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/debug.c
View File

@ -25,7 +25,7 @@
struct ihk_kmsg_buf *kmsg_buf; struct ihk_kmsg_buf *kmsg_buf;
extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args); extern int vsnprintf(char *buf, size_t size, const char *fmt, va_list args);
extern int sprintf(char * buf, const char *fmt, ...); extern int snprintf(char *buf, size_t size, const char *fmt, ...);
extern void eventfd(int type); extern void eventfd(int type);
static ihk_spinlock_t kmsg_lock; static ihk_spinlock_t kmsg_lock;
extern char *find_command_line(char *name); extern char *find_command_line(char *name);
@ -110,7 +110,8 @@ int __kprintf(const char *format, ...)
} }
/* Copy into the local buf */ /* Copy into the local buf */
len = sprintf(buf, "[%3d]: ", ihk_mc_get_processor_id()); len = snprintf(buf, KPRINTF_LOCAL_BUF_LEN, "[%3d]: ",
ihk_mc_get_processor_id());
va_start(va, format); va_start(va, format);
len += vsnprintf(buf + len, KPRINTF_LOCAL_BUF_LEN - len - 2, format, va); len += vsnprintf(buf + len, KPRINTF_LOCAL_BUF_LEN - len - 2, format, va);
@ -149,7 +150,8 @@ int kprintf(const char *format, ...)
} }
/* Copy into the local buf */ /* Copy into the local buf */
len = sprintf(buf, "[%3d]: ", ihk_mc_get_processor_id()); len = snprintf(buf, KPRINTF_LOCAL_BUF_LEN, "[%3d]: ",
ihk_mc_get_processor_id());
va_start(va, format); va_start(va, format);
len += vsnprintf(buf + len, KPRINTF_LOCAL_BUF_LEN - len - 2, format, va); len += vsnprintf(buf + len, KPRINTF_LOCAL_BUF_LEN - len - 2, format, va);

8
kernel/mem.c
View File

@ -1474,9 +1474,10 @@ static void numa_distances_init()
char buf[1024]; char buf[1024];
char *pbuf = buf; char *pbuf = buf;
pbuf += sprintf(pbuf, "NUMA %d distances: ", i); pbuf += snprintf(pbuf, 1024, "NUMA %d distances: ", i);
for (j = 0; j < ihk_mc_get_nr_numa_nodes(); ++j) { for (j = 0; j < ihk_mc_get_nr_numa_nodes(); ++j) {
pbuf += sprintf(pbuf, "%d (%d), ", pbuf += snprintf(pbuf, 1024 - (pbuf - buf),
"%d (%d), ",
memory_nodes[i].nodes_by_distance[j].id, memory_nodes[i].nodes_by_distance[j].id,
memory_nodes[i].nodes_by_distance[j].distance); memory_nodes[i].nodes_by_distance[j].distance);
} }
@ -1519,7 +1520,8 @@ void numa_sysfs_setup(void) {
char path[PATH_MAX]; char path[PATH_MAX];
for (i = 0; i < ihk_mc_get_nr_numa_nodes(); ++i) { for (i = 0; i < ihk_mc_get_nr_numa_nodes(); ++i) {
sprintf(path, "/sys/devices/system/node/node%d/meminfo", i); snprintf(path, PATH_MAX,
"/sys/devices/system/node/node%d/meminfo", i);
error = sysfs_createf(&numa_sysfs_meminfo, &memory_nodes[i], error = sysfs_createf(&numa_sysfs_meminfo, &memory_nodes[i],
0444, path); 0444, path);

28
kernel/procfs.c
View File

@ -35,8 +35,7 @@
#define dprintf(...) #define dprintf(...)
#endif #endif
extern int snprintf(char * buf, size_t size, const char *fmt, ...); extern int snprintf(char *buf, size_t size, const char *fmt, ...);
extern int sprintf(char * buf, const char *fmt, ...);
extern int sscanf(const char * buf, const char * fmt, ...); extern int sscanf(const char * buf, const char * fmt, ...);
extern int scnprintf(char * buf, size_t size, const char *fmt, ...); extern int scnprintf(char * buf, size_t size, const char *fmt, ...);
@ -324,6 +323,8 @@ int process_procfs_request(struct ikc_scd_packet *rpacket)
for (cpu = 0; cpu < num_processors; ++cpu) { for (cpu = 0; cpu < num_processors; ++cpu) {
ans = snprintf(buf, count, "cpu%d\n", cpu); ans = snprintf(buf, count, "cpu%d\n", cpu);
if (ans < 0 || ans > count)
goto err;
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) if (buf_add(&buf_top, &buf_cur, buf, ans) < 0)
goto err; goto err;
} }
@ -333,7 +334,7 @@ int process_procfs_request(struct ikc_scd_packet *rpacket)
#ifdef POSTK_DEBUG_ARCH_DEP_42 /* /proc/cpuinfo support added. */ #ifdef POSTK_DEBUG_ARCH_DEP_42 /* /proc/cpuinfo support added. */
else if (!strcmp(p, "cpuinfo")) { /* "/proc/cpuinfo" */ else if (!strcmp(p, "cpuinfo")) { /* "/proc/cpuinfo" */
ans = ihk_mc_show_cpuinfo(buf, count, 0, &eof); ans = ihk_mc_show_cpuinfo(buf, count, 0, &eof);
if (ans < 0) if (ans < 0 || ans > count)
goto err; goto err;
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) if (buf_add(&buf_top, &buf_cur, buf, ans) < 0)
goto err; goto err;
@ -452,7 +453,8 @@ int process_procfs_request(struct ikc_scd_packet *rpacket)
"" ""
); );
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock); ihk_mc_spinlock_unlock_noirq(&vm->memory_range_lock);
goto err; goto err;
} }
@ -573,30 +575,35 @@ int process_procfs_request(struct ikc_scd_packet *rpacket)
proc->rgid, proc->egid, proc->sgid, proc->fsgid, proc->rgid, proc->egid, proc->sgid, proc->fsgid,
state, state,
(lockedsize + 1023) >> 10); (lockedsize + 1023) >> 10);
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
goto err; goto err;
} }
ans = snprintf(buf, count, "Cpus_allowed:\t%s\n", cpu_bitmask); ans = snprintf(buf, count, "Cpus_allowed:\t%s\n", cpu_bitmask);
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
kfree(bitmasks); kfree(bitmasks);
goto err; goto err;
} }
ans = snprintf(buf, count, "Cpus_allowed_list:\t%s\n", ans = snprintf(buf, count, "Cpus_allowed_list:\t%s\n",
cpu_list); cpu_list);
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
kfree(bitmasks); kfree(bitmasks);
goto err; goto err;
} }
ans = snprintf(buf, count, "Mems_allowed:\t%s\n", ans = snprintf(buf, count, "Mems_allowed:\t%s\n",
numa_bitmask); numa_bitmask);
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
kfree(bitmasks); kfree(bitmasks);
goto err; goto err;
} }
ans = snprintf(buf, count, "Mems_allowed_list:\t%s\n", ans = snprintf(buf, count, "Mems_allowed_list:\t%s\n",
numa_list); numa_list);
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) { if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0) {
kfree(bitmasks); kfree(bitmasks);
goto err; goto err;
} }
@ -701,7 +708,8 @@ int process_procfs_request(struct ikc_scd_packet *rpacket)
0, 0LL, 0L, 0L // policy... 0, 0LL, 0L, 0L // policy...
); );
if (buf_add(&buf_top, &buf_cur, buf, ans) < 0) if (ans < 0 || ans > count ||
buf_add(&buf_top, &buf_cur, buf, ans) < 0)
goto err; goto err;
ans = 0; ans = 0;
goto end; goto end;