[PATCH] [2.4] /proc/ioports overrun for long device names
From: olof
Date: Wed Aug 27 2003 - 21:53:26 EST
We've seen some memory corruption on systems where we have long device
names, since the last entry when you cat /proc/ioports might run over into
the next page. The check is only to make sure there's room for 80
characters, when there's more than that (i.e. 64-bit addresses + long
device names), there can be an overrun.
2.5 obviously doesn't have this because of seq_file.
Below patch will take the length of the name into consideration.
--- kernel/resource.c.orig 2003-07-16 10:25:40.000000000 -0500
+++ kernel/resource.c 2003-07-24 09:51:47.000000000 -0500
@@ -32,14 +32,21 @@ static char * do_resource_list(struct re
const char *name = entry->name;
unsigned long from, to;
- if ((int) (end-buf) < 80)
- return buf;
-
from = entry->start;
to = entry->end;
if (!name)
name = "<BAD>";
+ /* Make sure there's enough room for the format string
+ plus hex representation of 'from' and 'to' (2
+ characters per byte) as well as the name of the
+ resource. Due to the format characters in 'fmt', the
+ estimate will be a little high.
+ */
+ if ((int) (end-buf) < (strlen(fmt) + strlen(name) +
+ sizeof(from)*2 + sizeof(to)*2 + 1))
+ return buf;
+
buf += sprintf(buf, fmt + offset, from, to, name);
if (entry->child)
buf = do_resource_list(entry->child, fmt, offset-2, buf, end);
Thanks,
Olof
Olof Johansson Office: 4E002/905
pSeries Linux Development IBM Systems Group
Email: olof@xxxxxxxxxxxxxx Phone: 512-838-9858
All opinions are my own and not those of IBM
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/