diff options
author | Hugh Dickins <hugh@veritas.com> | 2008-12-09 16:14:27 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-12-10 11:01:54 -0500 |
commit | 9c24624727f6d6c460e45762a408ca5f5b9b8ef2 (patch) | |
tree | 39f41dc5e46a9f0e1151963eb1d4f2b7ff77ee3d /mm/slub.c | |
parent | 6ee5a399d6a92a52646836a6e10faf255c16393e (diff) |
KSYM_SYMBOL_LEN fixes
Miles Lane tailing /sys files hit a BUG which Pekka Enberg has tracked
to my 966c8c12dc9e77f931e2281ba25d2f0244b06949 sprint_symbol(): use
less stack exposing a bug in slub's list_locations() -
kallsyms_lookup() writes a 0 to namebuf[KSYM_NAME_LEN-1], but that was
beyond the end of page provided.
The 100 slop which list_locations() allows at end of page looks roughly
enough for all the other stuff it might print after the symbol before
it checks again: break out KSYM_SYMBOL_LEN earlier than before.
Latencytop and ftrace and are using KSYM_NAME_LEN buffers where they
need KSYM_SYMBOL_LEN buffers, and vmallocinfo a 2*KSYM_NAME_LEN buffer
where it wants a KSYM_SYMBOL_LEN buffer: fix those before anyone copies
them.
[akpm@linux-foundation.org: ftrace.h needs module.h]
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc Miles Lane <miles.lane@gmail.com>
Acked-by: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Steven Rostedt <srostedt@redhat.com>
Acked-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/slub.c')
-rw-r--r-- | mm/slub.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -3597,7 +3597,7 @@ static int list_locations(struct kmem_cache *s, char *buf, | |||
3597 | for (i = 0; i < t.count; i++) { | 3597 | for (i = 0; i < t.count; i++) { |
3598 | struct location *l = &t.loc[i]; | 3598 | struct location *l = &t.loc[i]; |
3599 | 3599 | ||
3600 | if (len > PAGE_SIZE - 100) | 3600 | if (len > PAGE_SIZE - KSYM_SYMBOL_LEN - 100) |
3601 | break; | 3601 | break; |
3602 | len += sprintf(buf + len, "%7ld ", l->count); | 3602 | len += sprintf(buf + len, "%7ld ", l->count); |
3603 | 3603 | ||