Received: by 10.223.185.116 with SMTP id b49csp820435wrg; Sat, 10 Feb 2018 21:08:55 -0800 (PST) X-Google-Smtp-Source: AH8x225uS7ThQ3Akat5UQi5jPjBwv7YJcbd2bI5lKMIZY2VBevyNhVPgqUbqNQ2VIbpme/7KMO0h X-Received: by 10.98.190.22 with SMTP id l22mr328956pff.32.1518325735745; Sat, 10 Feb 2018 21:08:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518325735; cv=none; d=google.com; s=arc-20160816; b=ZRZrOSzaTBxkWBi6X2l5VSfZt+BYDoUSpZE+EeA+wXEt2hAIs4Jp3hkMbUZAoSx7uH xwrNX5UayirCDdJGy5L3xa5+/zabaMIkUFLMZ3Gp3VGAd83yTgh/ItMfEm2UT8aDYJKk JwbdjR2Fu1tIMYz0SCbPaQWHZxPRhh9fdCVhPN6HApTMkHMSlFXqqLljOqYxdO9JBKdN 3iAk/uRIo7Fo+2C2fYuypwSDKbHVTA6SX5Nk8PGAqo9L3flrFNnCPIPzC4nVIyzW2FIN HdWihbhkO8C9JvmSguqilcISh2Z56e7qrixCRYDCroWYwDwuR7K4X4qcEDQcNnLPKPR4 XXug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition :arc-authentication-results; bh=J0SUIs1i+OyRsmX2tEzEHwsN6uAS2Dq22Fc0SY6/ImE=; b=JXFfKil5NrdlilBOdkC7L9YK9y4AcnjJMhEBO/ZY0SVa7GBfdtcqkTh1rUB+GGj/lC SIf+IPWrBsc8Uvr7Bny6+hMFnuHLRprDhfzOiz+OENlgj2jryf6RcLoV5w3uBuOX8TFH PXZJXhOY6CwUwTkF3ws1uj4Bp36R2v1uZZYsgLCobhSjxxctE5aS5LwRIdjfacztiq2U ECiC8Wyq2MDtRwzeMtixHYGGSVBT3E08OmDAUyQMnPkBTcTQWwZcd2OuPIBcuZqORENq TkYZZM++DenvwKFfNVJHeQ3iYSKawy9IKLvZxOLhZUVsDdShJ3FFdBupW2zn8dJNwcdK e9gQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o18si4295902pfa.407.2018.02.10.21.08.42; Sat, 10 Feb 2018 21:08:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753961AbeBKFHi (ORCPT + 99 others); Sun, 11 Feb 2018 00:07:38 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:41463 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752658AbeBKEdm (ORCPT ); Sat, 10 Feb 2018 23:33:42 -0500 Received: from [2a02:8011:400e:2:6f00:88c8:c921:d332] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1ekjKe-0002hF-84; Sun, 11 Feb 2018 04:33:40 +0000 Received: from ben by deadeye with local (Exim 4.90) (envelope-from ) id 1ekjKY-0004Ue-2L; Sun, 11 Feb 2018 04:33:34 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Martin Schwidefsky" , "Vasily Gorbik" Date: Sun, 11 Feb 2018 04:20:06 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.2 40/79] s390/disassembler: increase show_code buffer size In-Reply-To: X-SA-Exim-Connect-IP: 2a02:8011:400e:2:6f00:88c8:c921:d332 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.2.99-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Vasily Gorbik commit b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 upstream. Current buffer size of 64 is too small. objdump shows that there are instructions which would require up to 75 bytes buffer (with current formating). 128 bytes "ought to be enough for anybody". Also replaces 8 spaces with a single tab to reduce the memory footprint. Fixes the following KASAN finding: BUG: KASAN: stack-out-of-bounds in number+0x3fe/0x538 Write of size 1 at addr 000000005a4a75a0 by task bash/1282 CPU: 1 PID: 1282 Comm: bash Not tainted 4.14.0+ #215 Hardware name: IBM 2964 N96 702 (z/VM 6.4.0) Call Trace: ([<000000000011eeb6>] show_stack+0x56/0x88) [<0000000000e1ce1a>] dump_stack+0x15a/0x1b0 [<00000000004e2994>] print_address_description+0xf4/0x288 [<00000000004e2cf2>] kasan_report+0x13a/0x230 [<0000000000e38ae6>] number+0x3fe/0x538 [<0000000000e3dfe4>] vsnprintf+0x194/0x948 [<0000000000e3ea42>] sprintf+0xa2/0xb8 [<00000000001198dc>] print_insn+0x374/0x500 [<0000000000119346>] show_code+0x4ee/0x538 [<000000000011f234>] show_registers+0x34c/0x388 [<000000000011f2ae>] show_regs+0x3e/0xa8 [<000000000011f502>] die+0x1ea/0x2e8 [<0000000000138f0e>] do_no_context+0x106/0x168 [<0000000000139a1a>] do_protection_exception+0x4da/0x7d0 [<0000000000e55914>] pgm_check_handler+0x16c/0x1c0 [<000000000090639e>] sysrq_handle_crash+0x46/0x58 ([<0000000000000007>] 0x7) [<00000000009073fa>] __handle_sysrq+0x102/0x218 [<0000000000907c06>] write_sysrq_trigger+0xd6/0x100 [<000000000061d67a>] proc_reg_write+0xb2/0x128 [<0000000000520be6>] __vfs_write+0xee/0x368 [<0000000000521222>] vfs_write+0x21a/0x278 [<000000000052156a>] SyS_write+0xda/0x178 [<0000000000e555cc>] system_call+0xc4/0x270 The buggy address belongs to the page: page:000003d1016929c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() raw: 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000 raw: 0000000000000100 0000000000000200 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: 000000005a4a7480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 000000005a4a7500: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 >000000005a4a7580: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 ^ 000000005a4a7600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 000000005a4a7680: f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f3 f3 f3 f3 00 00 ================================================================== Signed-off-by: Vasily Gorbik Signed-off-by: Martin Schwidefsky Signed-off-by: Ben Hutchings --- arch/s390/kernel/dis.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/s390/kernel/dis.c +++ b/arch/s390/kernel/dis.c @@ -1542,7 +1542,7 @@ void show_code(struct pt_regs *regs) { char *mode = (regs->psw.mask & PSW_MASK_PSTATE) ? "User" : "Krnl"; unsigned char code[64]; - char buffer[64], *ptr; + char buffer[128], *ptr; mm_segment_t old_fs; unsigned long addr; int start, end, opsize, hops, i; @@ -1600,7 +1600,7 @@ void show_code(struct pt_regs *regs) start += opsize; printk(buffer); ptr = buffer; - ptr += sprintf(ptr, "\n "); + ptr += sprintf(ptr, "\n\t "); hops++; } printk("\n");