Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3801589pxj; Tue, 15 Jun 2021 08:57:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwH8+0i/QLQDO+UK+mvgESlJ4j2HK8hfKg/EqE8mHe7Vf73UQEIAdG7LU7JiUl87vt8JALx X-Received: by 2002:a17:907:33ce:: with SMTP id zk14mr274615ejb.86.1623772659964; Tue, 15 Jun 2021 08:57:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623772659; cv=none; d=google.com; s=arc-20160816; b=ctVgqEOzjAqWvfMp343jgaGxzZwBMvh/8nrBXk6S/G0J8hlcgO7KaVhG/ZSgB7ycrF QhUiHXr2LnC7Afd3meawXyVLpT/1ZdiM5vGMmg/faTAtH5Lm8n8Qpiu5OcK634E0ELKs dMByn6LlBnhRzz2T4KjCxGqdJBWHHTUtiFBLWXsrxcGeJ5MKaW5bHoLNLUqV2Jk/8X6R 05M3xLy5Ua0kd4Cp01Xmib0IOMieCt16dhtK2hvXvN90dnJfFMrfH+K3AH7/eTkPlrhm SVMk9wXutOz3nY744GH7DKWeuHy6oqExMsZlxpV+aWekvNm1df+1Hzju0Mig3kxp0LDO Hppw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from; bh=MV52zOJO3BgLoyxBK5REKzK3JlGzTw43kqJ/8PgJaWE=; b=GcX65+KejhQi9oc9p4QntCc6rrBhavRj+VrEidgwcd5+4gJWbA3VDkC7QbBMXxJa6P nWcLzseUWG2hR/fTCLiJel9wJrNioglaHHnEEIgKreSKr6XS9n0760qXjWy4OGpZF1jZ JIysyqfCK9+04RGf5MM9iaGJjCumGE8eSIn0X22VIQUn0PeIt4w+X/Lu9nXAOY14rJ2L RXZXOKvGPC+xkBFpIIsB9fL9Xj/Q3+PqWgJsDtyKuMH6II/zouFatyq2r0RhBGe52jjt aq/xCupxfujUC2yaGXVIiDg/lS0MIXNcG4+u2OG0YL5e9OD50Bki15f0leGoExp9zz/n Ujug== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y18si10644933edv.141.2021.06.15.08.57.17; Tue, 15 Jun 2021 08:57:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232360AbhFOPzZ (ORCPT + 99 others); Tue, 15 Jun 2021 11:55:25 -0400 Received: from foss.arm.com ([217.140.110.172]:39096 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232373AbhFOPwY (ORCPT ); Tue, 15 Jun 2021 11:52:24 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4390E143B; Tue, 15 Jun 2021 08:50:19 -0700 (PDT) Received: from entos-ampere-02.shanghai.arm.com (entos-ampere-02.shanghai.arm.com [10.169.214.103]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 98EE73F694; Tue, 15 Jun 2021 08:50:14 -0700 (PDT) From: Jia He To: Petr Mladek , Steven Rostedt , Sergey Senozhatsky , Andy Shevchenko , Rasmus Villemoes , Jonathan Corbet , Alexander Viro , Linus Torvalds Cc: "Peter Zijlstra (Intel)" , Eric Biggers , "Ahmed S. Darwish" , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Matthew Wilcox , Jia He Subject: [PATCH RFCv4 3/4] lib/test_printf.c: split write-beyond-buffer check in two Date: Tue, 15 Jun 2021 23:49:51 +0800 Message-Id: <20210615154952.2744-4-justin.he@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20210615154952.2744-1-justin.he@arm.com> References: <20210615154952.2744-1-justin.he@arm.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Rasmus Villemoes Before each invocation of vsnprintf(), do_test() memsets the entire allocated buffer to a sentinel value. That buffer includes leading and trailing padding which is never included in the buffer area handed to vsnprintf (spaces merely for clarity): pad test_buffer pad **** **************** **** Then vsnprintf() is invoked with a bufsize argument <= BUF_SIZE. Suppose bufsize=10, then we'd have e.g. |pad | test_buffer |pad | **** pizza0 **** ****** **** A B C D E where vsnprintf() was given the area from B to D. It is obviously a bug for vsnprintf to touch anything between A and B or between D and E. The former is checked for as one would expect. But for the latter, we are actually a little stricter in that we check the area between C and E. Split that check in two, providing a clearer error message in case it was a genuine buffer overrun and not merely a write within the provided buffer, but after the end of the generated string. So far, no part of the vsnprintf() implementation has had any use for using the whole buffer as scratch space, but it's not unreasonable to allow that, as long as the result is properly nul-terminated and the return value is the right one. However, it is somewhat unusual, and most % won't need this, so keep the [C,D] check, but make it easy for a later patch to make that part opt-out for certain tests. Signed-off-by: Rasmus Villemoes Tested-by: Jia He Signed-off-by: Jia He --- lib/test_printf.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/test_printf.c b/lib/test_printf.c index ec0d5976bb69..d1d2f898ebae 100644 --- a/lib/test_printf.c +++ b/lib/test_printf.c @@ -78,12 +78,17 @@ do_test(int bufsize, const char *expect, int elen, return 1; } - if (memchr_inv(test_buffer + written + 1, FILL_CHAR, BUF_SIZE + PAD_SIZE - (written + 1))) { + if (memchr_inv(test_buffer + written + 1, FILL_CHAR, bufsize - (written + 1))) { pr_warn("vsnprintf(buf, %d, \"%s\", ...) wrote beyond the nul-terminator\n", bufsize, fmt); return 1; } + if (memchr_inv(test_buffer + bufsize, FILL_CHAR, BUF_SIZE + PAD_SIZE - bufsize)) { + pr_warn("vsnprintf(buf, %d, \"%s\", ...) wrote beyond buffer\n", bufsize, fmt); + return 1; + } + if (memcmp(test_buffer, expect, written)) { pr_warn("vsnprintf(buf, %d, \"%s\", ...) wrote '%s', expected '%.*s'\n", bufsize, fmt, test_buffer, written, expect); -- 2.17.1