From 195982ffc4dc5ad795408335964fde7a0025564e Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Mon, 20 May 2024 16:01:04 +0800 Subject: [PATCH 1/8] Fix show_rcu_tasks_trace_gp_kthread buffer overflow Signed-off-by: YudeSS <1763294026@qq.com> --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index 14af29fe1377..a0b51b84d1f1 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - sprintf(buf, "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From 83962be221a13ab6768b555ee0c0e17d6979d4a6 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Mon, 20 May 2024 16:58:45 +0800 Subject: [PATCH 2/8] anolis: kernel: rcu: Fix show_rcu_tasks_trace_gp_kthread buffer overflow ANBZ: #9082 The original code uses 'sprintf' to format the string and store it in buf. 'sprintf' does not check the buffer size, so if the resulting string exceeds the size of buf (64 bytes), a buffer overflow will occur. Replace 'sprintf' with 'snprintf' and specify the buffer size 'sizeof(buf)'. snprintf will check the buffer size when formatting the string to ensure that no data exceeding the buffer size is written to avoid buffer overflow. Signed-off-by: YudeSS <1763294026@qq.com> --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index a0b51b84d1f1..d8c0cf127685 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf),"N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From cbdfa1f55425556db34b8661198e7fd1fba45199 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 08:00:23 +0000 Subject: [PATCH 3/8] Revert "anolis: kernel: rcu: Fix show_rcu_tasks_trace_gp_kthread buffer overflow" This reverts commit 83962be221a13ab6768b555ee0c0e17d6979d4a6. --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index d8c0cf127685..a0b51b84d1f1 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf),"N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From 04c6601bb46974ad13a541e76e3bf10609d2df9b Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 08:00:58 +0000 Subject: [PATCH 4/8] Revert "Fix show_rcu_tasks_trace_gp_kthread buffer overflow" This reverts commit 195982ffc4dc5ad795408335964fde7a0025564e. --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index a0b51b84d1f1..14af29fe1377 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + sprintf(buf, "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From 1729232d164111a13489abdf8b37f86d8cf93d29 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 16:02:34 +0800 Subject: [PATCH 5/8] anolis: kernel: rcu: Fix show_rcu_tasks_trace_gp_kthread buffer overflow ANBZ: #9082 The original code uses 'sprintf' to format the string and store it in buf. 'sprintf' does not check the buffer size, so if the resulting string exceeds the size of buf (64 bytes), a buffer overflow will occur. Replace 'sprintf' with 'snprintf' and specify the buffer size 'sizeof(buf)'. snprintf will check the buffer size when formatting the string to ensure that no data exceeding the buffer size is written to avoid buffer overflow. Signed-off-by: YudeSS <1763294026@qq.com> --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index d8c0cf127685..a0b51b84d1f1 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf),"N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From eb95cb044eb5de9355855bd3007cccaf187e5415 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 08:39:09 +0000 Subject: [PATCH 6/8] =?UTF-8?q?Revert=20"anolis:=20kernel:=20rcu:=20Fix=20?= =?UTF-8?q?show=5Frcu=5Ftasks=5Ftrace=5Fgp=5Fkthread=20buffer=20overfl?= =?UTF-8?q?=E2=80=A6"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit fc3840945e54896b746a4d2d018b13a35645a2bd. --- kernel/rcu/tasks.h | 2 +- kernel/rcu/tree_stall.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index d8c0cf127685..a0b51b84d1f1 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf),"N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); diff --git a/kernel/rcu/tree_stall.h b/kernel/rcu/tree_stall.h index 128906dcfc88..8c407009ce27 100644 --- a/kernel/rcu/tree_stall.h +++ b/kernel/rcu/tree_stall.h @@ -349,7 +349,7 @@ static void print_cpu_stall_fast_no_hz(char *cp, int cpu) { struct rcu_data *rdp = &per_cpu(rcu_data, cpu); - snprintf(cp, sizeof(cp), "last_accelerate: %04lx/%04lx dyntick_enabled: %d", + sprintf(cp, "last_accelerate: %04lx/%04lx dyntick_enabled: %d", rdp->last_accelerate & 0xffff, jiffies & 0xffff, !!rdp->tick_nohz_enabled_snap); } -- Gitee From ab11c7128af1b5bd01ee35e4e238370f07716492 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 08:39:31 +0000 Subject: [PATCH 7/8] Revert "anolis: kernel: rcu: Fix show_rcu_tasks_trace_gp_kthread buffer overflow" This reverts commit 1729232d164111a13489abdf8b37f86d8cf93d29. --- kernel/rcu/tasks.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tasks.h b/kernel/rcu/tasks.h index a0b51b84d1f1..d8c0cf127685 100644 --- a/kernel/rcu/tasks.h +++ b/kernel/rcu/tasks.h @@ -1209,7 +1209,7 @@ static void show_rcu_tasks_trace_gp_kthread(void) { char buf[64]; - snprintf(buf, sizeof(buf), "N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), + snprintf(buf, sizeof(buf),"N%d h:%lu/%lu/%lu", atomic_read(&trc_n_readers_need_end), data_race(n_heavy_reader_ofl_updates), data_race(n_heavy_reader_updates), data_race(n_heavy_reader_attempts)); -- Gitee From d40666e4348ee211fc01d8624a6a2229d4ccf924 Mon Sep 17 00:00:00 2001 From: YudeSS <1763294026@qq.com> Date: Sun, 9 Jun 2024 16:42:03 +0800 Subject: [PATCH 8/8] anolis: kernel: rcu: Fix show_rcu_tasks_trace_gp_kthread buffer overflow ANBZ: #9082 The original code uses 'sprintf' to format the string and store it in buf. 'sprintf' does not check the buffer size, so if the resulting string exceeds the size of buf (64 bytes), a buffer overflow will occur. Replace 'sprintf' with 'snprintf' and specify the buffer size 'sizeof(buf)'. snprintf will check the buffer size when formatting the string to ensure that no data exceeding the buffer size is written to avoid buffer overflow. Signed-off-by: YudeSS <1763294026@qq.com> --- kernel/rcu/tree_stall.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/rcu/tree_stall.h b/kernel/rcu/tree_stall.h index 8c407009ce27..128906dcfc88 100644 --- a/kernel/rcu/tree_stall.h +++ b/kernel/rcu/tree_stall.h @@ -349,7 +349,7 @@ static void print_cpu_stall_fast_no_hz(char *cp, int cpu) { struct rcu_data *rdp = &per_cpu(rcu_data, cpu); - sprintf(cp, "last_accelerate: %04lx/%04lx dyntick_enabled: %d", + snprintf(cp, sizeof(cp), "last_accelerate: %04lx/%04lx dyntick_enabled: %d", rdp->last_accelerate & 0xffff, jiffies & 0xffff, !!rdp->tick_nohz_enabled_snap); } -- Gitee