FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2025-02-14 00:13:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/fs
History
Eric Dumazet 404ca80eb5 coredump: fix va_list corruption 
A va_list needs to be copied in case it needs to be used twice.

Thanks to Hugh for debugging this issue, leading to various panics.

Tested:

  lpq84:~# echo "|/foobar12345 %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h" >/proc/sys/kernel/core_pattern

'produce_core' is simply : main() { *(int *)0 = 1;}

  lpq84:~# ./produce_core
  Segmentation fault (core dumped)
  lpq84:~# dmesg | tail -1
  [  614.352947] Core dump to |/foobar12345 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 lpq84 (null) pipe failed

Notice the last argument was replaced by a NULL (we were lucky enough to
not crash, but do not try this on your production machine !)

After fix :

  lpq83:~# echo "|/foobar12345 %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h %h" >/proc/sys/kernel/core_pattern
  lpq83:~# ./produce_core
  Segmentation fault
  lpq83:~# dmesg | tail -1
  [  740.800441] Core dump to |/foobar12345 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 lpq83 pipe failed

Fixes: 5fe9d8ca21cc ("coredump: cn_vprintf() has no reason to call vsnprintf() twice")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Diagnosed-by: Hugh Dickins <hughd@google.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org # 3.11+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-04-19 13:23:31 -07:00
..
9p
mm: implement ->map_pages for page cache
2014-04-07 16:35:53 -07:00
adfs
fs/adfs/super.c: add __init to init_inodecache()
2014-04-07 16:36:08 -07:00
affs
affs: add mount option to avoid filename truncates
2014-04-07 16:36:08 -07:00
afs
mm + fs: store shadow entries in page cache
2014-04-03 16:21:01 -07:00
autofs4
autofs4: check dev ioctl size before allocating
2014-04-08 16:48:51 -07:00
befs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
bfs
fs/bfs/inode.c: add __init to init_inodecache()
2014-04-07 16:36:08 -07:00
btrfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
cachefiles
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
ceph
ceph: fix pr_fmt() redefinition
2014-04-12 15:39:53 -07:00
cifs
cif: fix dead code
2014-04-16 23:08:57 -05:00
coda
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
configfs
cramfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
debugfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
devpts
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
dlm
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
ecryptfs
Merge branch 'cross-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
2014-04-04 14:03:05 -07:00
efivarfs
efs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
exofs
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
2014-04-10 14:33:02 -07:00
exportfs
ext2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2014-04-07 17:59:17 -07:00
ext3
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2014-04-07 17:59:17 -07:00
ext4
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
f2fs
Merge branch 'akpm' (incoming from Andrew)
2014-04-07 16:38:06 -07:00
fat
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
freevxfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
fscache
fuse
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
gfs2
mm: implement ->map_pages for page cache
2014-04-07 16:35:53 -07:00
hfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
hfsplus
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
hostfs
mm + fs: store shadow entries in page cache
2014-04-03 16:21:01 -07:00
hpfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
hppfs
hugetlbfs
mm, hugetlb: unify region structure handling
2014-04-03 16:20:59 -07:00
isofs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2014-04-07 17:59:17 -07:00
jbd
jbd2
jbd2: improve error messages for inconsistent journal heads
2014-03-12 16:38:03 -04:00
jffs2
MTD updates for 3.15:
2014-04-07 10:17:30 -07:00
jfs
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
kernfs
kernfs: protect lazy kernfs_iattrs allocation with mutex
2014-04-16 11:54:40 -07:00
lockd
lockd: ensure we tear down any live sockets when socket creation fails during lockd_up
2014-03-28 10:43:08 -04:00
logfs
mm + fs: store shadow entries in page cache
2014-04-03 16:21:01 -07:00
minix
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
ncpfs
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-04-12 17:31:22 -07:00
nfs
mm: implement ->map_pages for page cache
2014-04-07 16:35:53 -07:00
nfs_common
nfsd
Merge branch 'for-3.15' of git://linux-nfs.org/~bfields/linux
2014-04-08 18:28:14 -07:00
nilfs2
mm: implement ->map_pages for page cache
2014-04-07 16:35:53 -07:00
nls
notify
fanotify: move unrelated handling from copy_event_to_user()
2014-04-03 16:20:51 -07:00
ntfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
ocfs2
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-04-12 17:31:22 -07:00
omfs
mm + fs: store shadow entries in page cache
2014-04-03 16:21:01 -07:00
openpromfs
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
proc
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
pstore
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
qnx4
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
qnx6
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
quota
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2014-04-07 17:59:17 -07:00
ramfs
reiserfs
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2014-04-07 17:59:17 -07:00
romfs
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
squashfs
fs: push sync_filesystem() down to the file system's remount_fs()
2014-03-13 10:14:33 -04:00
sysfs
sysfs, driver-core: remove unused {sysfs|device}_schedule_callback_owner()
2014-04-16 11:56:33 -07:00
sysv
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
ubifs
mm: implement ->map_pages for page cache
2014-04-07 16:35:53 -07:00
udf
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
ufs
fs/ufs: remove unused ufs_super_block_third pointer
2014-04-07 16:36:16 -07:00
xfs
xfs: fix tmpfile/selinux deadlock and initialize security
2014-04-17 08:15:30 +10:00
aio.c
aio: v4 ensure access to ctx->ring_pages is correctly serialised for migration
2014-03-28 10:14:45 -04:00
anon_inodes.c
vfs: Allocate anon_inode_inode in anon_inode_init()
2014-03-27 09:52:54 -07:00
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c
binfmt_elf.c
exec: kill the unnecessary mm->def_flags setting in load_elf_binary()
2014-04-07 16:35:52 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_misc: add missing 'break' statement
2014-04-03 16:21:16 -07:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
block: Ensure we only enable integrity metadata for reads and writes
2014-04-09 08:00:06 -06:00
bio.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
block_dev.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
buffer.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
char_dev.c
compat_binfmt_elf.c
compat_ioctl.c
compat.c
Merge branch 'locks-3.15' of git://git.samba.org/jlayton/linux
2014-04-04 14:21:20 -07:00
coredump.c
coredump: fix va_list corruption
2014-04-19 13:23:31 -07:00
dcache.c
Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux
2014-04-08 09:52:16 -07:00
dcookies.c
direct-io.c
xfs: update for 3.15-rc1
2014-04-04 15:50:08 -07:00
drop_caches.c
drop_caches: add some documentation and info message
2014-04-03 16:21:04 -07:00
eventfd.c
eventpoll.c
exec.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
fcntl.c
locks: add new fcntl cmd values for handling file private locks
2014-03-31 08:24:43 -04:00
fhandle.c
file_table.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
file.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
filesystems.c
sys_sysfs: Add CONFIG_SYSFS_SYSCALL
2014-04-03 16:21:05 -07:00
fs_struct.c
fs-writeback.c
One of the main highlights this time, is not the patches themselves
2014-04-04 14:49:16 -07:00
inode.c
Major changes for 3.14 include support for the newly added ZERO_RANGE
2014-04-04 15:39:39 -07:00
internal.h
ioctl.c
ioprio.c
Kconfig
Kconfig.binfmt
libfs.c
locks.c
locks: make locks_mandatory_area check for file-private locks
2014-03-31 08:24:43 -04:00
Makefile
mbcache.c
ext4: each filesystem creates and uses its own mb_cache
2014-03-18 19:24:49 -04:00
mount.h
reduce m_start() cost...
2014-04-01 23:19:09 -04:00
mpage.c
namei.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
namespace.c
VFS: Make delayed_free() call free_vfsmnt()
2014-04-01 23:19:18 -04:00
no-block.c
open.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
2014-04-12 14:49:50 -07:00
pipe.c
switch pipe_read() to copy_page_to_iter()
2014-04-01 23:19:22 -04:00
pnode.c
smarter propagate_mnt()
2014-04-01 23:19:08 -04:00
pnode.h
smarter propagate_mnt()
2014-04-01 23:19:08 -04:00
posix_acl.c
One of the main highlights this time, is not the patches themselves
2014-04-04 14:49:16 -07:00
proc_namespace.c
reduce m_start() cost...
2014-04-01 23:19:09 -04:00
read_write.c
Merge branch 'compat' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
2014-03-31 14:32:17 -07:00
readdir.c
select.c
seq_file.c
signalfd.c
splice.c
switch vmsplice_to_user() to copy_page_to_iter()
2014-04-01 23:19:23 -04:00
stack.c
stat.c
statfs.c
super.c
fs: Don't return 0 from get_anon_bdev
2014-04-16 11:53:08 -07:00
sync.c
timerfd.c
utimes.c
xattr.c