• Vasily Gorbik's avatar
    s390/disassembler: increase show_code buffer size · 5c2607d3
    Vasily Gorbik authored
    commit b192571d upstream.
    
    Current buffer size of 64 is too small. objdump shows that there are
    instructions which would require up to 75 bytes buffer (with current
    formating). 128 bytes "ought to be enough for anybody".
    
    Also replaces 8 spaces with a single tab to reduce the memory footprint.
    
    Fixes the following KASAN finding:
    
    BUG: KASAN: stack-out-of-bounds in number+0x3fe/0x538
    Write of size 1 at addr 000000005a4a75a0 by task bash/1282
    
    CPU: 1 PID: 1282 Comm: bash Not tainted 4.14.0+ #215
    Hardware name: IBM 2964 N96 702 (z/VM 6.4.0)
    Call Trace:
    ([<000000000011eeb6>] show_stack+0x56/0x88)
     [<0000000000e1ce1a>] dump_stack+0x15a/0x1b0
     [<00000000004e2994>] print_address_description+0xf4/0x288
     [<00000000004e2cf2>] kasan_report+0x13a/0x230
     [<0000000000e38ae6>] number+0x3fe/0x538
     [<0000000000e3dfe4>] vsnprintf+0x194/0x948
     [<0000000000e3ea42>] sprintf+0xa2/0xb8
     [<00000000001198dc>] print_insn+0x374/0x500
     [<0000000000119346>] show_code+0x4ee/0x538
     [<000000000011f234>] show_registers+0x34c/0x388
     [<000000000011f2ae>] show_regs+0x3e/0xa8
     [<000000000011f502>] die+0x1ea/0x2e8
     [<0000000000138f0e>] do_no_context+0x106/0x168
     [<0000000000139a1a>] do_protection_exception+0x4da/0x7d0
     [<0000000000e55914>] pgm_check_handler+0x16c/0x1c0
     [<000000000090639e>] sysrq_handle_crash+0x46/0x58
    ([<0000000000000007>] 0x7)
     [<00000000009073fa>] __handle_sysrq+0x102/0x218
     [<0000000000907c06>] write_sysrq_trigger+0xd6/0x100
     [<000000000061d67a>] proc_reg_write+0xb2/0x128
     [<0000000000520be6>] __vfs_write+0xee/0x368
     [<0000000000521222>] vfs_write+0x21a/0x278
     [<000000000052156a>] SyS_write+0xda/0x178
     [<0000000000e555cc>] system_call+0xc4/0x270
    
    The buggy address belongs to the page:
    page:000003d1016929c0 count:0 mapcount:0 mapping:          (null) index:0x0
    flags: 0x0()
    raw: 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000
    raw: 0000000000000100 0000000000000200 0000000000000000 0000000000000000
    page dumped because: kasan: bad access detected
    
    Memory state around the buggy address:
     000000005a4a7480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
     000000005a4a7500: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00
    >000000005a4a7580: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
                                   ^
     000000005a4a7600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8
     000000005a4a7680: f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f3 f3 f3 f3 00 00
    ==================================================================
    Signed-off-by: default avatarVasily Gorbik <gor@linux.vnet.ibm.com>
    Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    5c2607d3
dis.c 67.2 KB