Commit 35318db5 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by Linus Torvalds

proc: fix /proc/*/map_files lookup some more

I totally forgot that _parse_integer() accepts arbitrary amount of
leading zeroes leading to the following lookups:

		OK
	# readlink /proc/1/map_files/56427ecba000-56427eddc000
	/lib/systemd/systemd

		bogus
	# readlink /proc/1/map_files/00000000000056427ecba000-56427eddc000
	/lib/systemd/systemd
	# readlink /proc/1/map_files/56427ecba000-00000000000056427eddc000
	/lib/systemd/systemd

Link: http://lkml.kernel.org/r/20180303215130.GA23480@avx2Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Reviewed-by: default avatarCyrill Gorcunov <gorcunov@gmail.com>
Reviewed-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent b4884f23
...@@ -1913,6 +1913,8 @@ static int dname_to_vma_addr(struct dentry *dentry, ...@@ -1913,6 +1913,8 @@ static int dname_to_vma_addr(struct dentry *dentry,
unsigned long long sval, eval; unsigned long long sval, eval;
unsigned int len; unsigned int len;
if (str[0] == '0' && str[1] != '-')
return -EINVAL;
len = _parse_integer(str, 16, &sval); len = _parse_integer(str, 16, &sval);
if (len & KSTRTOX_OVERFLOW) if (len & KSTRTOX_OVERFLOW)
return -EINVAL; return -EINVAL;
...@@ -1924,6 +1926,8 @@ static int dname_to_vma_addr(struct dentry *dentry, ...@@ -1924,6 +1926,8 @@ static int dname_to_vma_addr(struct dentry *dentry,
return -EINVAL; return -EINVAL;
str++; str++;
if (str[0] == '0' && str[1])
return -EINVAL;
len = _parse_integer(str, 16, &eval); len = _parse_integer(str, 16, &eval);
if (len & KSTRTOX_OVERFLOW) if (len & KSTRTOX_OVERFLOW)
return -EINVAL; return -EINVAL;
......
/proc-self-mem /proc-self-map-files-001
/proc-self-map-files-002
/proc-self-syscall /proc-self-syscall
/proc-self-wchan
CFLAGS += -Wall -O2 CFLAGS += -Wall -O2
TEST_GEN_PROGS := TEST_GEN_PROGS :=
TEST_GEN_PROGS += proc-self-map-files-001
TEST_GEN_PROGS += proc-self-map-files-002
TEST_GEN_PROGS += proc-self-syscall TEST_GEN_PROGS += proc-self-syscall
TEST_GEN_PROGS += proc-self-wchan TEST_GEN_PROGS += proc-self-wchan
......
/*
* Copyright _ 2018 Alexey Dobriyan <adobriyan@gmail.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* Test readlink /proc/self/map_files/... */
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>
#include <stdlib.h>
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
int main(void)
{
const unsigned int PAGE_SIZE = sysconf(_SC_PAGESIZE);
void *p;
int fd;
unsigned long a, b;
fd = open("/dev/zero", O_RDONLY);
if (fd == -1)
return 1;
p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE, fd, 0);
if (p == MAP_FAILED)
return 1;
a = (unsigned long)p;
b = (unsigned long)p + PAGE_SIZE;
pass("/proc/self/map_files/%lx-%lx", a, b);
fail("/proc/self/map_files/ %lx-%lx", a, b);
fail("/proc/self/map_files/%lx -%lx", a, b);
fail("/proc/self/map_files/%lx- %lx", a, b);
fail("/proc/self/map_files/%lx-%lx ", a, b);
fail("/proc/self/map_files/0%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-0%lx", a, b);
if (sizeof(long) == 4) {
fail("/proc/self/map_files/100000000%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-100000000%lx", a, b);
} else if (sizeof(long) == 8) {
fail("/proc/self/map_files/10000000000000000%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-10000000000000000%lx", a, b);
} else
return 1;
return 0;
}
/*
* Copyright _ 2018 Alexey Dobriyan <adobriyan@gmail.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* Test readlink /proc/self/map_files/... with address 0. */
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>
#include <stdlib.h>
static void pass(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1)
exit(1);
}
static void fail(const char *fmt, unsigned long a, unsigned long b)
{
char name[64];
char buf[64];
snprintf(name, sizeof(name), fmt, a, b);
if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
return;
exit(1);
}
int main(void)
{
const unsigned int PAGE_SIZE = sysconf(_SC_PAGESIZE);
void *p;
int fd;
unsigned long a, b;
fd = open("/dev/zero", O_RDONLY);
if (fd == -1)
return 1;
p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE|MAP_FIXED, fd, 0);
if (p == MAP_FAILED) {
if (errno == EPERM)
return 2;
return 1;
}
a = (unsigned long)p;
b = (unsigned long)p + PAGE_SIZE;
pass("/proc/self/map_files/%lx-%lx", a, b);
fail("/proc/self/map_files/ %lx-%lx", a, b);
fail("/proc/self/map_files/%lx -%lx", a, b);
fail("/proc/self/map_files/%lx- %lx", a, b);
fail("/proc/self/map_files/%lx-%lx ", a, b);
fail("/proc/self/map_files/0%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-0%lx", a, b);
if (sizeof(long) == 4) {
fail("/proc/self/map_files/100000000%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-100000000%lx", a, b);
} else if (sizeof(long) == 8) {
fail("/proc/self/map_files/10000000000000000%lx-%lx", a, b);
fail("/proc/self/map_files/%lx-10000000000000000%lx", a, b);
} else
return 1;
return 0;
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment