| View previous topic :: View next topic |
| Author |
Message |
squawker
n00b
Joined: 16 Mar 2004
Posts: 43
Location: Lommedalen, Norway
|
 Posted: Thu Sep 07, 2006 7:09 pm Post subject: Bug introduced in sys_getdomainname() in 2.6.18-rc3 |
 |
|
Posted this on sparclinux, but I thought it should be here too as its a real problem for anyone running NIS on Gentoo Sparc32/64.
There was a change between 2.6.18-rc2 and -rc3 to the buffer length error checking in sys_getdomainname(). On my Gentoo sparc64 box this breaks hostname when called as hostname -y/nisdomainname. The call returns EINVAL cause by passing an oversize buffer to the sycall.
The buffer is checked against __NEW_UTS_LEN, but I cannot see how it is a crime to pass an oversize buffer to a get_ call. Instead we need to check that len is >= nlen. nlen cannot be longer than __NEW_UTS_LEN anyway as nlen is the length of the string stored in the uts structure.
From arch/sparc64/kernel/sys_sparc.c
| Code: |
asmlinkage long sys_getdomainname(char __user *name, int len)
{
int nlen, err;
if (len < 0 || len > __NEW_UTS_LEN)
^^^^^^^^^^^^^^^^^^^
return -EINVAL;
down_read(&uts_sem);
nlen = strlen(system_utsname.domainname) + 1;
if (nlen < len)
len = nlen;
err = -EFAULT;
if (!copy_to_user(name, system_utsname.domainname, len))
err = 0;
up_read(&uts_sem);
return err;
}
|
Suggest a patch this. The forum will probably whitespace munge this, but you can find it at:
http://www.puszczka.com/~andy/sys_sparc.c.ud
cheers,
Andy
| Code: |
--- linux-2.6.18-rc5/arch/sparc64/kernel/sys_sparc.c.old 2006-09-04 23:25:59.000000000 +0200
+++ linux-2.6.18-rc5/arch/sparc64/kernel/sys_sparc.c 2006-09-04 23:31:25.000000000 +0200
@@ -703,19 +703,21 @@
{
int nlen, err;
- if (len < 0 || len > __NEW_UTS_LEN)
+ if (len < 0)
return -EINVAL;
down_read(&uts_sem);
nlen = strlen(system_utsname.domainname) + 1;
- if (nlen < len)
- len = nlen;
+ err = -EINVAL;
+ if (nlen > len)
+ goto out;
err = -EFAULT;
- if (!copy_to_user(name, system_utsname.domainname, len))
+ if (!copy_to_user(name, system_utsname.domainname, nlen))
err = 0;
+out:
up_read(&uts_sem);
return err;
}
|
|
|
| Back to top |
|
 |
gust4voz
Retired Dev
Joined: 09 Sep 2003
Posts: 373
Location: Buenos Aires, Argentina
|
| Posted: Thu Sep 07, 2006 8:00 pm Post subject: |
|
|
David Miller is your best bet to get this patched, so sparclinux is the place, he doesn't come over here.
AFAIK he's away this week, that being the reason for the silence over there.
_________________
Gustavo Zacarias
Gentoo/SPARC monkey |
|
| Back to top |
|
|
squawker
n00b
Joined: 16 Mar 2004
Posts: 43
Location: Lommedalen, Norway
|
| Posted: Fri Sep 08, 2006 9:51 am Post subject: |
|
|
Thanks for the reply Gustavo - yeah, I tried to mail the patch direct to Dave, but he replied that he didn't read mail sent directly to him and definitely not when he's on a 14 day trip. Which is fair enough, but a bit funny - he obviously did read my mail 
Other than this little nasty I haven't seen any problems running 2.6.18-rc5. I know I should maybe stick to gentoo-sources, but I've ALWAYS run vanilla on everything I can (going back to 0.13 on x86  - I was also one of the earliest to boot/debug Dave's sparc32 kernels on SS2 and SS5). In this case 2.6.18-rc5 is actually much more solid accessing a USB disk plugged into my U10 on a Via-chipset USB PCI card than 2.6.17-gentoo-r7. |
|
| Back to top |
|
|
gust4voz
Retired Dev
Joined: 09 Sep 2003
Posts: 373
Location: Buenos Aires, Argentina
|
| Posted: Fri Sep 08, 2006 10:25 am Post subject: |
|
|
It's always good if users test release candidates too as long as they know there are risks involved.
I've been using 2.6.18-rc6 on the T2000 for some time now without any obvious hiccups, but it's far from testing everything.
_________________
Gustavo Zacarias
Gentoo/SPARC monkey |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo on Sparc
