The patch titled
Subject: proc: fix /proc/*/map_files lookup some more
has been added to the -mm tree. Its filename is
proc-fix-proc-map_files-lookup-some-more.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/proc-fix-proc-map_files-lookup-some-more.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/proc-fix-proc-map_files-lookup-some-more.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Subject: proc: fix /proc/*/map_files lookup some more
I totally forgot that _parse_integer() accepts arbitrary amount of leading
zeroes leading to the following lookups:
OK
# readlink /proc/1/map_files/56427ecba000-56427eddc000
/lib/systemd/systemd
bogus
# readlink /proc/1/map_files/00000000000056427ecba000-56427eddc000
/lib/systemd/systemd
# readlink /proc/1/map_files/56427ecba000-00000000000056427eddc000
/lib/systemd/systemd
Link: http://lkml.kernel.org/r/20180303215130.GA23480@avx2
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Reviewed-by: Cyrill Gorcunov <gorcunov@xxxxxxxxx>
Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Pavel Emelyanov <xemul@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/proc/base.c | 4
tools/testing/selftests/proc/.gitignore | 4
tools/testing/selftests/proc/Makefile | 2
tools/testing/selftests/proc/proc-self-map-files-001.c | 82 +++++++++
tools/testing/selftests/proc/proc-self-map-files-002.c | 85 ++++++++++
5 files changed, 176 insertions(+), 1 deletion(-)
diff -puN fs/proc/base.c~proc-fix-proc-map_files-lookup-some-more fs/proc/base.c
--- a/fs/proc/base.c~proc-fix-proc-map_files-lookup-some-more
+++ a/fs/proc/base.c
@@ -1916,6 +1916,8 @@ static int dname_to_vma_addr(struct dent
unsigned long long sval, eval;
unsigned int len;
+ if (str[0] == '0' && str[1] != '-')
+ return -EINVAL;
len = _parse_integer(str, 16, &sval);
if (len & KSTRTOX_OVERFLOW)
return -EINVAL;
@@ -1927,6 +1929,8 @@ static int dname_to_vma_addr(struct dent
return -EINVAL;
str++;
+ if (str[0] == '0' && str[1])
+ return -EINVAL;
len = _parse_integer(str, 16, &eval);
if (len & KSTRTOX_OVERFLOW)
return -EINVAL;
diff -puN tools/testing/selftests/proc/.gitignore~proc-fix-proc-map_files-lookup-some-more tools/testing/selftests/proc/.gitignore
--- a/tools/testing/selftests/proc/.gitignore~proc-fix-proc-map_files-lookup-some-more
+++ a/tools/testing/selftests/proc/.gitignore
@@ -1,2 +1,4 @@
-/proc-self-mem
+/proc-self-map-files-001
+/proc-self-map-files-002
/proc-self-syscall
+/proc-self-wchan
diff -puN tools/testing/selftests/proc/Makefile~proc-fix-proc-map_files-lookup-some-more tools/testing/selftests/proc/Makefile
--- a/tools/testing/selftests/proc/Makefile~proc-fix-proc-map_files-lookup-some-more
+++ a/tools/testing/selftests/proc/Makefile
@@ -1,6 +1,8 @@
CFLAGS += -Wall -O2
TEST_GEN_PROGS :=
+TEST_GEN_PROGS += proc-self-map-files-001
+TEST_GEN_PROGS += proc-self-map-files-002
TEST_GEN_PROGS += proc-self-syscall
TEST_GEN_PROGS += proc-self-wchan
diff -puN /dev/null tools/testing/selftests/proc/proc-self-map-files-001.c
--- /dev/null
+++ a/tools/testing/selftests/proc/proc-self-map-files-001.c
@@ -0,0 +1,82 @@
+/*
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/* Test readlink /proc/self/map_files/... */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <stdlib.h>
+
+static void pass(const char *fmt, unsigned long a, unsigned long b)
+{
+ char name[64];
+ char buf[64];
+
+ snprintf(name, sizeof(name), fmt, a, b);
+ if (readlink(name, buf, sizeof(buf)) == -1)
+ exit(1);
+}
+
+static void fail(const char *fmt, unsigned long a, unsigned long b)
+{
+ char name[64];
+ char buf[64];
+
+ snprintf(name, sizeof(name), fmt, a, b);
+ if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
+ return;
+ exit(1);
+}
+
+int main(void)
+{
+ const unsigned int PAGE_SIZE = sysconf(_SC_PAGESIZE);
+ void *p;
+ int fd;
+ unsigned long a, b;
+
+ fd = open("/dev/zero", O_RDONLY);
+ if (fd == -1)
+ return 1;
+
+ p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE, fd, 0);
+ if (p == MAP_FAILED)
+ return 1;
+
+ a = (unsigned long)p;
+ b = (unsigned long)p + PAGE_SIZE;
+
+ pass("/proc/self/map_files/%lx-%lx", a, b);
+ fail("/proc/self/map_files/ %lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx -%lx", a, b);
+ fail("/proc/self/map_files/%lx- %lx", a, b);
+ fail("/proc/self/map_files/%lx-%lx ", a, b);
+ fail("/proc/self/map_files/0%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-0%lx", a, b);
+ if (sizeof(long) == 4) {
+ fail("/proc/self/map_files/100000000%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-100000000%lx", a, b);
+ } else if (sizeof(long) == 8) {
+ fail("/proc/self/map_files/10000000000000000%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-10000000000000000%lx", a, b);
+ } else
+ return 1;
+
+ return 0;
+}
diff -puN /dev/null tools/testing/selftests/proc/proc-self-map-files-002.c
--- /dev/null
+++ a/tools/testing/selftests/proc/proc-self-map-files-002.c
@@ -0,0 +1,85 @@
+/*
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+/* Test readlink /proc/self/map_files/... with address 0. */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/mman.h>
+#include <stdlib.h>
+
+static void pass(const char *fmt, unsigned long a, unsigned long b)
+{
+ char name[64];
+ char buf[64];
+
+ snprintf(name, sizeof(name), fmt, a, b);
+ if (readlink(name, buf, sizeof(buf)) == -1)
+ exit(1);
+}
+
+static void fail(const char *fmt, unsigned long a, unsigned long b)
+{
+ char name[64];
+ char buf[64];
+
+ snprintf(name, sizeof(name), fmt, a, b);
+ if (readlink(name, buf, sizeof(buf)) == -1 && errno == ENOENT)
+ return;
+ exit(1);
+}
+
+int main(void)
+{
+ const unsigned int PAGE_SIZE = sysconf(_SC_PAGESIZE);
+ void *p;
+ int fd;
+ unsigned long a, b;
+
+ fd = open("/dev/zero", O_RDONLY);
+ if (fd == -1)
+ return 1;
+
+ p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_FILE|MAP_FIXED, fd, 0);
+ if (p == MAP_FAILED) {
+ if (errno == EPERM)
+ return 2;
+ return 1;
+ }
+
+ a = (unsigned long)p;
+ b = (unsigned long)p + PAGE_SIZE;
+
+ pass("/proc/self/map_files/%lx-%lx", a, b);
+ fail("/proc/self/map_files/ %lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx -%lx", a, b);
+ fail("/proc/self/map_files/%lx- %lx", a, b);
+ fail("/proc/self/map_files/%lx-%lx ", a, b);
+ fail("/proc/self/map_files/0%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-0%lx", a, b);
+ if (sizeof(long) == 4) {
+ fail("/proc/self/map_files/100000000%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-100000000%lx", a, b);
+ } else if (sizeof(long) == 8) {
+ fail("/proc/self/map_files/10000000000000000%lx-%lx", a, b);
+ fail("/proc/self/map_files/%lx-10000000000000000%lx", a, b);
+ } else
+ return 1;
+
+ return 0;
+}
_
Binary file patches/proc-fix-proc-map_files-lookup-some-more.patch matches
Patches currently in -mm which might be from adobriyan@xxxxxxxxx are
slab-mark-kmalloc-machinery-as-__ro_after_init.patch
slab-fixup-calculate_alignment-argument-type.patch
slab-make-kmalloc_index-return-unsigned-int.patch
slab-make-kmalloc_size-return-unsigned-int.patch
slab-make-create_kmalloc_cache-work-with-32-bit-sizes.patch
slab-make-create_boot_cache-work-with-32-bit-sizes.patch
slab-make-kmem_cache_create-work-with-32-bit-sizes.patch
slab-make-size_index-array-u8.patch
slab-make-size_index_elem-unsigned-int.patch
slub-make-remote_node_defrag_ratio-unsigned-int.patch
slub-make-max_attr_size-unsigned-int.patch
slub-make-red_left_pad-unsigned-int.patch
slub-make-reserved-unsigned-int.patch
slub-make-align-unsigned-int.patch
slub-make-inuse-unsigned-int.patch
slub-make-cpu_partial-unsigned-int.patch
slub-make-offset-unsigned-int.patch
slub-make-object_size-unsigned-int.patch
slub-make-size-unsigned-int.patch
slab-make-kmem_cache_flags-accept-32-bit-object-size.patch
kasan-make-kasan_cache_create-work-with-32-bit-slab-cache-sizes.patch
slab-make-usercopy-region-32-bit.patch
slub-make-slab_index-return-unsigned-int.patch
slub-make-struct-kmem_cache_order_objects-x-unsigned-int.patch
slub-make-size_from_object-return-unsigned-int.patch
slab-use-32-bit-arithmetic-in-freelist_randomize.patch
proc-do-less-stuff-under-pde_unload_lock.patch
proc-move-proc-sysvipc-creation-to-where-it-belongs.patch
proc-faster-open-close-of-files-without-release-hook.patch
proc-randomize-struct-pde_opener.patch
proc-move-struct-pde_opener-to-kmem-cache.patch
proc-account-struct-pde_opener.patch
proc-check-permissions-earlier-for-proc-wchan.patch
proc-use-set_puts-at-proc-wchan.patch
proc-test-proc-self-wchan.patch
proc-test-proc-self-syscall.patch
proc-fix-proc-map_files-lookup-some-more.patch
uts-create-struct-uts_namespace-from-kmem_cache.patch
seq_file-delete-small-value-optimization.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
