[Crash-utility] [PATCH v2] Fixed the segment fault when ikconfig passed nonstandard values
刘云
liuyun01 at tj.kylinos.cn
Tue Jan 5 12:11:56 UTC 2021
在 2021/1/5 下午4:36, HAGIO KAZUHITO(萩尾 一仁) 写道:
> Hi Jackie,
>
> -----Original Message-----
>> From: Jackie Liu <liuyun01 at kylinos.cn>
>>
>> Some strange reasons may cause kcore to collect some strange
>> entries of ikconfig, such as CONFIG_SECU+[some hex data] causes
>> the 'val' to be NULL, and then crashes when strdup.
>>
>> CONFIG_SECU+[some hex data] to be **strings that don't
>> contain the delimitor string '='** and then strtok_r() interprets
>> it as consisting of a single token, hence val resulting in having NULL.
> Thanks for the update, I will modify the commit message a bit more
> as follows, I think you use arm64 kernels:
Aha, 100% correct. It's arm64 platform on Hisilicom hi1620.
> ---
> Fix for a segmentation fault when analyzing arm64 kernels that are
> configured with CONFIG_IKCONFIG and have a strange entry that does
> not contain the delimiter "=", such as "CONFIG_SECU+[some hex data]".
>
> Without the patch, in the add_ikconfig_entry() function, strtok_r()
> interprets it as consisting of a single token and the val variable
> is set to NULL, and then strdup() crashes.
> ---
>
> and
> Acked-by: Kazuhito Hagio <k-hagio-ab at nec.com>
>
> Please wait for another ack.
Sure. thanks. Jackie.
>
> Thanks,
> Kazu
>
>> [d.hatayama at fujitsu.com: rewrite comment]
>> Suggested-by: HAGIO KAZUHITO(萩尾 一仁) <k-hagio-ab at nec.com>
>> Signed-off-by: Jackie Liu <liuyun01 at kylinos.cn>
>> ---
>> kernel.c | 14 +++++++++++---
>> 1 file changed, 11 insertions(+), 3 deletions(-)
>>
>> diff --git a/kernel.c b/kernel.c
>> index 9871637..c8182a6 100644
>> --- a/kernel.c
>> +++ b/kernel.c
>> @@ -10236,7 +10236,7 @@ static struct ikconfig_list {
>> char *val;
>> } *ikconfig_all;
>>
>> -static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>> +static int add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>> {
>> char *tokptr, *name, *val;
>>
>> @@ -10244,8 +10244,16 @@ static void add_ikconfig_entry(char *line, struct ikconfig_list *ent)
>> sscanf(name, "CONFIG_%s", name);
>> val = strtok_r(NULL, "", &tokptr);
>>
>> + if (!val) {
>> + if (CRASHDEBUG(2))
>> + error(WARNING, "invalid ikconfig entry: %s\n", line);
>> + return FALSE;
>> + }
>> +
>> ent->name = strdup(name);
>> ent->val = strdup(val);
>> +
>> + return TRUE;
>> }
>>
>> static int setup_ikconfig(char *config)
>> @@ -10265,8 +10273,8 @@ static int setup_ikconfig(char *config)
>> ent++;
>>
>> if (STRNEQ(ent, "CONFIG_")) {
>> - add_ikconfig_entry(ent,
>> - &ikconfig_all[kt->ikconfig_ents++]);
>> + if (add_ikconfig_entry(ent, &ikconfig_all[kt->ikconfig_ents]))
>> + kt->ikconfig_ents++;
>> if (kt->ikconfig_ents == IKCONFIG_MAX) {
>> error(WARNING, "ikconfig overflow.\n");
>> return 1;
>> --
>> 2.17.1
>>
>>
More information about the Crash-utility
mailing list