| From b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 Mon Sep 17 00:00:00 2001 |
| From: Vasily Gorbik <gor@linux.vnet.ibm.com> |
| Date: Wed, 15 Nov 2017 14:15:36 +0100 |
| Subject: s390/disassembler: increase show_code buffer size |
| |
| From: Vasily Gorbik <gor@linux.vnet.ibm.com> |
| |
| commit b192571d1ae375e0bbe0aa3ccfa1a3c3704454b9 upstream. |
| |
| Current buffer size of 64 is too small. objdump shows that there are |
| instructions which would require up to 75 bytes buffer (with current |
| formating). 128 bytes "ought to be enough for anybody". |
| |
| Also replaces 8 spaces with a single tab to reduce the memory footprint. |
| |
| Fixes the following KASAN finding: |
| |
| BUG: KASAN: stack-out-of-bounds in number+0x3fe/0x538 |
| Write of size 1 at addr 000000005a4a75a0 by task bash/1282 |
| |
| CPU: 1 PID: 1282 Comm: bash Not tainted 4.14.0+ #215 |
| Hardware name: IBM 2964 N96 702 (z/VM 6.4.0) |
| Call Trace: |
| ([<000000000011eeb6>] show_stack+0x56/0x88) |
| [<0000000000e1ce1a>] dump_stack+0x15a/0x1b0 |
| [<00000000004e2994>] print_address_description+0xf4/0x288 |
| [<00000000004e2cf2>] kasan_report+0x13a/0x230 |
| [<0000000000e38ae6>] number+0x3fe/0x538 |
| [<0000000000e3dfe4>] vsnprintf+0x194/0x948 |
| [<0000000000e3ea42>] sprintf+0xa2/0xb8 |
| [<00000000001198dc>] print_insn+0x374/0x500 |
| [<0000000000119346>] show_code+0x4ee/0x538 |
| [<000000000011f234>] show_registers+0x34c/0x388 |
| [<000000000011f2ae>] show_regs+0x3e/0xa8 |
| [<000000000011f502>] die+0x1ea/0x2e8 |
| [<0000000000138f0e>] do_no_context+0x106/0x168 |
| [<0000000000139a1a>] do_protection_exception+0x4da/0x7d0 |
| [<0000000000e55914>] pgm_check_handler+0x16c/0x1c0 |
| [<000000000090639e>] sysrq_handle_crash+0x46/0x58 |
| ([<0000000000000007>] 0x7) |
| [<00000000009073fa>] __handle_sysrq+0x102/0x218 |
| [<0000000000907c06>] write_sysrq_trigger+0xd6/0x100 |
| [<000000000061d67a>] proc_reg_write+0xb2/0x128 |
| [<0000000000520be6>] __vfs_write+0xee/0x368 |
| [<0000000000521222>] vfs_write+0x21a/0x278 |
| [<000000000052156a>] SyS_write+0xda/0x178 |
| [<0000000000e555cc>] system_call+0xc4/0x270 |
| |
| The buggy address belongs to the page: |
| page:000003d1016929c0 count:0 mapcount:0 mapping: (null) index:0x0 |
| flags: 0x0() |
| raw: 0000000000000000 0000000000000000 0000000000000000 ffffffff00000000 |
| raw: 0000000000000100 0000000000000200 0000000000000000 0000000000000000 |
| page dumped because: kasan: bad access detected |
| |
| Memory state around the buggy address: |
| 000000005a4a7480: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 |
| 000000005a4a7500: 00 00 00 00 00 00 00 00 f2 f2 f2 f2 00 00 00 00 |
| >000000005a4a7580: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 |
| ^ |
| 000000005a4a7600: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 f8 |
| 000000005a4a7680: f2 f2 f2 f2 f2 f2 f8 f8 f2 f2 f3 f3 f3 f3 00 00 |
| ================================================================== |
| |
| Signed-off-by: Vasily Gorbik <gor@linux.vnet.ibm.com> |
| Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| arch/s390/kernel/dis.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/arch/s390/kernel/dis.c |
| +++ b/arch/s390/kernel/dis.c |
| @@ -1997,7 +1997,7 @@ void show_code(struct pt_regs *regs) |
| { |
| char *mode = user_mode(regs) ? "User" : "Krnl"; |
| unsigned char code[64]; |
| - char buffer[64], *ptr; |
| + char buffer[128], *ptr; |
| mm_segment_t old_fs; |
| unsigned long addr; |
| int start, end, opsize, hops, i; |
| @@ -2060,7 +2060,7 @@ void show_code(struct pt_regs *regs) |
| start += opsize; |
| printk(buffer); |
| ptr = buffer; |
| - ptr += sprintf(ptr, "\n "); |
| + ptr += sprintf(ptr, "\n\t "); |
| hops++; |
| } |
| printk("\n"); |