From patchwork Sat Jun 26 00:57:18 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yun Zhou <yun.zhou@windriver.com>
X-Patchwork-Id: 12346361
Return-Path: 
 <SRS0=WpKy=LU=lists.openwall.com=kernel-hardening-return-21327-kernel-hardening=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.6 required=3.0 tests=BAYES_00,
	CHARSET_FARAWAY_HEADER,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,
	PDS_BAD_THREAD_QP_64,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 587BAC49EA6
	for <kernel-hardening@archiver.kernel.org>;
 Sat, 26 Jun 2021 09:37:28 +0000 (UTC)
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.kernel.org (Postfix) with SMTP id C0B4561621
	for <kernel-hardening@archiver.kernel.org>;
 Sat, 26 Jun 2021 09:37:26 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C0B4561621
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=windriver.com
Authentication-Results: mail.kernel.org;
 spf=pass
 smtp.mailfrom=kernel-hardening-return-21327-kernel-hardening=archiver.kernel.org@lists.openwall.com
Received: (qmail 29827 invoked by uid 550); 26 Jun 2021 09:37:18 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Received: (qmail 9363 invoked from network); 26 Jun 2021 00:58:01 -0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=fdEKdR388DvZ1I7huGHnj7eaZehDANjpgJ/RnHnGFYpJ9ZsjBHgFZCe8xjmrn+YGuxJ40H0zjmEqoVv8GOpWYWoFsfUaBEZxlrEhnGgU9wZrWjWH2zQyUmtW0YwmZcEIUVINQH2z7epJGLJVG4r2FD84BqUnkwVGZICwxtEgIUWiCotmEL6q3tB3rFzxHA9IImbnX178vmmc76mbwbuFtEADlzB+IYppKztIpPQt/KrSRIw0Rr1xVRPnc7/gnYz0q8+1jpWuYZbX9zZg5bDWQorJ+vP60dw3Yc1Gxzl4+AclzubbbzxMIJiO+8lTKDEUGn6r3IoSVx8E96Y0VQ3hpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=M4tUrAvWYhNoiFePlKAuFf4mJ5dhoqeayQP2/whCo9o=;
 b=DY8cr/7JWfcCCl5K3RP25XPOAM0dEYoFP1+GtxzBf+DnZ2V5Ubpg7VhgOmnEvbcpBNM2GIDHfxTeYtTxJj1ccluQ+ZR9wuzOR3BDtbmngW/DuOpgUaMRxLM1x+toBv33ZastDV8E5/vcFfSdQGeq0xgN1pYaVpeaKABVmf9qae9Mu48/umh+eDhoo/MXMBxzh+p2xlLweDTl/oe6qGoAFC2NzRbhl4r5FFdCfe11wyMkFFIkC3M+GpmskxbouFgGywGRJ4Gt3eb0NXYDtVLkIdSQz0PKya/JVprunh6eiyXOdvbewg3nQfGG5UCfSBTOq/QDhiZUKrHBlvgxgvEtcg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=windriver.com; dmarc=pass action=none
 header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=windriversystems.onmicrosoft.com;
 s=selector2-windriversystems-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=M4tUrAvWYhNoiFePlKAuFf4mJ5dhoqeayQP2/whCo9o=;
 b=Ra6HhbJ+ZVghGrXtv/6Hc8WMpUBHhGq0wLqaCNpqmHZfGmUsmLrRMxdm8Y6F6q5X/tQrwX2i7HN0QfaK3Lg5YnTOMBXXWxWax9U6zaMeDaMytEbcckb3yXwikl8xTNRZNAvmGxcc2JYyAEMEABXBKM666m7fs2biQufrfzXOlNE=
From: "Zhou, Yun" <Yun.Zhou@windriver.com>
To: Steven Rostedt <rostedt@goodmis.org>
CC: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "kernel-hardening@lists.openwall.com"
 <kernel-hardening@lists.openwall.com>,
        "Xue, Ying" <Ying.Xue@windriver.com>,
        "Li, Zhiquan"
	<Zhiquan.Li@windriver.com>
Subject: 
 =?eucgb2312_cn?b?u9i4tDogW1BBVENIIDEvMl0gc2VxX2J1ZjogZml4IG92ZXJmbG93IHdo?=
	=?eucgb2312_cn?b?ZW4gbGVuZ3RoIGlzIGJpZ2dlciB0aGFuIDg=?=
Thread-Topic: [PATCH 1/2] seq_buf: fix overflow when length is bigger than 8
Thread-Index: AQHXad6lRHP40od2dEqvpDuYaDytHasldaNF
Date: Sat, 26 Jun 2021 00:57:18 +0000
Message-ID: 
 <SN6PR11MB3008E8AED96764C86DDC2F6C9F059@SN6PR11MB3008.namprd11.prod.outlook.com>
References: 
 <20210625155348.58266-1-yun.zhou@windriver.com>,<20210625122453.5e2fe304@oasis.local.home>
In-Reply-To: <20210625122453.5e2fe304@oasis.local.home>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: goodmis.org; dkim=none (message not signed)
 header.d=none;goodmis.org; dmarc=none action=none header.from=windriver.com;
x-originating-ip: [111.199.71.174]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c820c38b-7a43-49d9-1ac5-08d9383d58db
x-ms-traffictypediagnostic: SA0PR11MB4558:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: 
 <SA0PR11MB4558720CCA0B92966D21943A9F059@SA0PR11MB4558.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2958;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 EgWQbAC4ri+zfDgh0pSyC5lUmIZbp9dyyp8CjfJ+itB9sHNm03TTyTDeZE7rI8v5Z9gU4uHvqmYcihN2htER6GaLZALZYkAgJHMq1F9RbBQE//ALrZGasBwWgPpR7tavw/t4uiUI2qQjMZe3PwwJvJa6U2SMKz2PthuIHniPwZS1YYIjqA/Jee+5nRI68tsxxWj1wvbSwE9l3MACvbCppttNKtVVThs5NzpNi2TNafcYNcLrx68pmbfAwaAXgocJJfdDz4DvoWA5/j0wsnYKw0Z5nPggWB//UFo2vO//0gia69hJ7NXjLC0d7Tg6BHwSfdCrEWEX5699UfLG3PcZSt5nH7TWDbxDXGw9QuXWnb6Tun9FnmhAz+0GwhsuW+wqf5kDS0mL8jPNewqa2SAkG7MX2/XV1fts+lz327COw6xZ79ArYx3kQ4E6vYchxtGOXWepwWAEdKc0g6KpNMIcutSZ7Bak3OR9XHHbAq7QX2NAyGAvbgBhlXKr+VQNxxUQlsknN2pSGyw1YsjyqSBV3i76NZo7e+U6+j4XNS4BhQ97bzOrGAyrYc36/gMXj8/B6s3o5GLJAZ7GnPXY83N6hJ0Z5ieM2gEqLtP2b8Ygm18+UsScGdfqs0RAXeMX69BH6moUYEqwRmaRPhMxxcfTujCkJgJQQA49bXJSJpBr3XVpbHPuHM2sSXZMfaPqLPJX7zFOD/NPag1to0CpTHzqGw==
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SN6PR11MB3008.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(39830400003)(136003)(376002)(346002)(396003)(366004)(86362001)(52536014)(66556008)(66476007)(64756008)(91956017)(66446008)(76116006)(5660300002)(2906002)(478600001)(66946007)(19627405001)(107886003)(186003)(7696005)(38100700002)(122000001)(9686003)(4326008)(224303003)(71200400001)(6916009)(316002)(8936002)(83380400001)(55016002)(54906003)(26005)(33656002)(6506007)(135533001)(13296009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?eucgb2312_cn?b?VXJrVUJ6S09NdjdWYTY1Z29s?=
	=?eucgb2312_cn?b?cFA5N1NRVXFWZEF0cDNjNi9XaDlFQ2NlelhJU1gwbU1rRWFhenlHaEpPZm5vZVdG?=
	=?eucgb2312_cn?b?aDNzU0cwYVpxZ3NyVzMyVVNrUTdndnh5ckRESDlqS1YxdVZNVHVGRFlQaXpORjll?=
	=?eucgb2312_cn?b?VGQvNGJjbTUvdmw1U2pQQXc4OFkzNkhtQXFmbjA4M1pjVnZNZzNNd0c2eFo4QjVL?=
	=?eucgb2312_cn?b?RjdaSkdjbFd2SWVXMnlYbUxIaXNSSjRNeDl0NGJCNU9iTld4WHpQUDdQVFgrR2Z1?=
	=?eucgb2312_cn?b?S2tuVlV4aU9mMnJWY04rQ2gzeHIvM3FheElxSjRjZ28xTWxtRkhrZ0dzYmJqei91?=
	=?eucgb2312_cn?b?TSt3QmV1NDVvSTZqZityWmNYTEJFWGU1c1pNdjNxSTNlM3FJck1lN1BCUmxOWkRi?=
	=?eucgb2312_cn?b?OUM2ZFRsYlFFU1pPU2JNTXpKQTloY2N1SDBLYnJMS2NDeXAwRTJvc0RjTXBrU1Bk?=
	=?eucgb2312_cn?b?ZCthdFZCL2U0dG9LaXZmU2ovN0M0Q2FCcmFUWVZjWmxjMVNBM1AwM2VncEo3MmN6?=
	=?eucgb2312_cn?b?VGN5QXE4QkpjZ0dGMEE4VzJrR0hRekpoQ2RQalBkMFp3STdaSEcvQVRWSWo5czlu?=
	=?eucgb2312_cn?b?YldrYkUwRFpabWdqbWdLOUJWNGk1NmY4REpTU2hwL2xUc2pZUm9SK2ZtbFEvZi9w?=
	=?eucgb2312_cn?b?UWV1S05TU2VEUm5OZFhjUjhkejd5SlVXY1RzK2I1TzY5azhLUDhyaHd4YitDVjgy?=
	=?eucgb2312_cn?b?T2hpL2lBT2VMeFNhMlE4NytpTGdkUWNoU1UxSVJpT3ZGVk15RmN4L0REbEh1d3Vy?=
	=?eucgb2312_cn?b?Sy9IcTBSaTMxU05XT3hIUlFqZzNkUlRGYlE5czFBNHdUVHA2R3pxQUpFL1FnZGVw?=
	=?eucgb2312_cn?b?Y1NnRVU1d2lvdWF5MTNXZ1htME1RWjZqUlJSZ2RxdGRJSVZlRjJtczZ2THdmeEky?=
	=?eucgb2312_cn?b?N3RsUlBrVStLTzNPUkphUFEwbzF0akxzOUtHVW8vY0FzZWxMU3QvZm00YWlTYjdR?=
	=?eucgb2312_cn?b?SjRSZG5KTTM5NmFQcE8vd08vYWtmZDVabzFuWHhZeGQ1WXU0ZTgxdVF3RFRVaFQw?=
	=?eucgb2312_cn?b?SkdZOVlnTHdleFlFREREQ0tYSkN3dXdOZSsxbDJURmlFdG91eEJmb2xTc2UrTktW?=
	=?eucgb2312_cn?b?eVplTWdXRkFpemxmdFhEVmpMU1QzUUxXRWoyWTB2RC9BM0hwQ3JrM3RONUg4aDJC?=
	=?eucgb2312_cn?b?Q1JtK1JHOTNZNFpCTFJtM2xmTW1BS3ZoU0JDYUorZjhXbWxFaFJXeWJGSS80QjBB?=
	=?eucgb2312_cn?b?T2ZUeEUwU3BKRHc5NlpyQmpwWWQvUE55UGpvOGViRXJpZ28vcDlYR2Z1YlA3dk0z?=
	=?eucgb2312_cn?b?Vm5Hb3pwOFhFVUNsMWNHRmMrbmpWUDlIanhwM094S2RCRk1QSEhyNm4wK2RtelY5?=
	=?eucgb2312_cn?b?WlRyUm95SjQvQ0hRclpZN3VWQ0ZXR012RWNNbkJ2SzBaMlJKOVFXdkx1eGFsNUpu?=
	=?eucgb2312_cn?b?OUdDNnE0eEJncEtNVlBGclZzNGREcVQ3Sm5ZZ1RLRlI1UVVRbnJyTm9SQ05ENExt?=
	=?eucgb2312_cn?b?dFIrcG9tZ210alFrc1dQV3EyK3RMNUUyWmRQYk5jb05lQ0NlUEZQK1pmNVF4WDFD?=
	=?eucgb2312_cn?b?WVRYQVdTN25qYmNaMWVVSEZiOVZuZS9wTTJkb1V1eGhGWWgrVHZCOTgyK2xCdkN6?=
	=?eucgb2312_cn?b?b29tNTY2WmkxUjgrOGFnVGk2QWhXL1ZjTm8rNmY3dXMvMlhyVU1TekkzZkt2Nm1Q?=
	=?eucgb2312_cn?b?blZOSE1FaHJHVGZjL08xUGdUK1pKbGlCZi85RVcrNHlFTXVaeEoxNXhNTlkreXQ2?=
	=?eucgb2312_cn?b?SnJza1U0L1pRPQ==?=
MIME-Version: 1.0
X-OriginatorOrg: windriver.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR11MB3008.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c820c38b-7a43-49d9-1ac5-08d9383d58db
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jun 2021 00:57:18.3391
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 8ddb2873-a1ad-4a18-ae4e-4644631433be
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 +WgsT2iW/xoWQl0vCG0sGkM2dyeKlfWi+OEB9wTzDDcSryOeH6sC298AIAgEufpr+eR6BVWYWkNjNNHrAgGPzA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR11MB4558
X-Proofpoint-ORIG-GUID: 4TYvoPSxp5hUHl3Y4Lm4lTmrq3FVHilI
X-Proofpoint-GUID: 4TYvoPSxp5hUHl3Y4Lm4lTmrq3FVHilI
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391,18.0.790
 definitions=2021-06-25_11:2021-06-25,2021-06-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 lowpriorityscore=0 suspectscore=0 mlxscore=0 bulkscore=0 spamscore=0
 malwarescore=0 adultscore=0 phishscore=0 mlxlogscore=999 clxscore=1015
 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2104190000 definitions=main-2106260003

Hi Steve,

Thanks very much for your very careful and clear reply. Your suggestions are very helpful. I was not sure whether you would accept the enhancement patch before, so I fixed the bug more thoroughly, which is really complicated.
I will follow your suggestions and requirements to redo the patch ASAP.

Best Regards,
Yun

diff --git a/lib/seq_buf.c b/lib/seq_buf.c
index 707453f5d58e..eb68b5b3eb26 100644
--- a/lib/seq_buf.c
+++ b/lib/seq_buf.c
@@ -229,8 +229,10 @@ int seq_buf_putmem_hex(struct seq_buf *s, const void *mem,

        WARN_ON(s->size == 0);

+       BUILD_BUG_ON(MAX_MEMHEX_BYTES * 2 >= HEX_CHARS);
+
        while (len) {
-               start_len = min(len, HEX_CHARS - 1);
+               start_len = min(len, MAX_MEMHEX_BYTES - 1);
 #ifdef __BIG_ENDIAN
                for (i = 0, j = 0; i < start_len; i++) {
 #else
--
2.29.2


That solves the first bug, and is easy to backport.

The second bug, is that data doesn't go forward (as you stated in your
original patch) which would be:

diff --git a/lib/seq_buf.c b/lib/seq_buf.c
index eb68b5b3eb26..39b9374d3a1e 100644
--- a/lib/seq_buf.c
+++ b/lib/seq_buf.c
@@ -244,13 +244,14 @@ int seq_buf_putmem_hex(struct seq_buf *s, const void *mem,
                if (WARN_ON_ONCE(j == 0 || j/2 > len))
                        break;

-               /* j increments twice per loop */
-               len -= j / 2;
                hex[j++] = ' ';

                seq_buf_putmem(s, hex, j);
                if (seq_buf_has_overflowed(s))
                        return -1;
+
+               len -= start_len;
+               data += start_len;
        }
        return 0;
 }