On Sun, Oct 14, 2018 at 06:18:29PM +0800, Macpaul Lin wrote:
> This patch is trying to fix KASAN issue reported by Syzkaller scan.
Thanks for the patch, but...
> Signed-off-by: Macpaul Lin <macp...@gmail.com>
> ---
> drivers/tty/serial/kgdboc.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
> index b4ba2b1..c89eb9d 100644
> --- a/drivers/tty/serial/kgdboc.c
> +++ b/drivers/tty/serial/kgdboc.c
> @@ -245,13 +245,16 @@ static void kgdboc_put_char(u8 chr)
> static int param_set_kgdboc_var(const char *kmessage,
> const struct kernel_param *kp)
> {
> - int len = strlen(kmessage);
> + size_t len = strlen(kmessage);
>
> if (len >= MAX_CONFIG_LEN) {
> printk(KERN_ERR "kgdboc: config string too long\n");
> return -ENOSPC;
> }
>
> + if (len == 0)
> + return -EINVAL;
> +
... why is a zero-length string an invalid input?
> /* Only copy in the string if the init function has not run yet */
> if (configured < 0) {
> strcpy(config, kmessage);
> /* Chop out \n char as a result of echo */
> if (config[len - 1] == '\n')
It looks like this is the broken code that makes KASAN unhappy. What
happens if we use the following fix here:
if (len && config[len - 1] == '\n')
Daniel.
_______________________________________________
Kgdb-bugreport mailing list
Kgdb-bugreport@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kgdb-bugreport
