Commit 9c246247 authored by Hugh Dickins's avatar Hugh Dickins Committed by Linus Torvalds
Browse files


Miles Lane tailing /sys files hit a BUG which Pekka Enberg has tracked
to my 966c8c12

 sprint_symbol(): use
less stack exposing a bug in slub's list_locations() -
kallsyms_lookup() writes a 0 to namebuf[KSYM_NAME_LEN-1], but that was
beyond the end of page provided.

The 100 slop which list_locations() allows at end of page looks roughly
enough for all the other stuff it might print after the symbol before
it checks again: break out KSYM_SYMBOL_LEN earlier than before.

Latencytop and ftrace and are using KSYM_NAME_LEN buffers where they
need KSYM_SYMBOL_LEN buffers, and vmallocinfo a 2*KSYM_NAME_LEN buffer
where it wants a KSYM_SYMBOL_LEN buffer: fix those before anyone copies

[ ftrace.h needs module.h]
Signed-off-by: default avatarHugh Dickins <>
Cc: Christoph Lameter <>
Cc Miles Lane <>
Acked-by: default avatarPekka Enberg <>
Acked-by: default avatarSteven Rostedt <>
Acked-by: default avatarFrederic Weisbecker <>
Cc: Rusty Russell <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent 6ee5a399
......@@ -371,7 +371,7 @@ static int lstats_show_proc(struct seq_file *m, void *v)
for (q = 0; q < LT_BACKTRACEDEPTH; q++) {
char sym[KSYM_NAME_LEN];
char sym[KSYM_SYMBOL_LEN];
char *c;
if (!task->latency_record[i].backtrace[q])
......@@ -6,6 +6,7 @@
#include <linux/ktime.h>
#include <linux/init.h>
#include <linux/types.h>
#include <linux/module.h>
#include <linux/kallsyms.h>
......@@ -231,7 +232,7 @@ ftrace_init_module(unsigned long *start, unsigned long *end) { }
struct boot_trace {
pid_t caller;
char func[KSYM_NAME_LEN];
char func[KSYM_SYMBOL_LEN];
int result;
unsigned long long duration; /* usecs */
ktime_t calltime;
......@@ -191,7 +191,7 @@ static int lstats_show(struct seq_file *m, void *v)
for (q = 0; q < LT_BACKTRACEDEPTH; q++) {
char sym[KSYM_NAME_LEN];
char sym[KSYM_SYMBOL_LEN];
char *c;
if (!latency_record[i].backtrace[q])
......@@ -3597,7 +3597,7 @@ static int list_locations(struct kmem_cache *s, char *buf,
for (i = 0; i < t.count; i++) {
struct location *l = &t.loc[i];
if (len > PAGE_SIZE - 100)
if (len > PAGE_SIZE - KSYM_SYMBOL_LEN - 100)
len += sprintf(buf + len, "%7ld ", l->count);
......@@ -1717,7 +1717,7 @@ static int s_show(struct seq_file *m, void *p)
v->addr, v->addr + v->size, v->size);
if (v->caller) {
char buff[2 * KSYM_NAME_LEN];
char buff[KSYM_SYMBOL_LEN];
seq_putc(m, ' ');
sprint_symbol(buff, (unsigned long)v->caller);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment