This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[PATCH] buffer overflow when too many modules loaded
- From: Michal Schmidt <mschmidt at redhat dot com>
- To: systemtap at sources dot redhat dot com
- Date: Mon, 09 Jul 2007 00:20:37 +0200
- Subject: [PATCH] buffer overflow when too many modules loaded
Hello,
SystemTap hasn't been working for me at all for some time. It produced
messages like:
WARNING: There were -480085571 transport failures.
... and oopsed in the kernel every time.
It was caused by buffer overflows of _stp_modules and
_stp_modules_by_addr arrays. I have 139 modules loaded after boot (lots
of Netfilter modules) - this is more than the current limit of 128.
There was no boundary check.
This patch raises the limit to 256 modules and adds proper checking. It
fixes the problem for me. And I verified that the probe now correctly
fails to initialize if the limit is reached.
Michal
Index: runtime/sym.h
===================================================================
RCS file: /cvs/systemtap/src/runtime/sym.h,v
retrieving revision 1.4
diff -u -p -r1.4 sym.h
--- runtime/sym.h 21 Mar 2007 15:09:57 -0000 1.4
+++ runtime/sym.h 8 Jul 2007 22:00:33 -0000
@@ -49,7 +49,7 @@ struct _stp_module {
};
#ifndef STP_MAX_MODULES
-#define STP_MAX_MODULES 128
+#define STP_MAX_MODULES 256
#endif
/* the alphabetical array of modules */
Index: runtime/transport/symbols.c
===================================================================
RCS file: /cvs/systemtap/src/runtime/transport/symbols.c,v
retrieving revision 1.13
diff -u -p -r1.13 symbols.c
--- runtime/transport/symbols.c 2 Jul 2007 07:05:10 -0000 1.13
+++ runtime/transport/symbols.c 8 Jul 2007 22:00:34 -0000
@@ -378,7 +378,7 @@ static int _stp_module_exists(struct _st
return 0;
}
-static void _stp_ins_module(struct _stp_module *mod)
+static int _stp_ins_module(struct _stp_module *mod)
{
int i, num, res;
unsigned long flags;
@@ -387,6 +387,11 @@ static void _stp_ins_module(struct _stp_
STP_LOCK_MODULES;
+ if (_stp_num_modules == STP_MAX_MODULES) {
+ STP_UNLOCK_MODULES;
+ return -ENOMEM;
+ }
+
/* insert alphabetically in _stp_modules[] */
for (num = 1; num < _stp_num_modules; num++) {
res = strcmp(_stp_modules[num]->name, mod->name);
@@ -413,6 +418,7 @@ static void _stp_ins_module(struct _stp_
_stp_num_modules++;
STP_UNLOCK_MODULES;
+ return 0;
}
@@ -462,7 +468,8 @@ static int _stp_do_module(const char __u
return 0;
}
- _stp_ins_module(mod);
+ if (_stp_ins_module(mod) < 0)
+ return -ENOMEM;
return count;
}