From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <1488327156.25838.42.camel@perches.com> From: Joe Perches Date: Tue, 28 Feb 2017 16:12:36 -0800 In-Reply-To: <20170228160607.183a88bd491e97fa6a7ded9c@linux-foundation.org> References: <476DC76E7D1DF2438D32BFADF679FC562307BAE6@ORSMSX103.amr.corp.intel.com> <163a690510e636a23187c0dc9caa09ddac6d4cde.1488228427.git.joe@perches.com> <20170228160607.183a88bd491e97fa6a7ded9c@linux-foundation.org> Content-Type: text/plain; charset="ISO-8859-1" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [kernel-hardening] Re: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p extensions To: Andrew Morton Cc: Andy Whitcroft , "Roberts, William C" , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org List-ID: On Tue, 2017-02-28 at 16:06 -0800, Andrew Morton wrote: > On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches wrote: > > > %pK was at least once misused at %pk in an out-of-tree module. > > This lead to some security concerns. Add the ability to track > > single and multiple line statements for misuses of %p. > > Should we also do this? > > --- a/lib/vsprintf.c~checkpatch-add-ability-to-find-bad-uses-of-vsprintf-%pfoo-extensions-fix > +++ a/lib/vsprintf.c > @@ -1477,6 +1477,9 @@ int kptr_restrict __read_mostly; > * by an extra set of alphanumeric characters that are extended format > * specifiers. > * > + * Please update scripts/checkpatch.pl when adding new conversion characters. > + * (search for "check for vsprintf extension"). > + * Seems sensible, thanks. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751883AbdCAAMs (ORCPT ); Tue, 28 Feb 2017 19:12:48 -0500 Received: from smtprelay0065.hostedemail.com ([216.40.44.65]:42235 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751602AbdCAAMo (ORCPT ); Tue, 28 Feb 2017 19:12:44 -0500 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::,RULES_HIT:41:355:379:541:599:800:960:973:982:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1515:1516:1518:1534:1540:1593:1594:1711:1730:1747:1777:1792:2393:2553:2559:2562:2828:2894:2895:3138:3139:3140:3141:3142:3352:3622:3865:3866:3867:3868:3870:3874:4321:5007:7903:10004:10400:10848:10967:11232:11658:11914:12043:12296:12740:12760:12895:13069:13255:13311:13357:13439:14181:14659:14721:21080:21324:21433:30054:30070:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:1,LUA_SUMMARY:none X-HE-Tag: mass37_16f56e0023439 X-Filterd-Recvd-Size: 1892 Message-ID: <1488327156.25838.42.camel@perches.com> Subject: Re: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p extensions From: Joe Perches To: Andrew Morton Cc: Andy Whitcroft , "Roberts, William C" , kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org Date: Tue, 28 Feb 2017 16:12:36 -0800 In-Reply-To: <20170228160607.183a88bd491e97fa6a7ded9c@linux-foundation.org> References: <476DC76E7D1DF2438D32BFADF679FC562307BAE6@ORSMSX103.amr.corp.intel.com> <163a690510e636a23187c0dc9caa09ddac6d4cde.1488228427.git.joe@perches.com> <20170228160607.183a88bd491e97fa6a7ded9c@linux-foundation.org> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.22.3-0ubuntu0.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2017-02-28 at 16:06 -0800, Andrew Morton wrote: > On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches wrote: > > > %pK was at least once misused at %pk in an out-of-tree module. > > This lead to some security concerns. Add the ability to track > > single and multiple line statements for misuses of %p. > > Should we also do this? > > --- a/lib/vsprintf.c~checkpatch-add-ability-to-find-bad-uses-of-vsprintf-%pfoo-extensions-fix > +++ a/lib/vsprintf.c > @@ -1477,6 +1477,9 @@ int kptr_restrict __read_mostly; > * by an extra set of alphanumeric characters that are extended format > * specifiers. > * > + * Please update scripts/checkpatch.pl when adding new conversion characters. > + * (search for "check for vsprintf extension"). > + * Seems sensible, thanks.