From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Petr Mladek <pmladek@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
"Tobin C . Harding" <me@tobin.cc>, Joe Perches <joe@perches.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Subject: Re: [PATCH v3] vsprintf: Prevent crash when dereferencing invalid pointers
Date: Tue, 03 Apr 2018 16:40:58 +0300 [thread overview]
Message-ID: <1522762858.21176.327.camel@linux.intel.com> (raw)
In-Reply-To: <20180403131346.vwjpz475fzah5a6p@pathway.suse.cz>
On Tue, 2018-04-03 at 15:13 +0200, Petr Mladek wrote:
> On Tue 2018-04-03 14:54:18, Andy Shevchenko wrote:
> > On Tue, 2018-04-03 at 13:46 +0200, Petr Mladek wrote:
> > > On Mon 2018-04-02 17:15:23, Andy Shevchenko wrote:
> > > > On Thu, 2018-03-29 at 16:53 +0200, Petr Mladek wrote:
> > > > > On Fri 2018-03-16 20:19:35, Andy Shevchenko wrote:
> > > > > > On Thu, 2018-03-15 at 16:26 +0100, Petr Mladek wrote:
> > > > > > > On Thu 2018-03-15 15:09:03, Andy Shevchenko wrote:
> > > > > > > > I still think that printing a hex value of the error
> > > > > > > > code is
> > > > > > > > much
> > > > > > > > better
> > > > > > > > than some odd "(efault)".
> > > > > > >
> > > > > > > Do you mean (err:0e)? Google gives rather confusing
> > > > > > > answers
> > > > > > > for
> > > > > > > this.
> > > > > >
> > > > > > More like "(0xHHHH)" (we have already more than 512 error
> > > > > > code
> > > > > > numbers.
> > > > >
> > > > > Hmm, I have never seen the error code in this form.
> > > >
> > > > We have limited space to print it and error numbers currently
> > > > can be
> > > > up
> > > > to 0xfff (4095). So, I have no better idea how to squeeze them
> > > > while
> > > > thinking that "(efault)" is much harder to parse in case of
> > > > error
> > > > pointer.
> > >
> > > But this will not be used instead of address value. It is used in
> > > situations
> > > where we print the information that is stored at the address, for
> > > example,
> > > string, IP address, dentry name.
> >
> > We have a lot of API functions which returns:
> > -ERR_PTR
> > NULL
> > struct foo *
> >
> > There is no guarantee that one of that API won't be used as a
> > supplier
> > for printf().
>
> OK, I think that I have finally understood it. You would like to
> detect ERR_PTR values and handle them specially? I mean to show
> the value?
>
> But then we would need to distinguish three types of errors,
> something like:
>
> + (null) for pure NULL address
> + (e:XXXX) for address in IS_ERR_VALUE() range
// Just IS_ERR(). IS_ERR_VALUE() is not meant to be used widely
> + (efault) for any other invalid address
>
> Then people might want to see values also from the first 4096 bytes.
> This is getting too complicated.
No, it's not. (null) case is already in kernel, you came with (efault),
but IS_ERR() case or any other case like it is just printing of standard
pointer value. See in the code where special_hex_number() is called.
> I am not sure if it is worth it.
Your patch will hide values for error codes. Not good for debugging.
>
>
> > You can't dereference ERR_PTR value, but anything else except the
> > actual
> > error value is worse than value itself...
>
> Yes and no, see below.
Yes, there is no "no".
>
> > >
> > > > > Also google gives
> > > > > rather confusing results when searching, for example for
> > > > > "(0x000E)".
> > > >
> > > > It's not primarily for google, though yeah, people would google
> > > > for
> > > > error messages...
> > > >
> > > > Another question is what the format: decimal versus hex for
> > > > errors.
> > > > Maybe just "(-DDDDD)"?
> > >
> > > This still looks confusing and google does not help.
> >
> > ...then we have a last option just to print a value as a pointer
> > address.
>
> We could not print the real address from security reasons. The hashed
> pointer value is not much helpful. IMHO, a common error string is
> easier to spot or search for.
Did you read what I'm writing? How on the earth the pointer in the range
of -1...-4095 would be a security issue?!
--
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Intel Finland Oy
next prev parent reply other threads:[~2018-04-03 13:41 UTC|newest]
Thread overview: 87+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-16 21:07 [PATCH v2 1/9] lib/test_printf: Mark big constant with ULL Andy Shevchenko
2018-02-16 21:07 ` [PATCH v2 2/9] lib/vsprintf: Make dec_spec global Andy Shevchenko
2018-04-11 9:44 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 3/9] lib/vsprintf: Make strspec global Andy Shevchenko
2018-04-11 9:44 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 4/9] lib/vsprintf: Make flag_spec global Andy Shevchenko
2018-04-11 9:45 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 5/9] lib/vsprintf: Move pointer_string() upper Andy Shevchenko
2018-04-11 9:45 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 6/9] lib/vsprintf: Deduplicate pointer_string() Andy Shevchenko
2018-04-11 9:46 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 7/9] lib/vsprintf: Replace space with '_' before crng is ready Andy Shevchenko
2018-02-20 2:57 ` [此邮件可能存在风险] " Yang, Shunyong
2018-04-11 9:47 ` Petr Mladek
2018-02-16 21:07 ` [PATCH v2 8/9] lib/vsprintf: Remove useless NULL checks Andy Shevchenko
2018-02-27 15:50 ` Petr Mladek
2018-02-27 17:35 ` Andy Shevchenko
2018-02-28 10:04 ` Petr Mladek
2018-02-28 10:42 ` Andy Shevchenko
2018-03-02 12:51 ` Petr Mladek
2018-03-02 12:53 ` [PATCH] vsprintf: Make "null" pointer dereference more robust Petr Mladek
2018-03-02 14:17 ` Andy Shevchenko
2018-03-05 14:53 ` Petr Mladek
2018-03-29 15:13 ` Petr Mladek
2018-03-29 16:11 ` Joe Perches
2018-03-05 15:16 ` Rasmus Villemoes
2018-03-05 15:25 ` Andy Shevchenko
2018-03-06 9:25 ` Petr Mladek
2018-03-06 9:56 ` Andy Shevchenko
2018-03-07 15:52 ` Petr Mladek
2018-03-07 18:18 ` Andy Shevchenko
2018-03-07 18:34 ` Linus Torvalds
2018-03-08 14:18 ` Petr Mladek
2018-03-08 16:45 ` Linus Torvalds
2018-03-08 17:26 ` Linus Torvalds
2018-03-09 15:01 ` Petr Mladek
2018-03-09 19:05 ` Linus Torvalds
2018-03-14 14:09 ` [PATCH v3] vsprintf: Prevent crash when dereferencing invalid pointers Petr Mladek
2018-03-14 22:12 ` Rasmus Villemoes
2018-03-15 15:07 ` Petr Mladek
2018-03-15 17:07 ` Steven Rostedt
2018-03-15 17:06 ` Steven Rostedt
2018-03-15 0:57 ` Sergey Senozhatsky
2018-03-15 7:58 ` Sergey Senozhatsky
2018-03-15 8:03 ` Sergey Senozhatsky
2018-03-15 17:01 ` Steven Rostedt
2018-03-16 1:18 ` Sergey Senozhatsky
2018-03-16 1:35 ` Linus Torvalds
2018-03-16 5:53 ` Sergey Senozhatsky
2018-03-16 8:55 ` Petr Mladek
2018-03-16 14:32 ` Steven Rostedt
2018-03-17 1:29 ` Sergey Senozhatsky
2018-03-15 13:07 ` Andy Shevchenko
2018-03-15 13:09 ` Andy Shevchenko
2018-03-15 15:26 ` Petr Mladek
2018-03-16 18:19 ` Andy Shevchenko
2018-03-29 14:53 ` Petr Mladek
2018-04-02 14:15 ` Andy Shevchenko
2018-04-03 1:12 ` Sergey Senozhatsky
2018-04-03 11:52 ` Petr Mladek
2018-04-03 11:56 ` Andy Shevchenko
2018-04-03 13:57 ` Sergey Senozhatsky
2018-04-03 11:46 ` Petr Mladek
2018-04-03 11:54 ` Andy Shevchenko
2018-04-03 13:13 ` Petr Mladek
2018-04-03 13:40 ` Andy Shevchenko [this message]
2018-04-03 14:50 ` Petr Mladek
2018-03-15 14:48 ` kbuild test robot
2018-03-15 20:26 ` kbuild test robot
2018-03-06 18:11 ` [PATCH 1/2] vsprintf: distinguish between (null), (err) and (invalid) pointer derefs Adam Borowski
2018-03-06 18:11 ` [PATCH 2/2] vsprintf: don't dereference pointers to the first or last page Adam Borowski
2018-03-07 13:22 ` Andy Shevchenko
2018-03-07 13:17 ` [PATCH 1/2] vsprintf: distinguish between (null), (err) and (invalid) pointer derefs Andy Shevchenko
2018-03-07 13:42 ` Adam Borowski
2018-03-07 13:29 ` Andy Shevchenko
2018-03-02 14:15 ` [PATCH v2 8/9] lib/vsprintf: Remove useless NULL checks Andy Shevchenko
2018-03-05 14:57 ` Petr Mladek
2018-02-28 10:44 ` Andy Shevchenko
2018-03-01 14:56 ` Andy Shevchenko
2018-02-16 21:07 ` [PATCH v2 9/9] lib/vsprintf: Mark expected switch fall-through Andy Shevchenko
2018-04-11 9:47 ` Petr Mladek
2018-02-18 12:58 ` [PATCH v2 1/9] lib/test_printf: Mark big constant with ULL Luc Van Oostenryck
2018-02-18 14:20 ` Andy Shevchenko
2018-02-19 15:24 ` Andy Shevchenko
2018-04-11 9:41 ` Petr Mladek
2018-02-18 21:52 ` Tobin C. Harding
2018-02-18 23:55 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1522762858.21176.327.camel@linux.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=me@tobin.cc \
--cc=mhocko@suse.cz \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.