From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: Petr Mladek <pmladek@suse.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Linus Torvalds <torvalds@linux-foundation.org>,
"Tobin C . Harding" <me@tobin.cc>, Joe Perches <joe@perches.com>,
Andrew Morton <akpm@linux-foundation.org>,
Michal Hocko <mhocko@suse.cz>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 8/9] vsprintf: Prevent crash when dereferencing invalid pointers
Date: Tue, 19 Feb 2019 12:30:03 +0900 [thread overview]
Message-ID: <20190219033003.GA2284@jagdpanzerIV> (raw)
In-Reply-To: <20190208152310.29531-9-pmladek@suse.com>
On (02/08/19 16:23), Petr Mladek wrote:
[..]
> + /*
> + * This is not a fool-proof test. 99% of the time that this will fault is
> + * due to a bad pointer, not one that crosses into bad memory. Just test
> + * the address to make sure it doesn't fault due to a poorly added printk
> + * during debugging.
> + */
> +static const char *check_pointer_msg(const void *ptr)
> +{
> + char byte;
> +
> + if (!ptr)
> + return "(null)";
> +
> + if (probe_kernel_address(ptr, byte))
> + return "(efault)";
> +
> + return NULL;
> +}
Hmm... So the assumption here is that the target buffer always has
at least strlen("(efault)") bytes and, thus, we always can write the
error message to it.
> +static int check_pointer(char **buf, char *end, const void *ptr,
> + struct printf_spec spec)
> +{
> + const char *err_msg;
> +
> + err_msg = check_pointer_msg(ptr);
> + if (err_msg) {
> + *buf = string_nocheck(*buf, end, err_msg, spec);
> + return -EFAULT;
> + }
> +
> + return 0;
> +}
Suppose in my driver I sprintf() pointers to 4-bytes strings and, thus,
have only 5 spare bytes in target buffer. But one of the pointers is
faulty and now sprintf() writes "(efault)" to target buffer which can
hold only 5 bytes.
-ss
next prev parent reply other threads:[~2019-02-19 3:30 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-08 15:23 [PATCH v6 0/9] vsprintf: Prevent silent crashes and consolidate error handling Petr Mladek
2019-02-08 15:23 ` [PATCH v6 1/9] vsprintf: Shuffle restricted_pointer() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 2/9] vsprintf: Consistent %pK handling for kptr_restrict == 0 Petr Mladek
2019-02-08 15:23 ` [PATCH v6 3/9] vsprintf: Do not check address of well-known strings Petr Mladek
2019-02-08 17:27 ` Andy Shevchenko
2019-02-08 15:23 ` [PATCH v6 4/9] vsprintf: Factor out %p[iI] handler as ip_addr_string() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 5/9] vsprintf: Factor out %pV handler as va_format() Petr Mladek
2019-02-08 17:11 ` Joe Perches
2019-02-12 13:00 ` Petr Mladek
2019-02-12 14:32 ` Steven Rostedt
2019-02-12 17:58 ` Joe Perches
2019-02-12 19:47 ` Steven Rostedt
2019-02-12 20:22 ` Rasmus Villemoes
2019-02-08 15:23 ` [PATCH v6 6/9] vsprintf: Factor out %pO handler as kobject_string() Petr Mladek
2019-02-08 15:23 ` [PATCH v6 7/9] vsprintf: Consolidate handling of unknown pointer specifiers Petr Mladek
2019-02-08 17:25 ` Andy Shevchenko
2019-02-12 13:35 ` Petr Mladek
2019-02-08 15:23 ` [PATCH v6 8/9] vsprintf: Prevent crash when dereferencing invalid pointers Petr Mladek
2019-02-19 3:30 ` Sergey Senozhatsky [this message]
2019-02-19 11:02 ` Andy Shevchenko
2019-02-19 12:51 ` Sergey Senozhatsky
2019-02-19 13:49 ` Andy Shevchenko
2019-02-19 14:15 ` Sergey Senozhatsky
2019-02-20 10:24 ` Petr Mladek
2019-02-08 15:23 ` [PATCH v6 9/9] vsprintf: Avoid confusion between invalid address and value Petr Mladek
2019-02-08 17:27 ` Andy Shevchenko
2019-02-12 15:45 ` Petr Mladek
2019-02-13 13:54 ` Andy Shevchenko
2019-02-14 8:42 ` Petr Mladek
2019-02-14 12:45 ` Andy Shevchenko
2019-02-19 3:03 ` Sergey Senozhatsky
2019-02-19 11:06 ` Andy Shevchenko
2019-02-20 9:24 ` Petr Mladek
2019-02-21 1:47 ` Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190219033003.GA2284@jagdpanzerIV \
--to=sergey.senozhatsky.work@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=joe@perches.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=me@tobin.cc \
--cc=mhocko@suse.cz \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.