From: Kees Cook <keescook@chromium.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: peterz@infradead.org, benh@kernel.crashing.org,
linux@rasmusvillemoes.dk, linux-kernel@vger.kernel.org,
paulus@samba.org, linux-hexagon@vger.kernel.org,
agordeev@linux.ibm.com, will@kernel.org,
linux-s390@vger.kernel.org, daniel.thompson@linaro.org,
arnd@arndb.de, linux-scsi@vger.kernel.org,
onkarnath.1@samsung.com, mpe@ellerman.id.au,
anil.s.keshavamurthy@intel.com, kartilak@cisco.com,
kgdb-bugreport@lists.sourceforge.net, naveen.n.rao@linux.ibm.com,
longman@redhat.com, borntraeger@linux.ibm.com,
jejb@linux.ibm.com, mhiramat@kernel.org, v.narang@samsung.com,
pmladek@suse.com, satishkh@cisco.com, boqun.feng@gmail.com,
gor@linux.ibm.com, hca@linux.ibm.com, rostedt@goodmis.org,
linux-fsdevel@vger.kernel.org, andriy.shevchenko@linux.intel.com,
mingo@redhat.com, bcain@quicinc.com, martin.petersen@oracle.com,
sebaddel@cisco.com, senozhatsky@chromium.org, mcgrof@kernel.org,
sve
Subject: Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf
Date: Mon, 23 May 2022 12:39:12 -0700 [thread overview]
Message-ID: <202205231238.FAF6D28@keescook> (raw)
In-Reply-To: <YonTOL4zC4CytVrn@infradead.org>
On Sat, May 21, 2022 at 11:07:52PM -0700, Christoph Hellwig wrote:
> On Fri, May 20, 2022 at 02:06:56PM +0530, Maninder Singh wrote:
> > kallsyms functionality depends on KSYM_NAME_LEN directly.
> > but if user passed array length lesser than it, sprintf
> > can cause issues of buffer overflow attack.
> >
> > So changing *sprint* and *lookup* APIs in this patch set
> > to have buffer size as an argument and replacing sprintf with
> > scnprintf.
>
> This is still a pretty horrible API. Passing something like
> a struct seq_buf seems like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: Maninder Singh <maninder1.s@samsung.com>,
pmladek@suse.com, bcain@quicinc.com, mpe@ellerman.id.au,
benh@kernel.crashing.org, paulus@samba.org, hca@linux.ibm.com,
gor@linux.ibm.com, agordeev@linux.ibm.com,
borntraeger@linux.ibm.com, svens@linux.ibm.com,
satishkh@cisco.com, sebaddel@cisco.com, kartilak@cisco.com,
jejb@linux.ibm.com, martin.petersen@oracle.com,
mcgrof@kernel.org, jason.wessel@windriver.com,
daniel.thompson@linaro.org, dianders@chromium.org,
naveen.n.rao@linux.ibm.com, anil.s.keshavamurthy@intel.com,
davem@davemloft.net, mhiramat@kernel.org, peterz@infradead.org,
mingo@redhat.com, will@kernel.org, longman@redhat.com,
boqun.feng@gmail.com, rostedt@goodmis.org,
senozhatsky@chromium.org, andriy.shevchenko@linux.intel.com,
linux@rasmusvillemoes.dk, akpm@linux-foundation.org,
arnd@arndb.de, linux-hexagon@vger.kernel.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-s390@vger.kernel.org, linux-scsi@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-modules@vger.kernel.org,
kgdb-bugreport@lists.sourceforge.net, v.narang@samsung.com,
onkarnath.1@samsung.com
Subject: Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf
Date: Mon, 23 May 2022 12:39:12 -0700 [thread overview]
Message-ID: <202205231238.FAF6D28@keescook> (raw)
In-Reply-To: <YonTOL4zC4CytVrn@infradead.org>
On Sat, May 21, 2022 at 11:07:52PM -0700, Christoph Hellwig wrote:
> On Fri, May 20, 2022 at 02:06:56PM +0530, Maninder Singh wrote:
> > kallsyms functionality depends on KSYM_NAME_LEN directly.
> > but if user passed array length lesser than it, sprintf
> > can cause issues of buffer overflow attack.
> >
> > So changing *sprint* and *lookup* APIs in this patch set
> > to have buffer size as an argument and replacing sprintf with
> > scnprintf.
>
> This is still a pretty horrible API. Passing something like
> a struct seq_buf seems like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Christoph Hellwig <hch@infradead.org>
Cc: peterz@infradead.org, linux@rasmusvillemoes.dk,
linux-kernel@vger.kernel.org, paulus@samba.org,
linux-hexagon@vger.kernel.org, agordeev@linux.ibm.com,
will@kernel.org, linux-s390@vger.kernel.org,
daniel.thompson@linaro.org, arnd@arndb.de,
linux-scsi@vger.kernel.org, onkarnath.1@samsung.com,
anil.s.keshavamurthy@intel.com, kartilak@cisco.com,
kgdb-bugreport@lists.sourceforge.net, naveen.n.rao@linux.ibm.com,
longman@redhat.com, borntraeger@linux.ibm.com,
jejb@linux.ibm.com, mhiramat@kernel.org, v.narang@samsung.com,
pmladek@suse.com, satishkh@cisco.com, boqun.feng@gmail.com,
gor@linux.ibm.com, hca@linux.ibm.com, rostedt@goodmis.org,
linux-fsdevel@vger.kernel.org, andriy.shevchenko@linux.intel.com,
mingo@redhat.com, bcain@quicinc.com, martin.petersen@oracle.com,
dianders@chromium.org, sebaddel@cisco.com,
senozhatsky@chromium.org, mcgrof@kernel.org, svens@linux.ibm.com,
jason.wessel@windriver.com,
Maninder Singh <maninder1.s@samsung.com>,
akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org,
davem@davemloft.net, linux-modules@vger.kernel.org
Subject: Re: [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf
Date: Mon, 23 May 2022 12:39:12 -0700 [thread overview]
Message-ID: <202205231238.FAF6D28@keescook> (raw)
In-Reply-To: <YonTOL4zC4CytVrn@infradead.org>
On Sat, May 21, 2022 at 11:07:52PM -0700, Christoph Hellwig wrote:
> On Fri, May 20, 2022 at 02:06:56PM +0530, Maninder Singh wrote:
> > kallsyms functionality depends on KSYM_NAME_LEN directly.
> > but if user passed array length lesser than it, sprintf
> > can cause issues of buffer overflow attack.
> >
> > So changing *sprint* and *lookup* APIs in this patch set
> > to have buffer size as an argument and replacing sprintf with
> > scnprintf.
>
> This is still a pretty horrible API. Passing something like
> a struct seq_buf seems like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
next prev parent reply other threads:[~2022-05-23 19:39 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20220520083715epcas5p400b11adef4d540756c985feb20ba29bc@epcas5p4.samsung.com>
2022-05-20 8:36 ` [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf Maninder Singh
2022-05-20 8:36 ` Maninder Singh
2022-05-20 8:36 ` [PATCH 1/5] kallsyms: pass buffer size in sprint_* APIs Maninder Singh
2022-05-20 8:36 ` Maninder Singh
2022-05-20 19:52 ` Waiman Long
2022-05-20 19:52 ` Waiman Long
2022-05-20 19:52 ` Waiman Long
2022-05-22 9:43 ` Andy Shevchenko
2022-05-22 9:43 ` Andy Shevchenko
2022-05-22 9:43 ` Andy Shevchenko
2022-05-20 8:36 ` [PATCH 2/5] kallsyms: replace sprintf with scnprintf Maninder Singh
2022-05-20 8:36 ` Maninder Singh
[not found] ` <CGME20220520083742epcas5p4fa741caf7079a1305ef99cf00a07054a@epcas5p4.samsung.com>
[not found] ` <20220520083701.2610975-1-maninder1.s-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>
2022-05-20 8:36 ` [PATCH 3/5] arch:hexagon/powerpc: use KSYM_NAME_LEN as array size Maninder Singh
2022-05-20 8:36 ` Maninder Singh
2022-05-20 8:36 ` Maninder Singh
2022-05-20 8:37 ` [PATCH 4/5] kallsyms: pass buffer size argument in *lookup* APIs Maninder Singh
2022-05-20 8:37 ` Maninder Singh
2022-05-20 8:37 ` Maninder Singh
2022-05-20 8:37 ` [PATCH 5/5] kallsyms: remove unsed API lookup_symbol_attrs Maninder Singh
2022-05-20 8:37 ` Maninder Singh
2022-05-22 6:07 ` [PATCH 0/5] kallsyms: make kallsym APIs more safe with scnprintf Christoph Hellwig
2022-05-22 6:07 ` Christoph Hellwig
2022-05-22 6:07 ` Christoph Hellwig
2022-05-23 19:39 ` Kees Cook [this message]
2022-05-23 19:39 ` Kees Cook
2022-05-23 19:39 ` Kees Cook
2022-06-15 8:01 ` Petr Mladek
2022-06-15 8:01 ` Petr Mladek
2022-06-15 8:01 ` Petr Mladek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202205231238.FAF6D28@keescook \
--to=keescook@chromium.org \
--cc=agordeev@linux.ibm.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=anil.s.keshavamurthy@intel.com \
--cc=arnd@arndb.de \
--cc=bcain@quicinc.com \
--cc=benh@kernel.crashing.org \
--cc=boqun.feng@gmail.com \
--cc=borntraeger@linux.ibm.com \
--cc=daniel.thompson@linaro.org \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=hch@infradead.org \
--cc=jejb@linux.ibm.com \
--cc=kartilak@cisco.com \
--cc=kgdb-bugreport@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hexagon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=longman@redhat.com \
--cc=martin.petersen@oracle.com \
--cc=mcgrof@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.ibm.com \
--cc=onkarnath.1@samsung.com \
--cc=paulus@samba.org \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=satishkh@cisco.com \
--cc=sebaddel@cisco.com \
--cc=senozhatsky@chromium.org \
--cc=v.narang@samsung.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.