From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C6AB39BFFB for ; Tue, 31 Mar 2026 09:50:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774950655; cv=none; b=AS63tXQxL+sTG4+McOMo+n4W//6fZjDimb8D4zOVp9WoKaTzm7Vi5LafKVB11Awea0CCg8x9PvBi6a7ZMR2Ip6XiRlrxWBxZ9uFLWy55eKzRwD128qmkmV71g9u+hZPsLTp78EqvHFd/m1PHH+513OrTOew6dUEqZXgg47of+Ac= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774950655; c=relaxed/simple; bh=iW5cYp4tpvQvWv1eWidkzQPspDciK0ndjT3ylVIbj8g=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=Y8XCOtx7SmaYwb/4sbzD6fnVOmMM7uWB5e52/JG6SeMPmK1Clr/fp6UxZgcBuJUnq6BQ0EfIwZhHKLav+vCwyIn0J1KgnnRU4txvmuSoaL6Iu47tosGulmD+ixH7y0IHO8g1EbOGEoNVT196mRWBo07td5k0GN1hWxJrnMi11Cw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=u6Ps/L9J; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="u6Ps/L9J" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78B1EC2BCB0; Tue, 31 Mar 2026 09:50:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1774950655; bh=iW5cYp4tpvQvWv1eWidkzQPspDciK0ndjT3ylVIbj8g=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=u6Ps/L9J6YYbUx34Wm+ui0TMF3DfzjAf5+Sb8dAJdUHRXOFqhlfTBrVVdIJgbJ50G TMx+1rwt4gUXcFnQWQWbptj+A6Z8g9mWpbwNiYeu9HFGffhS/En9zzxgyH34eKwN3v zgpLp1x3EfTl3r1UOMIexnZf9Tq0ay86diB02hFkO78x3y4viFw+Hesq5DgAmBe3kS 02QUIqkDO2QMei9P09YzCWU4PQbyDNwg1A3ptnySeIFaC2V+u3p6BgG//lg27AJLG0 k0gAp4gOxV9DL378oDQva4CBcPmZ4irkeD7gTanVifXOWRJuS90qQusT5v+EDAZ8IS jaoYBMubVeDjQ== From: Pratyush Yadav To: Pasha Tatashin Cc: rppt@kernel.org, akpm@linux-foundation.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, dmatlack@google.com, pratyush@kernel.org, skhawaja@google.com Subject: Re: [PATCH v3 01/10] liveupdate: Safely print untrusted strings In-Reply-To: <20260327033335.696621-2-pasha.tatashin@soleen.com> (Pasha Tatashin's message of "Fri, 27 Mar 2026 03:33:25 +0000") References: <20260327033335.696621-1-pasha.tatashin@soleen.com> <20260327033335.696621-2-pasha.tatashin@soleen.com> Date: Tue, 31 Mar 2026 09:50:51 +0000 Message-ID: <2vxzikaciays.fsf@kernel.org> User-Agent: Gnus/5.13 (Gnus v5.13) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain On Fri, Mar 27 2026, Pasha Tatashin wrote: > Deserialized strings from KHO data (such as file handler compatible > strings and session names) are provided by the previous kernel and > might not be null-terminated if the data is corrupted or maliciously > crafted. Nit: KHO has absolutely no way to defend against maliciously crafted data. If the previous kernel is malicious, why would it try to play around with session strings when it can directly manipulate the serialization data structures and the memory they point to? There would be no way to detect or defend against those. I don't think KHO should even try to defend against malicious data. It should only care about corrupted data and bugs in the previous kernel. The only real way to safeguard against malicious kernels is to have some sort of chain of trust mechanism like kernel signing. That is of course out of scope for KHO. So please, if you do a v4, drop the "or maliciously crafted". The patch itself LGTM. Reviewed-by: Pratyush Yadav (Google) > > When printing these strings in error messages, use the %.*s format > specifier with the maximum buffer size to prevent out-of-bounds reads > into adjacent kernel memory. > > Signed-off-by: Pasha Tatashin [...] -- Regards, Pratyush Yadav