From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
"Wedson Almeida Filho" <wedsonaf@gmail.com>,
"Domen Puncer Kugler" <domen.puncerkugler@nccgroup.com>,
"Miguel Ojeda" <ojeda@kernel.org>,
"Boqun Feng" <boqun.feng@gmail.com>,
"Gary Guo" <gary@garyguo.net>,
"Björn Roy Baron" <bjorn3_gh@protonmail.com>,
"Vincenzo Palazzo" <vincenzopalazzodev@gmail.com>
Subject: [PATCH 6.1 27/28] rust: print: avoid evaluating arguments in `pr_*` macros in `unsafe` blocks
Date: Fri, 3 Feb 2023 11:13:15 +0100 [thread overview]
Message-ID: <20230203101011.104115185@linuxfoundation.org> (raw)
In-Reply-To: <20230203101009.946745030@linuxfoundation.org>
From: Miguel Ojeda <ojeda@kernel.org>
commit 6618d69aa129a8fc613e64775d5019524c6f231b upstream.
At the moment it is possible to perform unsafe operations in
the arguments of `pr_*` macros since they are evaluated inside
an `unsafe` block:
let x = &10u32 as *const u32;
pr_info!("{}", *x);
In other words, this is a soundness issue.
Fix it so that it requires an explicit `unsafe` block.
Reported-by: Wedson Almeida Filho <wedsonaf@gmail.com>
Reported-by: Domen Puncer Kugler <domen.puncerkugler@nccgroup.com>
Link: https://github.com/Rust-for-Linux/linux/issues/479
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
Reviewed-by: Boqun Feng <boqun.feng@gmail.com>
Reviewed-by: Gary Guo <gary@garyguo.net>
Reviewed-by: Björn Roy Baron <bjorn3_gh@protonmail.com>
Reviewed-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
rust/kernel/print.rs | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
--- a/rust/kernel/print.rs
+++ b/rust/kernel/print.rs
@@ -115,17 +115,24 @@ pub unsafe fn call_printk(
macro_rules! print_macro (
// The non-continuation cases (most of them, e.g. `INFO`).
($format_string:path, $($arg:tt)+) => (
- // SAFETY: This hidden macro should only be called by the documented
- // printing macros which ensure the format string is one of the fixed
- // ones. All `__LOG_PREFIX`s are null-terminated as they are generated
- // by the `module!` proc macro or fixed values defined in a kernel
- // crate.
- unsafe {
- $crate::print::call_printk(
- &$format_string,
- crate::__LOG_PREFIX,
- format_args!($($arg)+),
- );
+ // To remain sound, `arg`s must be expanded outside the `unsafe` block.
+ // Typically one would use a `let` binding for that; however, `format_args!`
+ // takes borrows on the arguments, but does not extend the scope of temporaries.
+ // Therefore, a `match` expression is used to keep them around, since
+ // the scrutinee is kept until the end of the `match`.
+ match format_args!($($arg)+) {
+ // SAFETY: This hidden macro should only be called by the documented
+ // printing macros which ensure the format string is one of the fixed
+ // ones. All `__LOG_PREFIX`s are null-terminated as they are generated
+ // by the `module!` proc macro or fixed values defined in a kernel
+ // crate.
+ args => unsafe {
+ $crate::print::call_printk(
+ &$format_string,
+ crate::__LOG_PREFIX,
+ args,
+ );
+ }
}
);
);
next prev parent reply other threads:[~2023-02-03 10:23 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-03 10:12 [PATCH 6.1 00/28] 6.1.10-rc1 review Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 01/28] ARM: dts: imx: Fix pca9547 i2c-mux node name Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 02/28] ARM: dts: vf610: Fix pca9548 i2c-mux node names Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 03/28] arm64: dts: freescale: Fix pca954x " Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 04/28] arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 05/28] firmware: arm_scmi: Clear stale xfer->hdr.status Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 06/28] bpf: Skip task with pid=1 in send_signal_common() Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 07/28] erofs/zmap.c: Fix incorrect offset calculation Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 08/28] mac80211: Fix MLO address translation for multiple bss case Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 09/28] arm64: dts: msm8994-angler: fix the memory map Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 10/28] ARM: omap1: fix building gpio15xx Greg Kroah-Hartman
2023-02-03 10:12 ` [PATCH 6.1 11/28] kselftest: Fix error message for unconfigured LLVM builds Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 12/28] erofs: clean up parsing of fscache related options Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 13/28] blk-cgroup: fix missing pd_online_fn() while activating policy Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 14/28] LoongArch: Get frame info in unwind_start() when regs is not available Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 15/28] ACPI: video: Add backlight=native DMI quirk for Acer Aspire 4810T Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 16/28] block: fix hctx checks for batch allocation Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 17/28] s390: workaround invalid gcc-11 out of bounds read warning Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 18/28] HID: uclogic: Add support for XP-PEN Deco 01 V2 Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 19/28] HID: playstation: sanity check DualSense calibration data Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 20/28] dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 21/28] gpiolib: acpi: Allow ignoring wake capability on pins that arent in _AEI Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 22/28] cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 23/28] nvme-apple: only reset the controller when RTKit is running Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 24/28] gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xRU Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 25/28] gpiolib-acpi: Dont set GPIOs for wakeup in S3 mode Greg Kroah-Hartman
2023-02-03 10:13 ` [PATCH 6.1 26/28] net: fix NULL pointer in skb_segment_list Greg Kroah-Hartman
2023-02-03 10:13 ` Greg Kroah-Hartman [this message]
2023-02-03 10:13 ` [PATCH 6.1 28/28] net: mctp: purge receive queues on sk destruction Greg Kroah-Hartman
2023-02-03 13:58 ` [PATCH 6.1 00/28] 6.1.10-rc1 review ogasawara takeshi
2023-02-03 18:02 ` Justin Forbes
2023-02-03 20:16 ` Florian Fainelli
2023-02-03 22:34 ` Ron Economos
2023-02-04 0:49 ` Shuah Khan
2023-02-04 1:51 ` Guenter Roeck
2023-02-04 3:28 ` Bagas Sanjaya
2023-02-04 7:25 ` Naresh Kamboju
2023-02-05 19:51 ` Nathan Chancellor
2023-02-06 14:12 ` Naresh Kamboju
2023-02-04 7:27 ` Fenil Jain
2023-02-04 23:45 ` Rudi Heitbaum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230203101011.104115185@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=bjorn3_gh@protonmail.com \
--cc=boqun.feng@gmail.com \
--cc=domen.puncerkugler@nccgroup.com \
--cc=gary@garyguo.net \
--cc=ojeda@kernel.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
--cc=vincenzopalazzodev@gmail.com \
--cc=wedsonaf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).