| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Apr 2017 07:37:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Julius Werner <jwerner@...omium.org>
Cc: linux-kernel@...r.kernel.org,
Thierry Escande <thierry.escande@...labora.com>,
Dmitry Torokhov <dtor@...omium.org>,
Aaron Durbin <adurbin@...omium.org>
Subject: Re: [PATCH v2 2/3] firmware: google: memconsole: Escape unprintable
characters
On Fri, Apr 28, 2017 at 01:42:24PM -0700, Julius Werner wrote:
> Recent improvements in coreboot's memory console allow it to contain
> logs from more than one boot as long as the information persists in
> memory. Since trying to persist a memory buffer across reboots often
> doesn't quite work perfectly it is now more likely for random bit flips
> to occur in the console. With the current implementation this can lead
> to stray control characters that cause weird effects for the most common
> use cases (such as just dumping the console with 'cat').
>
> This patch changes the memconsole driver to replace unprintable
> characters with '?' by default. It also adds a new /sys/firmware/rawlog
> node next to the existing /sys/firmware/log for use cases where it's
> desired to read the raw characters.
Again, you are doing multiple things here. Break it up.
And, can userspace handle this change? You are now changing the format
of the existing file.
> Signed-off-by: Julius Werner <jwerner@...omium.org>
> ---
> drivers/firmware/google/memconsole.c | 32 +++++++++++++++++++++++++++-----
> 1 file changed, 27 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c
> index 166f07c68c02..807fcd4f7f85 100644
> --- a/drivers/firmware/google/memconsole.c
> +++ b/drivers/firmware/google/memconsole.c
> @@ -15,6 +15,7 @@
> * GNU General Public License for more details.
> */
>
> +#include <linux/ctype.h>
> #include <linux/init.h>
> #include <linux/sysfs.h>
> #include <linux/kobject.h>
> @@ -24,7 +25,7 @@
>
> static ssize_t (*memconsole_read_func)(char *, loff_t, size_t);
>
> -static ssize_t memconsole_read(struct file *filp, struct kobject *kobp,
> +static ssize_t memconsole_read_raw(struct file *filp, struct kobject *kobp,
> struct bin_attribute *bin_attr, char *buf,
> loff_t pos, size_t count)
> {
> @@ -33,9 +34,28 @@ static ssize_t memconsole_read(struct file *filp, struct kobject *kobp,
> return memconsole_read_func(buf, pos, count);
> }
>
> -static struct bin_attribute memconsole_bin_attr = {
> +static ssize_t memconsole_read_log(struct file *filp, struct kobject *kobp,
> + struct bin_attribute *bin_attr, char *buf,
> + loff_t pos, size_t count)
> +{
> + ssize_t i;
> + ssize_t rv = memconsole_read_raw(filp, kobp, bin_attr, buf, pos, count);
> +
> + if (rv > 0)
> + for (i = 0; i < rv; i++)
> + if (!isprint(buf[i]) && !isspace(buf[i]))
> + buf[i] = '?';
> + return rv;
> +}
> +
> +/* Memconsoles may be much longer than 4K, so need to use binary attributes. */
> +static struct bin_attribute memconsole_log_attr = {
> .attr = {.name = "log", .mode = 0444},
> - .read = memconsole_read,
> + .read = memconsole_read_log,
> +};
> +static struct bin_attribute memconsole_raw_attr = {
> + .attr = {.name = "rawlog", .mode = 0444},
> + .read = memconsole_read_raw,
> };
>
> void memconsole_setup(ssize_t (*read_func)(char *, loff_t, size_t))
> @@ -46,13 +66,15 @@ EXPORT_SYMBOL(memconsole_setup);
>
> int memconsole_sysfs_init(void)
> {
> - return sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
> + return sysfs_create_bin_file(firmware_kobj, &memconsole_log_attr) ||
> + sysfs_create_bin_file(firmware_kobj, &memconsole_raw_attr);
While it is really rare, please do this properly and create one file,
and then the other, and provide proper error handling here (i.e. if the
second fails, remove the first).
thanks,
greg k-h
Powered by blists - more mailing lists