lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 29 Jun 2016 16:05:22 -0400
From:	Steven Rostedt <rostedt@...dmis.org>
To:	linux-kernel@...r.kernel.org
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Jiri Olsa <jolsa@...nel.org>
Subject: [RFC][PATCH 0/3] vsprintf: Do not dereference pointers in bstr_printf()

vbin_printf() and bstr_printf() are used by trace_printk(), when it is
possible to optimize to copying the binary arguments into the ring buffer
and doing the final conversions at the time of reading the ring buffer.
This is advantageous as it removes computer processing from the executing
of what's being traced, to the reading of the trace at a less critical
time.

The issue is that the way the bprintk() works, as it records pointers
at the time of execution, and then later dereferences those pointers
when the buffer is being read. Things can change between these two events
and bad pointers may be dereferenced.

In stead of just trying to avoid using vbin_printf() when using these
pointers, as there is no use case for using it when dereferencing is
can be an issue, have vbin_printf() and bstr_printf() either save
the dereferenced information in vbin_printf() and print that out without
the need to dereference at bstr_printf(), or simply output an error
message saying that the dereference typo is unsupported.

This will prevent surprises while debugging with trace_printk().

The first patch adds the infrastructure to not support any of the
dereferenced pointers. Then I added two patches to add support of
%pf and %pb. The rest of the dereferenced pointers can be added at
a later time, but I wanted to get people's feel for this change before
going further on it.

Thoughts?

-- Steve



Steven Rostedt (Red Hat) (3):
      vsprintf: Prevent vbin_printf() from using dereferenced pointers
      vsprintf: Add support for %pf and %pF to vbin_printf()
      vsprintf: Add support for %pb and friends to vbin_printf()

----
 lib/vsprintf.c | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 118 insertions(+), 4 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ