[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180315130612.4b4cd091@vmware.local.home>
Date: Thu, 15 Mar 2018 13:06:12 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Rasmus Villemoes <linux@...musvillemoes.dk>
Cc: Petr Mladek <pmladek@...e.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
"Tobin C . Harding" <me@...in.cc>, Joe Perches <joe@...ches.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Michal Hocko <mhocko@...e.cz>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
Subject: Re: [PATCH v3] vsprintf: Prevent crash when dereferencing invalid
pointers
On Wed, 14 Mar 2018 23:12:36 +0100
Rasmus Villemoes <linux@...musvillemoes.dk> wrote:
> Question: probe_kernel_read seems to allow (mapped) userspace addresses.
> Is that really what we want? Sure, some %p* just format the pointed-to
> bytes directly (as an IP address or raw hex dump or whatnot), but some
> (e.g. %pD, and %pV could be particularly fun) do another dereference.
> I'm not saying it would be easy for an attacker to get a userpointer
> passed to %pV, but there's a lot of places that end up calling vsnprintf
> (not just printk and friends). Isn't there some cheap address comparison
> one can do to rule that out completely?
We allow it today right? Why should we stop it now. For debugging I
will sometimes add printk()s to write out content in userspace. Since
the kernel maps all memory in its own space, there's nothing we are
protecting by not letting the kernel read userspace but be OK letting
it read anything in kernel space.
-- Steve
Powered by blists - more mailing lists