lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180426012805.GA3282@jagdpanzerIV>
Date:   Thu, 26 Apr 2018 10:28:05 +0900
From:   Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>
To:     Petr Mladek <pmladek@...e.com>
Cc:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "Tobin C . Harding" <me@...in.cc>, Joe Perches <joe@...ches.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Michal Hocko <mhocko@...e.cz>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 10/11] vsprintf: WARN() on invalid pointer access

On (04/25/18 13:12), Petr Mladek wrote:
[..]
>   /*
>    * This is not a fool-proof test. 99% of the time that this will fault is
>    * due to a bad pointer, not one that crosses into bad memory. Just test
> @@ -623,8 +626,12 @@ static const char *check_pointer_access(const void *ptr)
>  	if (!ptr)
>  		return "(null)";
>  
> -	if (probe_kernel_address(ptr, byte))
> +	/* Prevent silent crashes when called in printk_safe context. */
> +	if (probe_kernel_address(ptr, byte)) {
> +		WARN(!panic_on_warn && !test_printf_pointer_access,
> +		     "vsprintf: invalid pointer address\n");
>  		return "(efault)";
> +	}

Can we have a rate-limited print out here? Or may be even a WARN_ONCE()?
Yes, printk()-s from check_pointer_access() are OK, printk_safe() helps us,
but at the same time every single invalid pointer access printk()-message
will log_store() WARN() extra entries. Theoretically, this can harm. What
do you think?

	-ss

Powered by blists - more mailing lists