lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Apr 2018 16:10:57 +0200 From: Petr Mladek <pmladek@...e.com> To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Rasmus Villemoes <linux@...musvillemoes.dk> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "Tobin C . Harding" <me@...in.cc>, Joe Perches <joe@...ches.com>, Andrew Morton <akpm@...ux-foundation.org>, Michal Hocko <mhocko@...e.cz>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, Steven Rostedt <rostedt@...dmis.org>, Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v5 00/11] vsprintf: Prevent silent crashes and consolidate error handling On Wed 2018-04-25 13:12:40, Petr Mladek wrote: > Crash in vsprintf() might be silent when it happens under logbuf_lock > in vprintk_emit(). This patch set prevents most of the crashes by probing > the address. The check is done only by %s and some %p* specifiers that need > to dereference the address. > > Only the first byte of the address is checked to keep it simple. It should > be enough to catch most problems. > > The check is explicitly done in each function that does the dereference. > It helps to avoid the questionable strchr() of affected specifiers. This > change motivated me to do some preparation patches that consolidated > the error handling and cleaned the code a bit. > > I did my best to address the feedback. Note that there is still the > (efault) error message. But it is accompanied with WARN() when > panic_on_warn is not enabled. I hope that it makes it more acceptable. > > > Changes against v4: > > + rebased on top of > git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk.git for-4.18 > + Added missing conts into ptr_to_ind() in a separate patch > + Renamed __string to valid_string() > + Avoid WARN() for invalid poimter specifiers > + Removed noinline_for_stack where it was not really useful > + WARN() when accessing invalid non-NULL address Thanks a lot everyone for feedback. I'll incorporate it into v6. It might take some time. BTW: I also got report from 0day robot about that the size of vmlinux increased by 545 bytes in i386-tinyconfig. I guess that it is mainly because all the copies of if (!valid_pointer_access(&buf, end, bdev, spec)) return buf; got inlined. I guess that I would need to address it somehow as well. Best Regards, Petr
Powered by blists - more mailing lists