| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <DB7PR08MB3082C27A075C410FE339F308F7D60@DB7PR08MB3082.eurprd08.prod.outlook.com>
Date: Fri, 9 Aug 2019 10:56:04 +0000
From: "Justin He (Arm Technology China)" <Justin.He@....com>
To: Andy Shevchenko <andy.shevchenko@...il.com>
CC: Petr Mladek <pmladek@...e.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Geert Uytterhoeven <geert+renesas@...der.be>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"Steven Rostedt (VMware)" <rostedt@...dmis.org>,
"Kees Cook" <keescook@...omium.org>, Shuah Khan <shuah@...nel.org>,
"Tobin C. Harding" <tobin@...nel.org>
Subject: RE: [PATCH 1/2] vsprintf: Prevent crash when dereferencing invalid
pointers for %pD
> -----Original Message-----
> From: Andy Shevchenko <andy.shevchenko@...il.com>
> Sent: 2019年8月9日 18:52
> To: Justin He (Arm Technology China) <Justin.He@....com>
> Cc: Petr Mladek <pmladek@...e.com>; Andy Shevchenko
> <andriy.shevchenko@...ux.intel.com>; Sergey Senozhatsky
> <sergey.senozhatsky@...il.com>; Geert Uytterhoeven
> <geert+renesas@...der.be>; Linux Kernel Mailing List <linux-
> kernel@...r.kernel.org>; Thomas Gleixner <tglx@...utronix.de>; Steven
> Rostedt (VMware) <rostedt@...dmis.org>; Kees Cook
> <keescook@...omium.org>; Shuah Khan <shuah@...nel.org>; Tobin C.
> Harding <tobin@...nel.org>
> Subject: Re: [PATCH 1/2] vsprintf: Prevent crash when dereferencing invalid
> pointers for %pD
>
> On Fri, Aug 9, 2019 at 4:28 AM Jia He <justin.he@....com> wrote:
> >
> > Commit 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing
> invalid
> > pointers") prevents most crash except for %pD.
> > There is an additional pointer dereferencing before dentry_name.
> >
> > At least, vma->file can be NULL and be passed to printk %pD in
> > print_bad_pte, which can cause crash.
> >
> > This patch fixes it with introducing a new file_dentry_name.
> >
>
> Reviewed-by: Andy Shevchenko <andy.shevchenko@...il.com>
>
> Perhaps you need to add a Fixes tag
Thanks, Andy
Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
Need I reposted v2?
--
Cheers,
Justin (Jia He)
>
> > Signed-off-by: Jia He <justin.he@....com>
> > ---
> > lib/vsprintf.c | 13 ++++++++++---
> > 1 file changed, 10 insertions(+), 3 deletions(-)
> >
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index 63937044c57d..b4a119176fdb 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -869,6 +869,15 @@ char *dentry_name(char *buf, char *end, const
> struct dentry *d, struct printf_sp
> > return widen_string(buf, n, end, spec);
> > }
> >
> > +static noinline_for_stack
> > +char *file_dentry_name(char *buf, char *end, const struct file *f,
> > + struct printf_spec spec, const char *fmt)
> > +{
> > + if (check_pointer(&buf, end, f, spec))
> > + return buf;
> > +
> > + return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
> > +}
> > #ifdef CONFIG_BLOCK
> > static noinline_for_stack
> > char *bdev_name(char *buf, char *end, struct block_device *bdev,
> > @@ -2166,9 +2175,7 @@ char *pointer(const char *fmt, char *buf, char
> *end, void *ptr,
> > case 'C':
> > return clock(buf, end, ptr, spec, fmt);
> > case 'D':
> > - return dentry_name(buf, end,
> > - ((const struct file *)ptr)->f_path.dentry,
> > - spec, fmt);
> > + return file_dentry_name(buf, end, ptr, spec, fmt);
> > #ifdef CONFIG_BLOCK
> > case 'g':
> > return bdev_name(buf, end, ptr, spec, fmt);
> > --
> > 2.17.1
> >
>
>
> --
> With Best Regards,
> Andy Shevchenko
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Powered by blists - more mailing lists