| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 May 2021 11:14:29 +0200
From: Petr Mladek <pmladek@...e.com>
To: Justin He <Justin.He@....com>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Jonathan Corbet <corbet@....net>,
Alexander Viro <viro@...iv.linux.org.uk>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Al Viro <viro@....linux.org.uk>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ibm.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
"Peter Zijlstra (Intel)" <peterz@...radead.org>,
Ira Weiny <ira.weiny@...el.com>,
Eric Biggers <ebiggers@...gle.com>, nd <nd@....com>,
"Ahmed S. Darwish" <a.darwish@...utronix.de>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-s390@...r.kernel.org" <linux-s390@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>
Subject: Re: [PATCH RFC 2/3] lib/vsprintf.c: make %pD print full path for file
On Thu 2021-05-27 07:20:55, Justin He wrote:
> > > @@ -923,10 +924,17 @@ static noinline_for_stack
> > > char *file_dentry_name(char *buf, char *end, const struct file *f,
> > > struct printf_spec spec, const char *fmt)
> > > {
> > > + const struct path *path = &f->f_path;
> >
> > This dereferences @f before it is checked by check_pointer().
> >
> > > + char *p;
> > > + char tmp[128];
> > > +
> > > if (check_pointer(&buf, end, f, spec))
> > > return buf;
> > >
> > > - return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
> > > + p = d_path_fast(path, (char *)tmp, 128);
> > > + buf = string(buf, end, p, spec);
> >
> > Is 128 a limit of the path or just a compromise, please?
> >
> > d_path_fast() limits the size of the buffer so we could use @buf
> > directly. We basically need to imitate what string_nocheck() does:
> >
> > + the length is limited by min(spec.precision, end-buf);
> > + the string need to get shifted by widen_string()
> >
> > We already do similar thing in dentry_name(). It might look like:
> >
> > char *file_dentry_name(char *buf, char *end, const struct file *f,
> > struct printf_spec spec, const char *fmt)
> > {
> > const struct path *path;
> > int lim, len;
> > char *p;
> >
> > if (check_pointer(&buf, end, f, spec))
> > return buf;
> >
> > path = &f->f_path;
> > if (check_pointer(&buf, end, path, spec))
> > return buf;
> >
> > lim = min(spec.precision, end - buf);
> > p = d_path_fast(path, buf, lim);
>
> After further think about it, I prefer to choose pass stack space instead of _buf_.
>
> vsnprintf() should return the size it requires after formatting the string.
> vprintk_store() will invoke 1st vsnprintf() will 8 bytes to get the reserve_size.
> Then invoke 2nd printk_sprint()->vscnprintf()->vsnprintf() to fill the space.
>
> Hence end-buf is <0 in the 1st vsnprintf case.
Grr, you are right, I have completely missed this. I felt that there
must had been a catch but I did not see it.
> If I call d_path_fast(path, buf, lim) with _buf_ instead of stack space, the
> logic in prepend_name should be changed a lot.
>
> What do you think of it?
I wonder if vsprintf() could pass a bigger static buffer
when (str >= end). I would be safe if the dentry API only writes
to the buffer and does not depend on reading what has already
been written there. Then it will not matter that it is shared
between more vsprintf() callers.
It is a dirty hack. I do not have a good feeling about it. Of course,
a better solution would be when some dentry API just returns
the required size in this case.
Anyway, the buffer on stack would be more safe. It looks like a good
compromise. We could always improve it when it is not good enough in
the real life.
Best Regards,
Petr
Powered by blists - more mailing lists