lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 31 May 2021 11:40:34 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     Rasmus Villemoes <linux@...musvillemoes.dk>,
        Justin He <Justin.He@....com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <senozhatsky@...omium.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Jonathan Corbet <corbet@....net>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Luca Coelho <luciano.coelho@...el.com>,
        Kalle Valo <kvalo@...eaurora.org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Johannes Berg <johannes.berg@...el.com>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-wireless@...r.kernel.org" <linux-wireless@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-s390@...r.kernel.org" <linux-s390@...r.kernel.org>
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for
 file

On Sun 2021-05-30 16:18:23, Matthew Wilcox wrote:
> On Fri, May 28, 2021 at 10:06:37PM +0200, Rasmus Villemoes wrote:
> > On 28/05/2021 16.22, Justin He wrote:
> > > 
> > >> From: Matthew Wilcox <willy@...radead.org>
> > 
> > >> How is it "safer"?  You already have a buffer passed from the caller.
> > >> Are you saying that d_path_fast() might overrun a really small buffer
> > >> but won't overrun a 256 byte buffer?
> > > No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
> > > dectected in extract_string() with "-ENAMETOOLONG".
> > > 
> > > Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.>
> > > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
> > > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.
> > 
> > Please do not assume that printk is the only user of vsnprintf() or the
> > only one that would use a given %p<foo> extension.
> > 
> > Also, is it clear that nothing can change underneath you in between two
> > calls to vsnprintf()? IOW, is it certain that the path will fit upon a
> > second call using the size returned from the first?
> 
> No, but that's also true of %s.  I think vprintk_store() is foolish to
> do it this way.

Just for record. vprintk_store() is foolish here by intention.
It avoids the need of static per-CPU X per-context buffers
and it is simple.

I believe that it should be good enough in practice. Any race here
would make the result racy anyway.

Of course, we might need to reconsider it if there are real life
problems with this approach.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ