| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Sep 2021 19:24:45 +0800
From: Guo Zhi <qtxuning1999@...u.edu.cn>
To: Kees Cook <keescook@...omium.org>, Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Guo Zhi <qtxuning1999@...u.edu.cn>, linux-kernel@...r.kernel.org
Subject: [PATCH] dirvers/lkdtm: Fix kernel pointer leak
Pointers should be printed with %p rather than %px
which printed kernel pointer directly.
Change %px to %p to print the secured pointer.
Signed-off-by: Guo Zhi <qtxuning1999@...u.edu.cn>
---
drivers/misc/lkdtm/perms.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c
index 2dede2ef658f..ceff8668877a 100644
--- a/drivers/misc/lkdtm/perms.c
+++ b/drivers/misc/lkdtm/perms.c
@@ -47,7 +47,7 @@ static noinline void execute_location(void *dst, bool write)
{
void (*func)(void) = dst;
- pr_info("attempting ok execution at %px\n", do_nothing);
+ pr_info("attempting ok execution at %p\n", do_nothing);
do_nothing();
if (write == CODE_WRITE) {
@@ -55,7 +55,7 @@ static noinline void execute_location(void *dst, bool write)
flush_icache_range((unsigned long)dst,
(unsigned long)dst + EXEC_SIZE);
}
- pr_info("attempting bad execution at %px\n", func);
+ pr_info("attempting bad execution at %p\n", func);
func();
pr_err("FAIL: func returned\n");
}
@@ -67,14 +67,14 @@ static void execute_user_location(void *dst)
/* Intentionally crossing kernel/user memory boundary. */
void (*func)(void) = dst;
- pr_info("attempting ok execution at %px\n", do_nothing);
+ pr_info("attempting ok execution at %p\n", do_nothing);
do_nothing();
copied = access_process_vm(current, (unsigned long)dst, do_nothing,
EXEC_SIZE, FOLL_WRITE);
if (copied < EXEC_SIZE)
return;
- pr_info("attempting bad execution at %px\n", func);
+ pr_info("attempting bad execution at %p\n", func);
func();
pr_err("FAIL: func returned\n");
}
@@ -84,7 +84,7 @@ void lkdtm_WRITE_RO(void)
/* Explicitly cast away "const" for the test and make volatile. */
volatile unsigned long *ptr = (unsigned long *)&rodata;
- pr_info("attempting bad rodata write at %px\n", ptr);
+ pr_info("attempting bad rodata write at %p\n", ptr);
*ptr ^= 0xabcd1234;
pr_err("FAIL: survived bad write\n");
}
@@ -103,7 +103,7 @@ void lkdtm_WRITE_RO_AFTER_INIT(void)
return;
}
- pr_info("attempting bad ro_after_init write at %px\n", ptr);
+ pr_info("attempting bad ro_after_init write at %p\n", ptr);
*ptr ^= 0xabcd1234;
pr_err("FAIL: survived bad write\n");
}
@@ -116,7 +116,7 @@ void lkdtm_WRITE_KERN(void)
size = (unsigned long)do_overwritten - (unsigned long)do_nothing;
ptr = (unsigned char *)do_overwritten;
- pr_info("attempting bad %zu byte write at %px\n", size, ptr);
+ pr_info("attempting bad %zu byte write at %p\n", size, ptr);
memcpy((void *)ptr, (unsigned char *)do_nothing, size);
flush_icache_range((unsigned long)ptr, (unsigned long)(ptr + size));
pr_err("FAIL: survived bad write\n");
@@ -195,12 +195,12 @@ void lkdtm_ACCESS_USERSPACE(void)
ptr = (unsigned long *)user_addr;
- pr_info("attempting bad read at %px\n", ptr);
+ pr_info("attempting bad read at %p\n", ptr);
tmp = *ptr;
tmp += 0xc0dec0de;
pr_err("FAIL: survived bad read\n");
- pr_info("attempting bad write at %px\n", ptr);
+ pr_info("attempting bad write at %p\n", ptr);
*ptr = tmp;
pr_err("FAIL: survived bad write\n");
@@ -212,12 +212,12 @@ void lkdtm_ACCESS_NULL(void)
unsigned long tmp;
volatile unsigned long *ptr = (unsigned long *)NULL;
- pr_info("attempting bad read at %px\n", ptr);
+ pr_info("attempting bad read at %p\n", ptr);
tmp = *ptr;
tmp += 0xc0dec0de;
pr_err("FAIL: survived bad read\n");
- pr_info("attempting bad write at %px\n", ptr);
+ pr_info("attempting bad write at %p\n", ptr);
*ptr = tmp;
pr_err("FAIL: survived bad write\n");
}
--
2.33.0
Powered by blists - more mailing lists