lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Fri, 15 Oct 2021 15:36:17 +0800
From:   Guo Zhi <qtxuning1999@...u.edu.cn>
To:     Mike Christie <michael.christie@...cle.com>,
        Ulrich Windl <Ulrich.Windl@...uni-regensburg.de>,
        jejb@...ux.ibm.com, martin.petersen@...cle.com,
        Chris Leech <cleech@...hat.com>, Lee Duncan <lduncan@...e.com>
Cc:     open-iscsi <open-iscsi@...glegroups.com>,
        linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org
Subject: Re: Antw: [EXT] Re: [PATCH] scsi scsi_transport_iscsi.c: fix misuse
 of %llu in scsi_transport_iscsi.c

On 2021/10/11 23:29, Mike Christie wrote:
> On 10/11/21 1:35 AM, Ulrich Windl wrote:
>>>>> Joe Perches <joe@...ches.com> schrieb am 09.10.2021 um 05:14 in Nachricht
>> <5daf69b365e23ceecee911c4d0f2f66a0b9ec95c.camel@...ches.com>:
>>> On Sat, 2021-10-09 at 11:02 +0800, Guo Zhi wrote:
>>>> Pointers should be printed with %p or %px rather than
>>>> cast to (unsigned long long) and printed with %llu.
>>>> Change %llu to %p to print the pointer into sysfs.
>>> ][]
>>>> diff --git a/drivers/scsi/scsi_transport_iscsi.c
>>> b/drivers/scsi/scsi_transport_iscsi.c
>>> []
>>>> @@ -129,8 +129,8 @@ show_transport_handle(struct device *dev, struct
>>> device_attribute *attr,
>>>>   
>>>>
>>>>   	if (!capable(CAP_SYS_ADMIN))
>>>>   		return -EACCES;
>>>> -	return sysfs_emit(buf, "%llu\n",
>>>> -		  (unsigned long long)iscsi_handle(priv->iscsi_transport));
>>>> +	return sysfs_emit(buf, "%p\n",
>>>> +		iscsi_ptr(priv->iscsi_transport));
>>> iscsi_transport is a pointer isn't it?
>>>
>>> so why not just
>>>
>>> 	return sysfs_emit(buf, "%p\n", priv->iscsi_transport);
>> Isn't the difference that %p outputs hex, while %u outputs decimal?
>>
> Yeah, I think this patch will break userspace, because it doesn't know it's
> a pointer. It could be doing:
>
> sscanf(str, "%llu", &val);
>
> The value is just later passed back to the kernel to look up a driver in
> iscsi_if_transport_lookup:
>
>          list_for_each_entry(priv, &iscsi_transports, list) {
>                  if (tt == priv->iscsi_transport) {
>
> so we could just replace priv->transport with an int and use an ida to assign
> the value.

Taking security into consideration, We should not print kernel pointer 
into sysfs.

However if this is a special pointer to lookup a driver,  It's really 
tricky for me to fix it,

as I don't have a scsi device to test my code.


Guo


Powered by blists - more mailing lists