| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202501061632.76CF72FC@keescook> Date: Mon, 6 Jan 2025 16:33:00 -0800 From: Kees Cook <kees@...nel.org> To: Steven Rostedt <rostedt@...dmis.org> Cc: LKML <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Petr Mladek <pmladek@...e.com>, Andy Shevchenko <andriy.shevchenko@...ux.intel.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Sergey Senozhatsky <senozhatsky@...omium.org> Subject: Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf() On Mon, Jan 06, 2025 at 05:27:22PM -0500, Steven Rostedt wrote: > From: Steven Rostedt <rostedt@...dmis.org> > > For extra safety from crashing the kernel, add a > copy_from_kernel_nofault() in check_pointer_msg(). If it fails to read the > memory, then return "(efault)". > > This isn't full proof, as the length of the pointer being read could > possibly go into bad memory, but this should catch the majority of errors. > > Linus had suggested adding this kind of check[1]. This is a bit different > than Linus's solution as it utilizes copy_from_kernel_nofault() and doesn't > require calls to pagefault_disable() and extra labels. > > [1] https://lore.kernel.org/all/CAHk-=wh3cUC2a=yJv42HTjDLCp6VM+GTky+q65vV_Q33BeoxAg@mail.gmail.com/ > > Signed-off-by: Steven Rostedt (Google) <rostedt@...dmis.org> Seems reasonable to me. Reviewed-by: Kees Cook <kees@...nel.org> -Kees -- Kees Cook
Powered by blists - more mailing lists