• Petr Mladek's avatar
    vsprintf: Prevent crash when dereferencing invalid pointers · 3e5903eb
    Petr Mladek authored
    We already prevent crash when dereferencing some obviously broken
    pointers. But the handling is not consistent. Sometimes we print "(null)"
    only for pure NULL pointer, sometimes for pointers in the first
    page and sometimes also for pointers in the last page (error codes).
    
    Note that printk() call this code under logbuf_lock. Any recursive
    printks are redirected to the printk_safe implementation and the messages
    are stored into per-CPU buffers. These buffers might be eventually flushed
    in printk_safe_flush_on_panic() but it is not guaranteed.
    
    This patch adds a check using probe_kernel_read(). It is not a full-proof
    test. But it should help to see the error message in 99% situations where
    the kernel would silently crash otherwise.
    
    Also it makes the error handling unified for "%s" and the many %p*
    specifiers that need to read the data from a given address. We print:
    
       + (null)   when accessing data on pure pure NULL address
       + (efault) when accessing data on an invalid address
    
    It does not affect the %p* specifiers that just print the given address
    in some form, namely %pF, %pf, %pS, %ps, %pB, %pK, %px, and plain %p.
    
    Note that we print (efault) from security reasons. In fact, the real
    address can be seen only by %px or eventually %pK.
    
    Link: http://lkml.kernel.org/r/20190417115350.20479-9-pmladek@suse.com
    To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: "Tobin C . Harding" <me@tobin.cc>
    Cc: Joe Perches <joe@perches.com>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Michal Hocko <mhocko@suse.cz>
    Cc: Steven Rostedt <rostedt@goodmis.org>
    Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
    Cc: linux-kernel@vger.kernel.org
    Reviewed-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
    Reviewed-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
    Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
    3e5903eb
vsprintf.c 78.7 KB