Received: by 10.223.185.116 with SMTP id b49csp3590094wrg; Tue, 6 Mar 2018 01:26:32 -0800 (PST) X-Google-Smtp-Source: AG47ELuFv9xMOv/A9JnxAFuSKvF5kL9fjY18tRB9/6YeoGtC314eP5fdFgpgqBA7Zf3Bdg0C/LfU X-Received: by 2002:a17:902:8bc2:: with SMTP id r2-v6mr16039041plo.213.1520328392575; Tue, 06 Mar 2018 01:26:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520328392; cv=none; d=google.com; s=arc-20160816; b=tpPHlxHqqxvz+srkSXuOvqZ9zdyPJCv9FBH/t5COZguUQkiyBP1dqli9XtnCBDb2Ze vIaV5ig0hyDLKlZu4lajNnaxIk/atJGi6wt82DQ7V8x0bqAmFQ/Veo1p/pcIz5SJ5mF3 JSlDKSAlq3/2rRitoFslZMpN/7iGkh71/gAhRBcp6KuvP5gVIwixWa57bJ3lm3cHuu6w d2mcuRjMHtHJvM3bMU241AmVjJf3XQ3XlPOOTRFgGSXTujYi54YwLdglCa3OXCmtp0T1 wHQPwSWLy2fg8zUBaJ3+TjtFIKjOHWLZ3IJTnZHC7XlfLnxgBdyolpRlpKOsT2T/GCIQ bH1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=UJesXWleShHKJqkCTjghODuVCuFIY1xdveIMK7epBO0=; b=BQEbNzfluCphQnhXiMDqeYKF1+w2DAoGVlUU2qObJrJ4GQoH7I4UsHLqFkM4YZGQPX rq27jqzMMUmnwv2+rkncm8jIraasTjhEVJYa6Nu17IcvSN3R9kLydIk4SOD4MStjkBoU KXFa2vP7UGlCoIiSxtZ3ZvZkB4DeFRVIW8QbyM+8UZPorPHXaE0e/2EsaQc6wnLkRaDn 2Uv2QJVx7BasXqj8vkcht07yvSctojQq3EM3VaTsNbOqRr6jTtNlTHfXfIzyJYC3SCs6 wEp7bquAcSZvmtDw9HbfBSEzj0QPhiQ/TbjxzCc+jmJucf0vuuhjksJdIgv/mbj0HOkO AtjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si9559052pga.372.2018.03.06.01.26.18; Tue, 06 Mar 2018 01:26:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751113AbeCFJZU (ORCPT + 99 others); Tue, 6 Mar 2018 04:25:20 -0500 Received: from mx2.suse.de ([195.135.220.15]:46521 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750836AbeCFJZR (ORCPT ); Tue, 6 Mar 2018 04:25:17 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id B4E04ACBD; Tue, 6 Mar 2018 09:25:14 +0000 (UTC) Date: Tue, 6 Mar 2018 10:25:13 +0100 From: Petr Mladek To: Rasmus Villemoes Cc: Andy Shevchenko , "Tobin C . Harding" , Joe Perches , linux-kernel@vger.kernel.org, Andrew Morton , Michal Hocko Subject: Re: [PATCH] vsprintf: Make "null" pointer dereference more robust Message-ID: <20180306092513.ibodfsnv4xrxdlub@pathway.suse.cz> References: <20180216210711.79901-1-andriy.shevchenko@linux.intel.com> <20180216210711.79901-8-andriy.shevchenko@linux.intel.com> <20180227155047.o74ohmoyj56up6pa@pathway.suse.cz> <1519752950.10722.231.camel@linux.intel.com> <20180228100437.o4juwxbzomkqjvjx@pathway.suse.cz> <1519814544.10722.266.camel@linux.intel.com> <20180302125118.bjd3tbuu72vgfczo@pathway.suse.cz> <20180302125359.szbin2kznxvoq7sc@pathway.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon 2018-03-05 16:16:37, Rasmus Villemoes wrote: > On 2 March 2018 at 13:53, Petr Mladek wrote: > > %p has many modifiers where the pointer is dereferenced. An invalid > > pointer might cause kernel to crash silently. > > > > Note that printk() formats the string under logbuf_lock. Any recursive > > printks are redirected to the printk_safe implementation and the messages > > are stored into per-CPU buffers. These buffers might be eventually flushed > > in printk_safe_flush_on_panic() but it is not guaranteed. > > Yeah, it's annoying that we can't reliably WARN for bogus vsprintf() uses. > > > In general, we should do our best to get useful message from printk(). > > All pointers to the first memory page must be invalid. Let's prevent > > the dereference and print "(null)" in this case. This is already done > > in many other situations, including "%s" format handling and many > > page fault handlers. > > > > Signed-off-by: Petr Mladek > > --- > > lib/vsprintf.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > > index d7a708f82559..5c2d1f44218a 100644 > > --- a/lib/vsprintf.c > > +++ b/lib/vsprintf.c > > @@ -1849,7 +1849,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, > > { > > const int default_width = 2 * sizeof(void *); > > > > - if (!ptr && *fmt != 'K' && *fmt != 'x') { > > + if ((unsigned long)ptr < PAGE_SIZE && *fmt != 'K' && *fmt != 'x') { > > ISTM that accidentally passing an ERR_PTR would be just as likely as > passing a NULL pointer (or some small offset from one), so if we do > this, shouldn't the test also cover IS_ERR values? It would make perfect sense to catch IS_ERR_PTR(). Derefenrecing such pointer cause crash. But it might be pretty confusing to print "(null)" in this case. I would handle this in separate patch and print "(err)" or so. Any volunteer to prepare the patch? Best Regards, Petr