Received: by 10.213.65.68 with SMTP id h4csp80903imn; Thu, 15 Mar 2018 10:08:19 -0700 (PDT) X-Google-Smtp-Source: AG47ELuvGiLl28lOUN1w3rwDPN8lqQRG1/DceXqa3jFsAOnFyjZdkbkXG80NMoBL7vfgfsgdUh6H X-Received: by 2002:a17:902:8d8b:: with SMTP id v11-v6mr9097647plo.33.1521133699595; Thu, 15 Mar 2018 10:08:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521133699; cv=none; d=google.com; s=arc-20160816; b=lRX9GGeRWIutYJwcxAkbB1d2xG8snoK/+IQ0G1p6zfwoTxPY8oiriXjt9V7FPmf0z+ dmEKvtdRbgDwE2htbNXL37BWpdqDpw7lwZ5lubaBFwBZCV+AvuLU/QKrC+GcEgJZf3l6 7chk8qL+4cPpao+FIjGFD5XNwgKIoaJLCoMlz8pNTgtgvMSZRIFtkv3surP9Kr3Apxml 0V8/YaUnNE9Fp8HXE35KXr3ir0T3Bb29IMMbUlx+AkMubt2lY1VJs4OUOx94Z5kmoADk O71f74QbaLBFqjPl6ETkOAM16PSM3By6xh/JzOw+ryNIJ0+41JnU37yHUeVCCmpnp3mt KHbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dmarc-filter:arc-authentication-results; bh=ZWLOMYinK0Xt4okX8OtPS1rBxVdFhDCgK8MSW/J7734=; b=PKjA7ZYVE1rqfxBbVXAjD8YhyUZyvS/aSt2pWV1G0cmxadcuJA30MePe08LvQvql+N nC/Fad6t0HOCBXvCqqBBhTlUKM7gX+al7DX45BbEWeqKND7j2CxyZpAG1d7OddORpCGC Db/5asgvKCbAR2PidPwIf+9JSxWGIcSvm9BTsgaIQWN4NiCwesgB3CDtBbuD7dMlJv3c N0xaWC5TYSiydqCI58cbUz3/ycOXijIt6TGSJ1Vv/xiMv9ACckpi7h1Fqgo3/WLAd+Bz LofCW0HI1zZW+bB4vVPN747RChqILl4vxIXXil8SGWQlvq6259eFARAfy779n1yQANBM fiSA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z22si4049680pfa.4.2018.03.15.10.08.01; Thu, 15 Mar 2018 10:08:19 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751466AbeCORG1 (ORCPT + 99 others); Thu, 15 Mar 2018 13:06:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:44890 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751829AbeCORGP (ORCPT ); Thu, 15 Mar 2018 13:06:15 -0400 Received: from vmware.local.home (ip-64-134-136-2.public.wayport.net [64.134.136.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 649E620855; Thu, 15 Mar 2018 17:06:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 649E620855 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=goodmis.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=rostedt@goodmis.org Date: Thu, 15 Mar 2018 13:06:12 -0400 From: Steven Rostedt To: Rasmus Villemoes Cc: Petr Mladek , Linus Torvalds , Andy Shevchenko , "Tobin C . Harding" , Joe Perches , Linux Kernel Mailing List , Andrew Morton , Michal Hocko , Sergey Senozhatsky , Sergey Senozhatsky Subject: Re: [PATCH v3] vsprintf: Prevent crash when dereferencing invalid pointers Message-ID: <20180315130612.4b4cd091@vmware.local.home> In-Reply-To: <0c52c2f1-60d8-bb8a-80f2-c699d47659d3@rasmusvillemoes.dk> References: <20180306092513.ibodfsnv4xrxdlub@pathway.suse.cz> <1520330185.10722.401.camel@linux.intel.com> <20180307155244.b45c3fb5vcxb4q2l@pathway.suse.cz> <20180308141824.bfk2pr6wmjh4ytdi@pathway.suse.cz> <20180309150153.3sxbbpd6jdn2d5yy@pathway.suse.cz> <20180314140947.rs3b6i5gguzzu5wi@pathway.suse.cz> <0c52c2f1-60d8-bb8a-80f2-c699d47659d3@rasmusvillemoes.dk> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 14 Mar 2018 23:12:36 +0100 Rasmus Villemoes wrote: > Question: probe_kernel_read seems to allow (mapped) userspace addresses. > Is that really what we want? Sure, some %p* just format the pointed-to > bytes directly (as an IP address or raw hex dump or whatnot), but some > (e.g. %pD, and %pV could be particularly fun) do another dereference. > I'm not saying it would be easy for an attacker to get a userpointer > passed to %pV, but there's a lot of places that end up calling vsnprintf > (not just printk and friends). Isn't there some cheap address comparison > one can do to rule that out completely? We allow it today right? Why should we stop it now. For debugging I will sometimes add printk()s to write out content in userspace. Since the kernel maps all memory in its own space, there's nothing we are protecting by not letting the kernel read userspace but be OK letting it read anything in kernel space. -- Steve