[v3,1/1] vsprintf: protect kernel from panic due to non-canonical pointer dereference
| Message ID | 20221019193431.2923462-2-jane.chu@oracle.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp501933wrs;
Wed, 19 Oct 2022 12:37:50 -0700 (PDT)
X-Google-Smtp-Source:
AMsMyM7OiJRvQZvDQJacYm+gXcrh8uYm3YeYBHTWIkepFk3DL0ZHGB9PlueGJUnSdYwVvG124cEv
X-Received: by 2002:a05:6402:414f:b0:456:c2c1:23ec with SMTP id
x15-20020a056402414f00b00456c2c123ecmr9202777eda.420.1666208270602;
Wed, 19 Oct 2022 12:37:50 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1666208270; cv=pass;
d=google.com; s=arc-20160816;
b=zuDq6xf6lNtW6WNnK/X/sgo7iAZKNiue3f/WVFuxXcnh300h982VbhcXvgstE+CusJ
PnGKjTbtmbxUh8eUMhr5Item92+RU/evHyCggMTmAVof8xckpXWFo3T5Y+K5tXh/vk4+
FzmRDNVwIeh8dj5AUZ2VQbq48IL1d4monUit59mb4uFlhq2Phe9CMPdmoKByJBCcYpMV
YMn5mrBVJYzvyZad8z9LhqYWyScv0GUmAFOjbeeDNGwPatIMEvEs+VR842CBbemf8qK5
FhsUOuSTsSEZkqzSP4u+Zx/YyfKXyuMIVjCOtPXMnt3CpiZQ4kaf/ED3GxLecMhPnvzD
B5Ag==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:references:in-reply-to:message-id
:date:subject:cc:to:from:dkim-signature:dkim-signature;
bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=;
b=RwVnvXXftapi425HvDMki0uPrd11+Vj5kXgNeGpAIwz6ySAbmsI6DV/dUDakLNUv63
bK8WXTxr8VBTblYKDfRc1qyp276Alp5KSu5m9x94yud7iQhuDfeA7e8dhLZFdYi2z2Tt
+xZxjDx08y79Wh7SjG+uErr2X0FPhiUqMuDYwTa8ZrQ1aY2qv8YZO8h7CSO+lkYL1Iyv
VaTMO82E2TviTN95i15AS9gNQ0oz4PmGPkfIJdGzDvUtbBY+KGg0qXrjgV4gJ/hJ6+Vg
Jsa3q9cQCt2AmBBTIxtJURTed9tL6kG2oyEC8ca5RaiDmHI9rc4ykeeWmxMNhmE3bY20
bwhg==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2022-7-12
header.b=OJsbF+iw;
dkim=pass header.i=@oracle.onmicrosoft.com
header.s=selector2-oracle-onmicrosoft-com header.b=YvduFuYX;
arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass
dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
wu13-20020a170906eecd00b0078db3556bddsi16572740ejb.804.2022.10.19.12.37.25;
Wed, 19 Oct 2022 12:37:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2022-7-12
header.b=OJsbF+iw;
dkim=pass header.i=@oracle.onmicrosoft.com
header.s=selector2-oracle-onmicrosoft-com header.b=YvduFuYX;
arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass
dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229974AbiJSTf1 (ORCPT <rfc822;samuel.l.nystrom@gmail.com>
+ 99 others); Wed, 19 Oct 2022 15:35:27 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57624 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229773AbiJSTfX (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Wed, 19 Oct 2022 15:35:23 -0400
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
[205.220.165.32])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 602F315D086
for <linux-kernel@vger.kernel.org>;
Wed, 19 Oct 2022 12:35:21 -0700 (PDT)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
29JIOU2Q020637;
Wed, 19 Oct 2022 19:35:08 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references : content-type :
mime-version; s=corp-2022-7-12;
bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=;
b=OJsbF+iwum+35fsJAonXblXMhD0KsmPCf2rV1MdFcdR/QXj2EIuRKHcrVJyqfeVzcrJg
AB7weH6aZY/ZfuHGJYSLCvQB7KT/ybTUbMai93W0zh5WU+qanm+/eqzt2VPAzfzUlwn7
gf83lX8INqwleD0dMzvB0NSEG25Rt35oxtHw1CpcxHqGGx711achF6DQBBJC14domtqI
Ku3yc/eHRqPeqqxUS+YRIkK1qJfWUORH4sjkKrpt+U7x/5sG/CxNQNwSyfY294TFG0gG
7UhyKs612QNNqj0QqXf+Iuz6l9jUzkAkg7hcVltyRFjG16bG4EvlTuy/e9q0QIx6wR7P DQ==
Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com
(iadpaimrmta03.appoci.oracle.com [130.35.103.27])
by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3k99ntf9b7-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Wed, 19 Oct 2022 19:35:08 +0000
Received: from pps.filterd
(iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1])
by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com
(8.17.1.5/8.17.1.5) with ESMTP id 29JHo5d9016628;
Wed, 19 Oct 2022 19:35:06 GMT
Received: from nam10-dm6-obe.outbound.protection.outlook.com
(mail-dm6nam10lp2109.outbound.protection.outlook.com [104.47.58.109])
by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with
ESMTPS id 3k8hrc4bfy-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Wed, 19 Oct 2022 19:35:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=GzP/zuSjn12+dbTb/Hc5nPjOIpkB4ku5zo77R71NdxeLv+6qeZRGG5gahbn4Gjs/6Cnbb6hleyZcy1L5am4OGSGpVAcBesjSXV75PGM2a0mbr1dNZ8YyW7X41RSx//Iwvs6LRsgSFXGyl0j4Er9fjkpcMQi5eSNrSy60ICvW0NpPIBDl1stoevnjmh/VeJ5TxjRI37BoRhRXcfCK/TJm6BKsCC3+t5nhnoJJS5adtW8DLcTgtBuMS6odlcQOPNUID8N56v0H0xTmFrz/LnV8K4vqEgkRZc8tjb5OE1CdmFl87Fc8fwizVn6ZwclNcpejUPK2ePYhOncddfO6YyLnuw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=;
b=aylUQiResiIGr+0jOLxA/zBnO6GH1AbqLNPKKBfiqggDb4bX26ei6fMMfWCwxHKxKSg5kZsSzfy7gT8Xr3clVlTQZWEC69FPFsZ2XqQJO3+4Teen8F2J2GD6dycRTn+0yDOwK+fD7pVNIjoUrWYADqNv64Rr9v72VuDOjahk5Jb2UHRRHe+5kSL9LV1zaSTnLePB8sNe5+y35nthuNe8ILbrAeKLXo0i4JbUrpMiq5tGKeOhTifz/2UPHO7GUjfrTU23y5UZR8Pv0i83Txr7KVlv5a1wQGTjMHaDiU+tAxsUDyKKz/O+tsmQfFSDuHYwUV9sSyb+l5tJQ6pf2+IFbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=;
b=YvduFuYXys8xUgpe7uc67bTvhhCpvVhJ9LAplgpJ3qr29/67x2efr0vNOlFPt1FSXupdSiQu1mAO1+gZ9qmXCEzKOWEj0PV4kqgWeF5NVCHB01BjsZkVG0RBT8bozxp3e+/V4SG6F4ntd2Ccw2mEZ9kWcNTth8raebR1rekJJcM=
Received: from SJ0PR10MB4429.namprd10.prod.outlook.com (2603:10b6:a03:2d1::14)
by CH0PR10MB5274.namprd10.prod.outlook.com (2603:10b6:610:dc::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30; Wed, 19 Oct
2022 19:35:05 +0000
Received: from SJ0PR10MB4429.namprd10.prod.outlook.com
([fe80::b281:7552:94f5:4606]) by SJ0PR10MB4429.namprd10.prod.outlook.com
([fe80::b281:7552:94f5:4606%7]) with mapi id 15.20.5723.033; Wed, 19 Oct 2022
19:35:05 +0000
From: Jane Chu <jane.chu@oracle.com>
To: pmladek@suse.com, rostedt@goodmis.org, senozhatsky@chromium.org,
andriy.shevchenko@linux.intel.com, linux@rasmusvillemoes.dk,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Cc: wangkefeng.wang@huawei.com, konrad.wilk@oracle.com,
haakon.bugge@oracle.com, john.haxby@oracle.com, jane.chu@oracle.com
Subject: [PATCH v3 1/1] vsprintf: protect kernel from panic due to
non-canonical pointer dereference
Date: Wed, 19 Oct 2022 13:34:31 -0600
Message-Id: <20221019193431.2923462-2-jane.chu@oracle.com>
X-Mailer: git-send-email 2.18.4
In-Reply-To: <20221019193431.2923462-1-jane.chu@oracle.com>
References: <20221019193431.2923462-1-jane.chu@oracle.com>
Content-Type: text/plain
X-ClientProxiedBy: SA9P223CA0023.NAMP223.PROD.OUTLOOK.COM
(2603:10b6:806:26::28) To SJ0PR10MB4429.namprd10.prod.outlook.com
(2603:10b6:a03:2d1::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SJ0PR10MB4429:EE_|CH0PR10MB5274:EE_
X-MS-Office365-Filtering-Correlation-Id: 4d862e8a-9400-4fa3-f523-08dab20905d0
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
PZidBr9sJyR7v97I7d526OROzk9MKcnPKv/fxdHwVarD8yyxcd3zP55xXetDCZjoXx7e7xCeUJQAT0xR8EH4hdcKGzv1x4Vcb1sBHDf2PgPPZmFjNowAvZPVD38tlxTJFfpwBTi/KdP6HkNTPSwYiNMaUuG3YC5U9fU5QlNJcsWkEfjTha/D0/CpU5B5+oUwR3X+R+7RF8W1/pt0BHz2WTb+JjVeTel3YPX837OQWgmiDoRZGyIANKifdeunB5Ijp2N+PqT2SPT/fGs840bEKWz3WFSro1ib04cYzJGZJFMo2OR2mgCq4A3KLwiQp3ADt/ZBd82KpaZ+k+PvBdvsHVc4Y1ffcEFcR6WaPPMc0dIaapO91pp9Gox0nop7372tIDMoYSZmBYHAHhCXv3w2ceXBH+EaGE1brrwFFOAenSrz8NrJIvGbP+ub2zplpzIawxcfevirucnrkaQoH3MXDtBRiOIDmIca1S7eahHTqZe0tZV0L74ZxrLPIFE5eJxqcirgK8a81buReOBQn0TFwGvteJTV90oHXr9/Ez5+qrnNb3JAYL0FS1X9DFS5G+HEpWdQURjz0gAaa5QQA1rM4P4ynk/6ifh3te8ei/i9E15SAf7cEjT8lt6o4OFNx+9EXbCq7LSpJFquU3DpdEzIuq6+wNmXt6HjNo/bLCG8qdCx6SNILUY3q/XNj1hEAxVuwKOgMF+NNQ5YlDvP1wC+5A==
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR10MB4429.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(376002)(366004)(346002)(136003)(39860400002)(451199015)(38100700002)(478600001)(6486002)(186003)(6506007)(36756003)(4326008)(44832011)(2616005)(316002)(66946007)(107886003)(66556008)(8676002)(6666004)(6512007)(5660300002)(66476007)(1076003)(2906002)(8936002)(86362001)(52116002)(83380400001)(41300700001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
wbjUvIWOsyJ81KPwUKnKtGeaON7G2STTMlkc/AfXVO66iwN4ogisyakK72f+HLyfXy0CGCtWCWW+hbQD+n6K7VCy+w99nOLn0DqZ/lAhkHBr1wTsxwKxA0eyS+mBKehmhyArm0ti4XY6d+wtfCL1rVWSi6IHHYv1f7zNQ94K+8vxB5jIGgfS2x+VhCIaOqjboC+VTsBaGsiHcnqaTcDVmTxvv067zaSU3zjD4op9pkffVPh65kqa0Uz/Fp9YNALdqVKmmJs4/v5A2UutevWS6onToUcOKaUZYXp8i4ytxlTH2D+0D2E1j4edvtF8TY5x29TLUQgGEGdRYaGFYBpiaL1CE2+UQF/vuOYT1T5YRxezdWrLJFfvnAlGMTlMke7R0MJpOJRj+Q+vcAo5RLl1ocEOpD2u5ESDLhItkWZZNG9nlpDC6nKrGtfp2eVPCl/g2ipJvUE0X/X9CBRlQukSORw2zw325bkUwTGJ8HnCu49gkHzQsk7IjleHfEgE6AQeSkXiZFob5k6DOuA0N487TNlPa0ASjyzesiWzIUMHQFv8ffCHju5e1UyA+5rinLfZjRLtMHf4Kx2vFYUcNT4fTjNQWyVNsGRBtEi9yzm957Xe+ZEjxCZxglD5LeEJmaWPyZqgb9T0qv38cx+6gzFTHK2KleSSm8UlJuxvFMwOqB7UVLvhSCa3Ac5i+6KzNNaFNNR174/guWgpXxidRxm2b0oE975wZVUfieMMzofhZkD0gFOIEwvuEzdqLwUdhyyGXdKK/Mf9Q4JGJtilmQ9o+YlbHX5HzqYn2VfIt/XFairsFcIJPj3eMKsPlLxeV+M6zcdAfIfT6rOJ2dpRyUA8Vf7khn6Es5KroIJkDPBZYonPtPgsX83NrZrUJGqne68x8NoADRTCqFXhJnrSwl+EFFgN/Mpn9tsLEsM6Su+EmjwpV4IPRaG7HDToVmkjGDtHG8zXg5rwGToYorJpMh1zbRISh3dyJmWHbADAhJNyUYoYEv67v0JSNUiFcVjFTL3HG/so59RjMDxEnRIrDsgWvC5e38XeSqBPufNO33pqBAPTMgHw72JYi3lvMcrl42vZh5FTzmRw9Q66mn/zJxWDq1cJxDX+Sbu1Jov34utu8cHj3y43sa5z4jL0rOyZ929HQEzI68mZbV4vOUgaAgCtPkJpPitRcvmBYcmfTH0XyHCLGL9rBetQmWp4KYPWB7duXIF2dG7uLX5KN2M3d+kSL/4xb9kdT7a0vAV4oIWGaEFQScgjEBeWNT3ROvlWhqaRN08bNgkT99Hv552mXj2ONnXHxx++zKOCG2jyPBon8lBGTy0df/t8rUzPT4tU1Kz5YOAvUDY3GeOEfklhkUtq1kpEGuyQVXjDXS+bVwRH6ie9bHsn+X0Rex7CG2GAyWfuz4r/P0uKodgOvi0Fy+TvvePpFcoVkPX2tYg580oqZTfn8vq2mZnst9PdHr0OKKmfVU7ZxlkBOulJRWfbZCkds5K23msXpAiY/+OUeIMj+l9/RGwD5yA5nfQMo4tKEn3MYq0iCkKdAoKWISjkAW2p7brwrSthlGyJQVozDgpY6DHXuC2Nti6fQMhmSVJSkMAVF5g2odoSjQzxVw+xpZv11Q==
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
4d862e8a-9400-4fa3-f523-08dab20905d0
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR10MB4429.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2022 19:35:04.9938
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
lmP1rk73RnhmYUMcDAtNUtiZEej3tJZm9coSI4vAjAujOyyMbRbeZmDR4law/BLEtSCcxQ8WkEl6NUsACH3Yug==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR10MB5274
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
definitions=2022-10-19_11,2022-10-19_04,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0
spamscore=0 bulkscore=0
mlxscore=0 phishscore=0 suspectscore=0 adultscore=0 mlxlogscore=999
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000
definitions=main-2210190110
X-Proofpoint-ORIG-GUID: thcmcBxTODlROz6ojSHTKTZ-3d1MEGZ0
X-Proofpoint-GUID: thcmcBxTODlROz6ojSHTKTZ-3d1MEGZ0
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1747146003764828980?=
X-GMAIL-MSGID: =?utf-8?q?1747146003764828980?=
|
| Series |
vsprintf: check non-canonical pointer by kern_addr_valid()
|
|
Commit Message
Jane Chu
Oct. 19, 2022, 7:34 p.m. UTC
Having stepped on a local kernel bug where reading sysfs has led to
out-of-bound pointer dereference by vsprintf() which led to GPF panic.
And the reason for GPF is that the OOB pointer was turned to a
non-canonical address such as 0x7665645f63616465.
vsprintf() already has this line of defense
if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr))
return "(efault)";
Since a non-canonical pointer can be detected by kern_addr_valid()
on architectures that present VM holes as well as meaningful
implementation of kern_addr_valid() that detects the non-canonical
addresses, this patch addes a check on non-canonical string pointer by
kern_addr_valid() and display "(efault)" to alert user that something
is wrong instead of unecessarily panic the server.
On the other hand, if the non-canonical string pointer is dereferenced
else where in the kernel, by virtue of being non-canonical, a crash
is expected to be immediate.
Signed-off-by: Jane Chu <jane.chu@oracle.com>
---
lib/vsprintf.c | 3 +++
1 file changed, 3 insertions(+)
Comments
Hi Jane,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linus/master]
[also build test ERROR on v6.1-rc1]
[cannot apply to next-20221020]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Jane-Chu/vsprintf-check-non-canonical-pointer-by-kern_addr_valid/20221020-103535
patch link: https://lore.kernel.org/r/20221019193431.2923462-2-jane.chu%40oracle.com
patch subject: [PATCH v3 1/1] vsprintf: protect kernel from panic due to non-canonical pointer dereference
config: x86_64-rhel-8.3-func
compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
reproduce (this is a W=1 build):
# https://github.com/intel-lab-lkp/linux/commit/7da79322bb256f65be136ef3ca3d557e42da8ffe
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Jane-Chu/vsprintf-check-non-canonical-pointer-by-kern_addr_valid/20221020-103535
git checkout 7da79322bb256f65be136ef3ca3d557e42da8ffe
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
lib/vsprintf.c: In function 'check_pointer_msg':
>> lib/vsprintf.c:701:14: error: implicit declaration of function 'kern_addr_valid'; did you mean 'virt_addr_valid'? [-Werror=implicit-function-declaration]
701 | if (!kern_addr_valid((unsigned long)ptr))
| ^~~~~~~~~~~~~~~
| virt_addr_valid
lib/vsprintf.c: In function 'va_format':
lib/vsprintf.c:1688:9: warning: function 'va_format' might be a candidate for 'gnu_printf' format attribute [-Wsuggest-attribute=format]
1688 | buf += vsnprintf(buf, end > buf ? end - buf : 0, va_fmt->fmt, va);
| ^~~
cc1: some warnings being treated as errors
vim +701 lib/vsprintf.c
687
688 /*
689 * Do not call any complex external code here. Nested printk()/vsprintf()
690 * might cause infinite loops. Failures might break printk() and would
691 * be hard to debug.
692 */
693 static const char *check_pointer_msg(const void *ptr)
694 {
695 if (!ptr)
696 return "(null)";
697
698 if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr))
699 return "(efault)";
700
> 701 if (!kern_addr_valid((unsigned long)ptr))
702 return "(efault)";
703
704 return NULL;
705 }
706
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index c414a8d9f1ea..b38c12ef1e45 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -698,6 +698,9 @@ static const char *check_pointer_msg(const void *ptr) if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr)) return "(efault)"; + if (!kern_addr_valid((unsigned long)ptr)) + return "(efault)"; + return NULL; }