summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Mladek <pmladek@suse.com>2019-04-17 13:53:42 +0200
committerPetr Mladek <pmladek@suse.com>2019-04-26 16:19:04 +0200
commit1ac2f9789c4b76ad749870c25ffae0cbcd1f510f (patch)
tree10a66ef497bf3100996fbc09cb6f231f98ac8456
parent6eea242f9bcdf828bb56334d8ee5c7cb466e4bcd (diff)
downloadlinux-1ac2f9789c4b76ad749870c25ffae0cbcd1f510f.tar.bz2
vsprintf: Consistent %pK handling for kptr_restrict == 0
restricted_pointer() pretends that it prints the address when kptr_restrict is set to zero. But it is never called in this situation. Instead, pointer() falls back to ptr_to_id() and hashes the pointer. This patch removes the potential confusion. klp_restrict is checked only in restricted_pointer(). It actually fixes a small race when the address might get printed unhashed: CPU0 CPU1 pointer() if (!kptr_restrict) /* for example set to 2 */ restricted_pointer() /* echo 0 >/proc/sys/kernel/kptr_restrict */ proc_dointvec_minmax_sysadmin() klpr_restrict = 0; switch(kptr_restrict) case 0: break: number() Fixes: ef0010a30935de4e0211 ("vsprintf: don't use 'restricted_pointer()' when not restricting") Link: http://lkml.kernel.org/r/20190417115350.20479-3-pmladek@suse.com To: Andy Shevchenko <andriy.shevchenko@linux.intel.com> To: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Joe Perches <joe@perches.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Cc: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com>
-rw-r--r--lib/vsprintf.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index eb7b4a06e1f0..2af48948a973 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -725,8 +725,8 @@ char *restricted_pointer(char *buf, char *end, const void *ptr,
{
switch (kptr_restrict) {
case 0:
- /* Always print %pK values */
- break;
+ /* Handle as %p, hash and do _not_ leak addresses. */
+ return ptr_to_id(buf, end, ptr, spec);
case 1: {
const struct cred *cred;
@@ -2041,8 +2041,6 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
return buf;
}
case 'K':
- if (!kptr_restrict)
- break;
return restricted_pointer(buf, end, ptr, spec);
case 'N':
return netdev_bits(buf, end, ptr, spec, fmt);