Re: [PATCH v4 01/11] liveupdate: Safely print untrusted strings
From: Mike Rapoport
Date: Wed Apr 15 2026 - 11:23:30 EST
On Mon, Apr 13, 2026 at 06:51:17PM +0000, Pasha Tatashin wrote:
> Deserialized strings from KHO data (such as file handler compatible
> strings and session names) are provided by the previous kernel and
> might not be null-terminated if the data is corrupted.
>
> When printing these strings in error messages, use the %.*s format
> specifier with the maximum buffer size to prevent out-of-bounds reads
> into adjacent kernel memory.
>
> Signed-off-by: Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>
> Reviewed-by: Pratyush Yadav (Google) <pratyush@xxxxxxxxxx>
Reviewed-by: Mike Rapoport (Microsoft) <rppt@xxxxxxxxxx>
> ---
> kernel/liveupdate/luo_file.c | 3 ++-
> kernel/liveupdate/luo_session.c | 3 ++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c
> index 09103cf81107..8fcf302c73b6 100644
> --- a/kernel/liveupdate/luo_file.c
> +++ b/kernel/liveupdate/luo_file.c
> @@ -813,7 +813,8 @@ int luo_file_deserialize(struct luo_file_set *file_set,
> }
>
> if (!handler_found) {
> - pr_warn("No registered handler for compatible '%s'\n",
> + pr_warn("No registered handler for compatible '%.*s'\n",
> + (int)sizeof(file_ser[i].compatible),
> file_ser[i].compatible);
> return -ENOENT;
> }
> diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_session.c
> index 25ae704d7787..8c76dece679b 100644
> --- a/kernel/liveupdate/luo_session.c
> +++ b/kernel/liveupdate/luo_session.c
> @@ -544,7 +544,8 @@ int luo_session_deserialize(void)
>
> session = luo_session_alloc(sh->ser[i].name);
> if (IS_ERR(session)) {
> - pr_warn("Failed to allocate session [%s] during deserialization %pe\n",
> + pr_warn("Failed to allocate session [%.*s] during deserialization %pe\n",
> + (int)sizeof(sh->ser[i].name),
> sh->ser[i].name, session);
> return PTR_ERR(session);
> }
> --
> 2.43.0
>
--
Sincerely yours,
Mike.