Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage

From: Joe Perches
Date: Mon Feb 13 2017 - 15:15:03 EST

Next message: Arnd Bergmann: "Re: [PATCH V5 3/4] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN"
Previous message: Linus Torvalds: "Re: [tip:locking/core] refcount_t: Introduce a special purpose refcount type"
In reply to: Roberts, William C: "RE: [PATCH] checkpatch: add warning on %pk instead of %pK usage"
Next in thread: Joe Perches: "Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(resending including cc's)

On Mon, 2017-02-13 at 19:46 +0000, Roberts, William C wrote:
> > -----Original Message-----
> > From: Joe Perches [mailto:joe@xxxxxxxxxxx]
> > Sent: Friday, February 10, 2017 7:24 PM
> > To: Roberts, William C <william.c.roberts@xxxxxxxxx>; linux-
> > kernel@xxxxxxxxxxxxxxx; apw@xxxxxxxxxxxxx
> > Cc: kernel-hardening@xxxxxxxxxxxxxxxxxx
> > Subject: Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage
> >
> > On Sat, 2017-02-11 at 01:32 +0000, Roberts, William C wrote:
> > > <snip>
> > > > > By "normal" I'm referring to things that call into pointer(), just
> > > > > casually looking I see bstr_printf vsnprintf kvasprintf, which
> > > > > would be easy enough to add
> > > > >
> > > > > > What do you think is missing? sn?printf ? That's easy to add.
> > > > >
> > > > > The problem starts to get hairy when we think of how often folks
> > > > > roll their own logging macros (see some small sampling at the end).
> > > > >
> > > > > I think we would want to add DEBUG DBG and sn?printf and maybe
> > > > > consider dropping the \b on the regex so it's a bit more matchy
> > > > > but still shouldn't end up matching on any ASM as you pointed out in the V2
> >
> > nack.
> > > > >
> > > > > Ill break this down into:
> > > > > 1. the patch as I know you'll take it, as you wrote it :-P 2.
> > > > > Adding to the logging macros 3. exploring making it less matchy
> > >
> > > -Kees and Andrew they likely don't care about the rest of this...
> > >
> > > I have been working up a regex (I suck at these) to match C functions
> > > that have an invalid %p format string and take arguments:
> > > http://www.regexr.com/3f92k
> > >
> > > This could be a way to get better coverage in a more generic approach,
> >
> > thoughts?
> >
> > Maybe this: (attached too because Evolution is a bad email client)
> >
> > It's still kind of hacky, but it does find multiple line statements like:
> >
> > + printf(KERN_INFO
> > + "a %pX",
> > + foo);
> >
>
> I downloaded your checkpatch.pl patch wouldn't apply for some reason... I applied it by hand and
> couldn't get it to trigger on either the case you show above or below:
>
> + MY_DEBUG(drv->foo,
> + "%pk",
> + foo->boo);
> +
>
> > ---
> > Subject: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p
> > extensions
> >
> > %pK was at least once misused at %pk in an out-of-tree module.
> > This lead to some security concerns. Add the ability to track single and multiple
> > line statements for misuses of %p.
> >
> > Signed-off-by: Joe Perches
> > ---
> > scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++
> > 1 file changed, 26 insertions(+)
> >
> > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index
> > ad5ea5c545b2..0eaf6b8580d6 100755
> > --- a/scripts/checkpatch.pl
> > +++ b/scripts/checkpatch.pl
> > @@ -5676,6 +5676,32 @@ sub process {
> > }
> > }
> >
> > + # check for vsprintf extension %p misuses
> > + if ($^V && $^V ge 5.10.0 &&
> > + defined $stat &&
> > + $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
> > + $1 !~ /^_*volatile_*$/) {
> > + my $bad_extension = "";
> > + my $lc = $stat =~ tr@\n@@;
> > + $lc = $lc + $linenr;
> > + for (my $count = $linenr; $count <= $lc; $count++) {
> > + my $fmt = get_quoted_string($lines[$count - 1],
> > raw_line($count, 0));
> > + $fmt =~ s/%%//g;
> > + if ($fmt =~
> > /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {
> > + $bad_extension = $1;
> > + last;
> > + }
> > + }
> > + if ($bad_extension ne "") {
> > + my $stat_real = raw_line($linenr, 0);
> > + for (my $count = $linenr + 1; $count <= $lc;
> > $count++) {
> > + $stat_real = $stat_real . "\n" .
> > raw_line($count, 0);
> > + }
> > + WARN("VSPRINTF_POINTER_EXTENSION",
> > + "Invalid vsprintf pointer extension
> > '$bad_extension'\n" . "$here\n$stat_real\n");
> > + }
> > + }
> > +
> > # Check for misused memsets
> > if ($^V && $^V ge 5.10.0 &&
> > defined $stat &&
> > --
>
> Mixed tabs/spaces issues. But I like the concept of matching across multiple lines. My tree was set to:
>
> commit 7089db84e356562f8ba737c29e472cc42d530dbc
> Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Date: Sun Feb 12 13:03:20 2017 -0800
>
> Linux 4.10-rc8
>
> $ git apply --check ~/Downloads/0001-checkpatch-Add-ability-to-find-bad-uses-of-vsprintf-.patch
> error: patch failed: scripts/checkpatch.pl:5676
> error: scripts/checkpatch.pl: patch does not apply
>

No worries.
No idea why it doesn't work for you.
Maybe the hand applying was somehow
faulty?

The attached is on top of -next so it does have offsets
on Linus' tree, but it seems to work.

(on -linux)

$ patch -p1 < cp_vsp.diff
patching file scripts/checkpatch.pl
Hunk #1 succeeded at 5634 (offset -36 lines).

$ cat t_block.c
{
MY_DEBUG(drv->foo,
"%pk",
foo->boo);
}
$ ./scripts/checkpatch.pl -f t_block.c
WARNING: Invalid vsprintf pointer extension '%pk'
#2: FILE: t_block.c:2:
+ MY_DEBUG(drv->foo,
+ "%pk",
+ foo->boo);

total: 0 errors, 1 warnings, 5 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
mechanically convert to the typical style using --fix or --fix-inplace.

t_block.c has style problems, please review.

NOTE: If any of the errors are false positives, please report
them to the maintainer, see CHECKPATCH in MAINTAINERS.
scripts/checkpatch.pl | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)

diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl
index 8e96af53611c..4cb90d5f04ce 100755
--- a/scripts/checkpatch.pl
+++ b/scripts/checkpatch.pl
@@ -5670,6 +5670,32 @@ sub process {
}
}

+ # check for vsprintf extension %p<foo> misuses
+ if ($^V && $^V ge 5.10.0 &&
+ defined $stat &&
+ $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&
+ $1 !~ /^_*volatile_*$/) {
+ my $bad_extension = "";
+ my $lc = $stat =~ tr@\n@@;
+ $lc = $lc + $linenr;
+ for (my $count = $linenr; $count <= $lc; $count++) {
+ my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
+ $fmt =~ s/%%//g;
+ if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {
+ $bad_extension = $1;
+ last;
+ }
+ }
+ if ($bad_extension ne "") {
+ my $stat_real = raw_line($linenr, 0);
+ for (my $count = $linenr + 1; $count <= $lc; $count++) {
+ $stat_real = $stat_real . "\n" . raw_line($count, 0);
+ }
+ WARN("VSPRINTF_POINTER_EXTENSION",
+ "Invalid vsprintf pointer extension '$bad_extension'\n" . "$here\n$stat_real\n");
+ }
+ }
+
# Check for misused memsets
if ($^V && $^V ge 5.10.0 &&
defined $stat &&

Next message: Arnd Bergmann: "Re: [PATCH V5 3/4] Move stack parameters for sed_ioctl to prevent oversized stack with CONFIG_KASAN"
Previous message: Linus Torvalds: "Re: [tip:locking/core] refcount_t: Introduce a special purpose refcount type"
In reply to: Roberts, William C: "RE: [PATCH] checkpatch: add warning on %pk instead of %pK usage"
Next in thread: Joe Perches: "Re: [PATCH] checkpatch: add warning on %pk instead of %pK usage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]