Re: [PATCH 00/14] Fix wrong %pF and %pS printk format specifier usages

From: Sergey Senozhatsky
Date: Thu Sep 07 2017 - 04:35:03 EST


On (09/07/17 16:56), Sergey Senozhatsky wrote:
[..]
> BTW, are we sure we can crash? when attempt to deference IP from
> the given descriptor? shall we handle page fault in this case and
> do something sane? just asking.

I don't know... does the below code make any sense?

quick and dirty. NOT TESTED at all (not even compile tested).
we can avoid extra probe_kernel_address() on anything that is
not ia64, ppc64, etc.

basically it checks that it's safe to access ptr (we can access it
without page fault in __dereference_function_descriptor()). then
we do ptr->ip, and also check if it's safe, but in
dereference_function_descriptor().

I suppose somethign like

pr_err("%pF\n", 1);

can crash ia64, etc. correct?


well. not tested.

---

lib/vsprintf.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 86c3385b9eb3..0dc39b95e1d9 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1593,6 +1593,16 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,

int kptr_restrict __read_mostly;

+static void *__dereference_function_descriptor(void *ptr)
+{
+ void *p;
+
+ if (!probe_kernel_address(ptr, p))
+ return dereference_function_descriptor(ptr);
+
+ return ptr;
+}
+
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
* by an extra set of alphanumeric characters that are extended format
@@ -1723,7 +1733,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
switch (*fmt) {
case 'F':
case 'f':
- ptr = dereference_function_descriptor(ptr);
+ ptr = __dereference_function_descriptor(ptr);
/* Fallthrough */
case 'S':
case 's':