Re: [PATCH] vsprintf: Make "null" pointer dereference more robust

From: Petr Mladek
Date: Thu Mar 29 2018 - 11:13:17 EST


On Fri 2018-03-02 16:17:34, Andy Shevchenko wrote:
> On Fri, 2018-03-02 at 13:53 +0100, Petr Mladek wrote:
> > %p has many modifiers where the pointer is dereferenced. An invalid
> > pointer might cause kernel to crash silently.
> >
> > Note that printk() formats the string under logbuf_lock. Any recursive
> > printks are redirected to the printk_safe implementation and the
> > messages
> > are stored into per-CPU buffers. These buffers might be eventually
> > flushed
> > in printk_safe_flush_on_panic() but it is not guaranteed.
> >
> > In general, we should do our best to get useful message from printk().
> > All pointers to the first memory page must be invalid. Let's prevent
> > the dereference and print "(null)" in this case. This is already done
> > in many other situations, including "%s" format handling and many
> > page fault handlers.
> >
>
>
> With such explanation it makes at least clear for the reader why it's
> done.
>
> Thanks!
>
> Would you be okay if I take this one as a first in my series and
> resubmit the series based on it?

The original simple patch grew into something bigger. I have it
almost ready. It looks the following way at the moment:

vsprintf: Shuffle ptr_to_id() code
vsprintf: Consistent %pK handling for kptr_restrict == 0
vsprintf: Do not check address of well-known strings
vsprintf: Consolidate handling of unknown pointer specifiers
vsprintf: Factor out %p[iI] handler as ip_addr_string()
vsprintf: Factor out %pV handler as va_format()
vsprintf: Factor out %pO handler as kobject_string()
vsprintf: Prevent crash when dereferencing invalid pointers
vsprintf: Avoid confusion between invalid address and value

Documentation/core-api/printk-formats.rst | 8 +
lib/test_printf.c | 37 ++-
lib/vsprintf.c | 445 ++++++++++++++++++------------
3 files changed, 307 insertions(+), 183 deletions(-)

I still would like to do some final review and check with a fresh
head after Easter holidays.


Now, I am unsure how to merge it with your patchset. Most of your
patches are independent and should be applied. But there will be
some merge conflicts.

On possibility would be that I take your still valid changes via
printk.git. Then you would even need not send anything. I could
resolve the conflicts when applying the patches.

Or would you prefer to resend your patchset without the controversal
check removal? And wait for my patchset?

Best Regards,
Petr