Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf()

From: Kees Cook
Date: Mon Jan 06 2025 - 19:33:08 EST

Next message: Peter Schneider: "Re: [PATCH 6.6 000/222] 6.6.70-rc1 review"
Previous message: Raphaël Gallais-Pou: "Re: [PATCH 0/6] Switch from CONFIG_PM_SLEEP guards to pm_sleep_ptr()"
In reply to: Linus Torvalds: "Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf()"
Next in thread: Sergey Senozhatsky: "Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 06, 2025 at 05:27:22PM -0500, Steven Rostedt wrote:
> From: Steven Rostedt <rostedt@xxxxxxxxxxx>
>
> For extra safety from crashing the kernel, add a
> copy_from_kernel_nofault() in check_pointer_msg(). If it fails to read the
> memory, then return "(efault)".
>
> This isn't full proof, as the length of the pointer being read could
> possibly go into bad memory, but this should catch the majority of errors.
>
> Linus had suggested adding this kind of check[1]. This is a bit different
> than Linus's solution as it utilizes copy_from_kernel_nofault() and doesn't
> require calls to pagefault_disable() and extra labels.
>
> [1] https://lore.kernel.org/all/CAHk-=wh3cUC2a=yJv42HTjDLCp6VM+GTky+q65vV_Q33BeoxAg@xxxxxxxxxxxxxx/
>
> Signed-off-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>

Seems reasonable to me.

Reviewed-by: Kees Cook <kees@xxxxxxxxxx>

-Kees

--
Kees Cook

Next message: Peter Schneider: "Re: [PATCH 6.6 000/222] 6.6.70-rc1 review"
Previous message: Raphaël Gallais-Pou: "Re: [PATCH 0/6] Switch from CONFIG_PM_SLEEP guards to pm_sleep_ptr()"
In reply to: Linus Torvalds: "Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf()"
Next in thread: Sergey Senozhatsky: "Re: [RFC][PATCH] printf: Harden accessing pointer dereference in vsprintf()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]