* [PATCH] rcutorture: avoid format string leak to thead name
@ 2014-05-22 18:51 Kees Cook
2014-05-22 19:56 ` Paul E. McKenney
2014-05-22 21:15 ` Josh Triplett
0 siblings, 2 replies; 3+ messages in thread
From: Kees Cook @ 2014-05-22 18:51 UTC (permalink / raw)
To: linux-kernel; +Cc: Paul E. McKenney, Josh Triplett
Since the rcutorture thread creation interface does not include format
string arguments, make sure the name can never be accidentally processed
as a format string.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
kernel/torture.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/torture.c b/kernel/torture.c
index acc9afc2f26e..9dad2ffaf995 100644
--- a/kernel/torture.c
+++ b/kernel/torture.c
@@ -694,7 +694,7 @@ int _torture_create_kthread(int (*fn)(void *arg), void *arg, char *s, char *m,
int ret = 0;
VERBOSE_TOROUT_STRING(m);
- *tp = kthread_run(fn, arg, s);
+ *tp = kthread_run(fn, arg, "%s", s);
if (IS_ERR(*tp)) {
ret = PTR_ERR(*tp);
VERBOSE_TOROUT_ERRSTRING(f);
--
1.7.9.5
--
Kees Cook
Chrome OS Security
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] rcutorture: avoid format string leak to thead name
2014-05-22 18:51 [PATCH] rcutorture: avoid format string leak to thead name Kees Cook
@ 2014-05-22 19:56 ` Paul E. McKenney
2014-05-22 21:15 ` Josh Triplett
1 sibling, 0 replies; 3+ messages in thread
From: Paul E. McKenney @ 2014-05-22 19:56 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-kernel, Josh Triplett
On Thu, May 22, 2014 at 11:51:04AM -0700, Kees Cook wrote:
> Since the rcutorture thread creation interface does not include format
> string arguments, make sure the name can never be accidentally processed
> as a format string.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Queued for 3.17, thank you, Kees!
Thanx, Paul
> ---
> kernel/torture.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/torture.c b/kernel/torture.c
> index acc9afc2f26e..9dad2ffaf995 100644
> --- a/kernel/torture.c
> +++ b/kernel/torture.c
> @@ -694,7 +694,7 @@ int _torture_create_kthread(int (*fn)(void *arg), void *arg, char *s, char *m,
> int ret = 0;
>
> VERBOSE_TOROUT_STRING(m);
> - *tp = kthread_run(fn, arg, s);
> + *tp = kthread_run(fn, arg, "%s", s);
> if (IS_ERR(*tp)) {
> ret = PTR_ERR(*tp);
> VERBOSE_TOROUT_ERRSTRING(f);
> --
> 1.7.9.5
>
>
> --
> Kees Cook
> Chrome OS Security
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] rcutorture: avoid format string leak to thead name
2014-05-22 18:51 [PATCH] rcutorture: avoid format string leak to thead name Kees Cook
2014-05-22 19:56 ` Paul E. McKenney
@ 2014-05-22 21:15 ` Josh Triplett
1 sibling, 0 replies; 3+ messages in thread
From: Josh Triplett @ 2014-05-22 21:15 UTC (permalink / raw)
To: Kees Cook; +Cc: linux-kernel, Paul E. McKenney
On Thu, May 22, 2014 at 11:51:04AM -0700, Kees Cook wrote:
> Since the rcutorture thread creation interface does not include format
> string arguments, make sure the name can never be accidentally processed
> as a format string.
>
> Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
> kernel/torture.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/torture.c b/kernel/torture.c
> index acc9afc2f26e..9dad2ffaf995 100644
> --- a/kernel/torture.c
> +++ b/kernel/torture.c
> @@ -694,7 +694,7 @@ int _torture_create_kthread(int (*fn)(void *arg), void *arg, char *s, char *m,
> int ret = 0;
>
> VERBOSE_TOROUT_STRING(m);
> - *tp = kthread_run(fn, arg, s);
> + *tp = kthread_run(fn, arg, "%s", s);
> if (IS_ERR(*tp)) {
> ret = PTR_ERR(*tp);
> VERBOSE_TOROUT_ERRSTRING(f);
> --
> 1.7.9.5
>
>
> --
> Kees Cook
> Chrome OS Security
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-05-22 21:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-22 18:51 [PATCH] rcutorture: avoid format string leak to thead name Kees Cook
2014-05-22 19:56 ` Paul E. McKenney
2014-05-22 21:15 ` Josh Triplett
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).