From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754802AbdIGIe7 (ORCPT ); Thu, 7 Sep 2017 04:34:59 -0400 Received: from mail-pf0-f193.google.com ([209.85.192.193]:37161 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753826AbdIGIe6 (ORCPT ); Thu, 7 Sep 2017 04:34:58 -0400 X-Google-Smtp-Source: ADKCNb7T24erckdexhfOv5wcXrAeKJWE/GqdPiK4RZDJmQ3Fh1wJw0Q0+QNLQw4lCIsWDgTwgyd5JQ== Date: Thu, 7 Sep 2017 17:32:07 +0900 From: Sergey Senozhatsky To: Sergey Senozhatsky Cc: Helge Deller , linux-kernel@vger.kernel.org, Sergey Senozhatsky , Petr Mladek , Andrew Morton Subject: Re: [PATCH 00/14] Fix wrong %pF and %pS printk format specifier usages Message-ID: <20170907083207.GC533@jagdpanzerIV.localdomain> References: <1504729681-3504-1-git-send-email-deller@gmx.de> <20170907004522.GA3885@jagdpanzerIV.localdomain> <8b93f9ca-95f6-4e40-1cc8-d1a65833abff@gmx.de> <20170907075653.GA533@jagdpanzerIV.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170907075653.GA533@jagdpanzerIV.localdomain> User-Agent: Mutt/1.9.0 (2017-09-02) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On (09/07/17 16:56), Sergey Senozhatsky wrote: [..] > BTW, are we sure we can crash? when attempt to deference IP from > the given descriptor? shall we handle page fault in this case and > do something sane? just asking. I don't know... does the below code make any sense? quick and dirty. NOT TESTED at all (not even compile tested). we can avoid extra probe_kernel_address() on anything that is not ia64, ppc64, etc. basically it checks that it's safe to access ptr (we can access it without page fault in __dereference_function_descriptor()). then we do ptr->ip, and also check if it's safe, but in dereference_function_descriptor(). I suppose somethign like pr_err("%pF\n", 1); can crash ia64, etc. correct? well. not tested. --- lib/vsprintf.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 86c3385b9eb3..0dc39b95e1d9 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -1593,6 +1593,16 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, int kptr_restrict __read_mostly; +static void *__dereference_function_descriptor(void *ptr) +{ + void *p; + + if (!probe_kernel_address(ptr, p)) + return dereference_function_descriptor(ptr); + + return ptr; +} + /* * Show a '%p' thing. A kernel extension is that the '%p' is followed * by an extra set of alphanumeric characters that are extended format @@ -1723,7 +1733,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, switch (*fmt) { case 'F': case 'f': - ptr = dereference_function_descriptor(ptr); + ptr = __dereference_function_descriptor(ptr); /* Fallthrough */ case 'S': case 's':