From: Jane Chu <jane.chu@oracle.com>
To: pmladek@suse.com, rostedt@goodmis.org, senozhatsky@chromium.org,
andriy.shevchenko@linux.intel.com, linux@rasmusvillemoes.dk,
linux-kernel@vger.kernel.org
Cc: jane.chu@oracle.com
Subject: [PATCH] vsprintf: protect kernel from panic due to non-canonical pointer dereference
Date: Mon, 17 Oct 2022 13:16:11 -0600 [thread overview]
Message-ID: <20221017191611.2577466-1-jane.chu@oracle.com> (raw)
While debugging a separate issue, it was found that an invalid string
pointer could very well contain a non-canical address, such as
0x7665645f63616465. In that case, this line of defense isn't enough
to protect the kernel from crashing due to general protection fault
if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr))
return "(efault)";
So instead, use kern_addr_valid() to validate the string pointer.
Signed-off-by: Jane Chu <jane.chu@oracle.com>
---
lib/vsprintf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index c414a8d9f1ea..2e8a9efc7c12 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -695,7 +695,7 @@ static const char *check_pointer_msg(const void *ptr)
if (!ptr)
return "(null)";
- if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr))
+ if (!kern_addr_valid((unsigned long)ptr))
return "(efault)";
return NULL;
--
2.18.4
next reply other threads:[~2022-10-17 19:16 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-17 19:16 Jane Chu [this message]
2022-10-17 19:25 ` [PATCH] vsprintf: protect kernel from panic due to non-canonical pointer dereference Andy Shevchenko
2022-10-17 19:31 ` Jane Chu
2022-10-18 12:45 ` Petr Mladek
2022-10-18 18:56 ` Jane Chu
2022-10-18 19:28 ` Randy Dunlap
2022-10-18 19:58 ` Jane Chu
2022-10-18 20:07 ` Andy Shevchenko
2022-10-18 20:30 ` Jane Chu
2022-10-18 20:49 ` Andy Shevchenko
2022-10-19 10:43 ` Haakon Bugge
2022-10-19 11:25 ` Andy Shevchenko
2022-10-19 18:36 ` Jane Chu
2022-10-19 19:26 ` Andy Shevchenko
2022-10-19 20:16 ` Jane Chu
2022-10-20 7:44 ` Petr Mladek
2022-10-20 9:18 ` Petr Mladek
2022-10-20 13:57 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221017191611.2577466-1-jane.chu@oracle.com \
--to=jane.chu@oracle.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.