Commit 36594b31 authored by Jia He's avatar Jia He Committed by Petr Mladek

vsprintf: Prevent crash when dereferencing invalid pointers for %pD

Commit 3e5903eb ("vsprintf: Prevent crash when dereferencing invalid
pointers") prevents most crash except for %pD.
There is an additional pointer dereferencing before dentry_name.

At least, vma->file can be NULL and be passed to printk %pD in
print_bad_pte, which can cause crash.

This patch fixes it with introducing a new file_dentry_name.

Link: http://lkml.kernel.org/r/20190809012457.56685-1-justin.he@arm.com
Fixes: 3e5903eb ("vsprintf: Prevent crash when dereferencing invalid pointers")
To: Geert Uytterhoeven <geert+renesas@glider.be>
To: Thomas Gleixner <tglx@linutronix.de>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>
Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: "Tobin C. Harding" <tobin@kernel.org>
Signed-off-by: default avatarJia He <justin.he@arm.com>
Reviewed-by: default avatarAndy Shevchenko <andy.shevchenko@gmail.com>
Reviewed-by: default avatarSergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: default avatarPetr Mladek <pmladek@suse.com>
parent 7011b7e1
...@@ -869,6 +869,15 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp ...@@ -869,6 +869,15 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp
return widen_string(buf, n, end, spec); return widen_string(buf, n, end, spec);
} }
static noinline_for_stack
char *file_dentry_name(char *buf, char *end, const struct file *f,
struct printf_spec spec, const char *fmt)
{
if (check_pointer(&buf, end, f, spec))
return buf;
return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
}
#ifdef CONFIG_BLOCK #ifdef CONFIG_BLOCK
static noinline_for_stack static noinline_for_stack
char *bdev_name(char *buf, char *end, struct block_device *bdev, char *bdev_name(char *buf, char *end, struct block_device *bdev,
...@@ -2166,9 +2175,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, ...@@ -2166,9 +2175,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
case 'C': case 'C':
return clock(buf, end, ptr, spec, fmt); return clock(buf, end, ptr, spec, fmt);
case 'D': case 'D':
return dentry_name(buf, end, return file_dentry_name(buf, end, ptr, spec, fmt);
((const struct file *)ptr)->f_path.dentry,
spec, fmt);
#ifdef CONFIG_BLOCK #ifdef CONFIG_BLOCK
case 'g': case 'g':
return bdev_name(buf, end, ptr, spec, fmt); return bdev_name(buf, end, ptr, spec, fmt);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment