From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E8FDC4332F for ; Thu, 20 Oct 2022 09:28:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B63178E0001; Thu, 20 Oct 2022 05:28:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AF5E56B0073; Thu, 20 Oct 2022 05:28:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 98D478E0001; Thu, 20 Oct 2022 05:28:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 84D816B0071 for ; Thu, 20 Oct 2022 05:28:08 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 49CA5A01A3 for ; Thu, 20 Oct 2022 09:28:08 +0000 (UTC) X-FDA: 80040801456.21.4ED6969 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by imf06.hostedemail.com (Postfix) with ESMTP id AF814180036 for ; Thu, 20 Oct 2022 09:28:07 +0000 (UTC) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id 2BDBB1F381; Thu, 20 Oct 2022 09:28:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1666258086; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=GIeFesqoPVDLGuMTiujmZeuxlDUx092KNDrnzgeJWXs=; b=mYZOLgLK1yliL2zk1vvyi9P11BlK6wNhApGpIotJjsA/EMUcMroedb3M7BInJeyxc0dUUn b3fw6ZU/JFMWqQ5sXwUSmvGSgGBT1w7IvPhATnEPS0ivfdqhzzyPNCrGtCuRKRbBPCvcPS G+VBgzYPSghZekXGsMP7GwbebzahlQo= Received: from suse.cz (unknown [10.100.208.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 07DF02C15C; Thu, 20 Oct 2022 09:28:06 +0000 (UTC) Date: Thu, 20 Oct 2022 11:28:05 +0200 From: Petr Mladek To: Jane Chu Cc: rostedt@goodmis.org, senozhatsky@chromium.org, andriy.shevchenko@linux.intel.com, linux@rasmusvillemoes.dk, linux-mm@kvack.org, linux-kernel@vger.kernel.org, wangkefeng.wang@huawei.com, konrad.wilk@oracle.com, haakon.bugge@oracle.com, john.haxby@oracle.com Subject: Re: [PATCH v3 1/1] vsprintf: protect kernel from panic due to non-canonical pointer dereference Message-ID: References: <20221019194159.2923873-1-jane.chu@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221019194159.2923873-1-jane.chu@oracle.com> ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666258087; a=rsa-sha256; cv=none; b=VwhY6hlpci8bUKjeqd85tnfmHsm9/N1jcThsPP7+kLgZF0jkWgRecmVGfDshcOaKQ2bNYu ev8o35Gt9liqnCIveu6arHckgyM64ou4Z9qVXZvdhYcMkSN2QewubpweMe/UjF53ydy6HD wNBsRmtV8w3cOaoLOcKl0ifSNuEzg+I= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=suse.com header.s=susede1 header.b=mYZOLgLK; spf=pass (imf06.hostedemail.com: domain of pmladek@suse.com designates 195.135.220.29 as permitted sender) smtp.mailfrom=pmladek@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666258087; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=GIeFesqoPVDLGuMTiujmZeuxlDUx092KNDrnzgeJWXs=; b=zPPFDiOJiYkN7YEexDWrqZg5LmcyVtgVldIH/a182gicq+3EaqCedJO7Nl5AMTsnm/Xsvk HOK51vu6TKvKhR0WIQLOT319eZVoTuOmUCRTMgoIlqjf+WBRNf4SBZ1Bd7QUW5cMI1euWT wUncVvg7yB7rH5vIwAij5rnbwy0Ujco= X-Stat-Signature: dxse6d1fnu39qsppuas887cimqrpw6yn X-Rspamd-Queue-Id: AF814180036 Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=suse.com header.s=susede1 header.b=mYZOLgLK; spf=pass (imf06.hostedemail.com: domain of pmladek@suse.com designates 195.135.220.29 as permitted sender) smtp.mailfrom=pmladek@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1666258087-482024 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed 2022-10-19 13:41:59, Jane Chu wrote: > Having stepped on a local kernel bug where reading sysfs has led to > out-of-bound pointer dereference by vsprintf() which led to GPF panic. > And the reason for GPF is that the OOB pointer was turned to a > non-canonical address such as 0x7665645f63616465. > > vsprintf() already has this line of defense > if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr)) > return "(efault)"; > Since a non-canonical pointer can be detected by kern_addr_valid() > on architectures that present VM holes as well as meaningful > implementation of kern_addr_valid() that detects the non-canonical > addresses, this patch adds a check on non-canonical string pointer by > kern_addr_valid() and "(efault)" to alert user that something > is wrong instead of unecessarily panic the server. > > On the other hand, if the non-canonical string pointer is dereferenced > else where in the kernel, by virtue of being non-canonical, a crash > is expected to be immediate. Just for record, this patch is going to be abandoned. Some reasons are mentioned in this thread. Others are in the threads for previous versions, see https://lore.kernel.org/r/20221017194447.2579441-1-jane.chu@oracle.com https://lore.kernel.org/r/20221017191611.2577466-1-jane.chu@oracle.com Best Regards, Petr