25 Sep, 2020
1 commit
-
No need to go through the hd_struct to find the partition number.
Signed-off-by: Christoph Hellwig
Signed-off-by: Jens Axboe
25 Aug, 2020
1 commit
-
The following build error for powerpc64 was reported by Nathan Chancellor:
"$ scripts/config --file arch/powerpc/configs/powernv_defconfig -e KERNEL_XZ
$ make -skj"$(nproc)" ARCH=powerpc CROSS_COMPILE=powerpc64le-linux- distclean powernv_defconfig zImage
...
In file included from arch/powerpc/boot/../../../lib/decompress_unxz.c:234,
from arch/powerpc/boot/decompress.c:38:
arch/powerpc/boot/../../../lib/xz/xz_dec_stream.c: In function 'dec_main':
arch/powerpc/boot/../../../lib/xz/xz_dec_stream.c:586:4: error: 'fallthrough' undeclared (first use in this function)
586 | fallthrough;
| ^~~~~~~~~~~This will end up affecting distribution configurations such as Debian
and OpenSUSE according to my testing. I am not sure what the solution
is, the PowerPC wrapper does not set -D__KERNEL__ so I am not sure
that compiler_attributes.h can be safely included."In order to avoid these sort of problems, it seems that the best
solution is to use /* fall through */ comments instead of the
fallthrough pseudo-keyword macro in lib/, for now.Reported-by: Nathan Chancellor
Fixes: df561f6688fe ("treewide: Use fallthrough pseudo-keyword")
Signed-off-by: Gustavo A. R. Silva
Reviewed-and-tested-by: Nathan Chancellor
Signed-off-by: Linus Torvalds
24 Aug, 2020
1 commit
-
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva
01 Aug, 2020
3 commits
-
Sparse is not happy about restricted type being assigned:
lib/vsprintf.c:1940:23: warning: incorrect type in assignment (different base types)
lib/vsprintf.c:1940:23: expected unsigned long [assigned] flags
lib/vsprintf.c:1940:23: got restricted gfp_t [usertype]Force type of flags value to make sparse happy.
Signed-off-by: Andy Shevchenko
Reviewed-by: Steven Rostedt (VMware)
Link: https://lore.kernel.org/r/20200731180825.30575-3-andriy.shevchenko@linux.intel.com
Signed-off-by: Sergey Senozhatsky -
When printing phandle via %pOFp the custom spec is used. First of all,
it has a SMALL flag which makes no sense for decimal numbers. Second,
we have already default spec for decimal numbers. Use the latter in
the %pOFp case as well.Signed-off-by: Andy Shevchenko
Reviewed-by: Steven Rostedt (VMware)
Reviewed-by: Sergey Senozhatsky
Cc: Pantelis Antoniou
Cc: Rob Herring
Cc: Joe Perches
Cc: Grant Likely
Link: https://lore.kernel.org/r/20200731180825.30575-2-andriy.shevchenko@linux.intel.com
Signed-off-by: Sergey Senozhatsky -
First of all, there is no compile time check for the SMALL
to be ' ' (0x20, i.e. space). Second, for ZEROPAD the check
is hidden in the code.For better maintenance replace BUILD_BUG_ON() with static_assert()
for ZEROPAD and move it closer to the definition. While at it,
introduce check for SMALL.Signed-off-by: Andy Shevchenko
Reviewed-by: Steven Rostedt (VMware)
Reviewed-by: Sergey Senozhatsky
Link: https://lore.kernel.org/r/20200731180825.30575-1-andriy.shevchenko@linux.intel.com
Signed-off-by: Sergey Senozhatsky
03 Jul, 2020
1 commit
-
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.Signed-off-by: Alexander A. Klimov
Reviewed-by: Petr Mladek
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek
Link: https://lore.kernel.org/r/20200702200536.13389-1-grandmaster@al2klimov.de
02 Jun, 2020
1 commit
-
Pull printk updates from Petr Mladek:
- Benjamin Herrenschmidt solved a problem with non-matched console
aliases by first checking consoles defined on the command line. It is
a more conservative approach than the previous attempts.- Benjamin also made sure that the console accessible via /dev/console
always has CON_CONSDEV flag.- Andy Shevchenko added the %ptT modifier for printing struct time64_t.
It extends the existing %ptR handling for struct rtc_time.- Bruno Meneguele fixed /dev/kmsg error value returned by unsupported
SEEK_CUR.- Tetsuo Handa removed unused pr_cont_once().
... and a few small fixes.
* tag 'printk-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
printk: Remove pr_cont_once()
printk: handle blank console arguments passed in.
kernel/printk: add kmsg SEEK_CUR handling
printk: Fix a typo in comment "interator"->"iterator"
usb: pulse8-cec: Switch to use %ptT
ARM: bcm2835: Switch to use %ptT
lib/vsprintf: Print time64_t in human readable format
lib/vsprintf: update comment about simple_strto() functions
printk: Correctly set CON_CONSDEV even when preferred console was not registered
printk: Fix preferred console selection with multiple matches
printk: Move console matching logic into a separate function
printk: Convert a use of sprintf to snprintf in console_unlock
01 Jun, 2020
1 commit
20 May, 2020
2 commits
-
There are users which print time and date represented by content of
time64_t type in human readable format.Instead of open coding that each time introduce %ptT[dt][r] specifier.
Few test cases for %ptT specifier has been added as well.
Link: https://lore.kernel.org/r/20200415170046.33374-2-andriy.shevchenko@linux.intel.com
Signed-off-by: Andy Shevchenko
Reviewed-by: Alexandre Belloni
Acked-by: Sergey Senozhatsky
Rewieved-by: Petr Mladek
Signed-off-by: Petr Mladek -
I don't see what security concern is addressed by obfuscating NULL
and IS_ERR() error pointers, printed with %p/%pK. Given the number
of sites where %p is used (over 10000) and the fact that NULL pointers
aren't uncommon, it probably wouldn't take long for an attacker to
find the hash that corresponds to 0. Although harder, the same goes
for most common error values, such as -1, -2, -11, -14, etc.The NULL part actually fixes a regression: NULL pointers weren't
obfuscated until commit 3e5903eb9cff ("vsprintf: Prevent crash when
dereferencing invalid pointers") which went into 5.2. I'm tacking
the IS_ERR() part on here because error pointers won't leak kernel
addresses and printing them as pointers shouldn't be any different
from e.g. %d with PTR_ERR_OR_ZERO(). Obfuscating them just makes
debugging based on existing pr_debug and friends excruciating.Note that the "always print 0's for %pK when kptr_restrict == 2"
behaviour which goes way back is left as is.Example output with the patch applied:
ptr error-ptr NULL
%p: 0000000001f8cc5b fffffffffffffff2 0000000000000000
%pK, kptr = 0: 0000000001f8cc5b fffffffffffffff2 0000000000000000
%px: ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 1: ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 2: 0000000000000000 0000000000000000 0000000000000000Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
Signed-off-by: Ilya Dryomov
Reviewed-by: Petr Mladek
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Acked-by: Steven Rostedt (VMware)
Signed-off-by: Linus Torvalds
15 May, 2020
1 commit
-
Usage of plain %s conversion specifier in bpf_trace_printk() suffers from the
very same issue as bpf_probe_read{,str}() helpers, that is, it is broken on
archs with overlapping address ranges.While the helpers have been addressed through work in 6ae08ae3dea2 ("bpf: Add
probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers"), we need
an option for bpf_trace_printk() as well to fix it.Similarly as with the helpers, force users to make an explicit choice by adding
%pks and %pus specifier to bpf_trace_printk() which will then pick the corresponding
strncpy_from_unsafe*() variant to perform the access under KERNEL_DS or USER_DS.
The %pk* (kernel specifier) and %pu* (user specifier) can later also be extended
for other objects aside strings that are probed and printed under tracing, and
reused out of other facilities like bpf_seq_printf() or BTF based type printing.Existing behavior of %s for current users is still kept working for archs where it
is not broken and therefore gated through CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
For archs not having this property we fall-back to pick probing under KERNEL_DS as
a sensible default.Fixes: 8d3b7dce8622 ("bpf: add support for %s specifier to bpf_trace_printk()")
Reported-by: Linus Torvalds
Reported-by: Christoph Hellwig
Signed-off-by: Daniel Borkmann
Signed-off-by: Alexei Starovoitov
Cc: Masami Hiramatsu
Cc: Brendan Gregg
Link: https://lore.kernel.org/bpf/20200515101118.6508-4-daniel@iogearbox.net
28 Feb, 2020
1 commit
-
The commit 885e68e8b7b1 ("kernel.h: update comment about simple_strto()
functions") updated a comment regard to simple_strto() functions, but
missed similar change in the vsprintf.c module.Update comments in vsprintf.c as well for simple_strto() functions.
Link: https://lore.kernel.org/r/20200221085723.42469-1-andriy.shevchenko@linux.intel.com
Reported-by: Uwe Kleine-König
Signed-off-by: Andy Shevchenko
Signed-off-by: Petr Mladek
01 Dec, 2019
1 commit
-
When a process updates the RSS of a different process, the rss_stat
tracepoint appears in the context of the process doing the update. This
can confuse userspace that the RSS of process doing the update is
updated, while in reality a different process's RSS was updated.This issue happens in reclaim paths such as with direct reclaim or
background reclaim.This patch adds more information to the tracepoint about whether the mm
being updated belongs to the current process's context (curr field). We
also include a hash of the mm pointer so that the process who the mm
belongs to can be uniquely identified (mm_id field).Also vsprintf.c is refactored a bit to allow reuse of hashing code.
[akpm@linux-foundation.org: remove unused local `str']
[joelaf@google.com: inline call to ptr_to_hashval]
Link: http://lore.kernel.org/r/20191113153816.14b95acd@gandalf.local.home
Link: http://lkml.kernel.org/r/20191114164622.GC233237@google.com
Link: http://lkml.kernel.org/r/20191106024452.81923-1-joel@joelfernandes.org
Signed-off-by: Joel Fernandes (Google)
Reported-by: Ioannis Ilkos
Acked-by: Petr Mladek [lib/vsprintf.c]
Cc: Tim Murray
Cc: Michal Hocko
Cc: Carmen Jackson
Cc: Mayank Gupta
Cc: Daniel Colascione
Cc: Steven Rostedt (VMware)
Cc: Minchan Kim
Cc: "Aneesh Kumar K.V"
Cc: Dan Williams
Cc: Jerome Glisse
Cc: Matthew Wilcox
Cc: Ralph Campbell
Cc: Vlastimil Babka
Cc: Steven Rostedt
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Nov, 2019
1 commit
-
Pull device properties framework updates from Rafael Wysocki:
"Add support for printing fwnode names using a new conversion specifier
"%pfw" (Sakari Ailus), clean up the software node and
efi/apple-properties code in preparation for improved software node
reference properties handling (Dmitry Torokhov) and fix the struct
fwnode_operations description (Heikki Krogerus)"* tag 'devprop-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (22 commits)
software node: simplify property_entry_read_string_array()
software node: unify PROPERTY_ENTRY_XXX macros
software node: remove property_entry_read_uNN_array functions
software node: get rid of property_set_pointer()
software node: clean up property_copy_string_array()
software node: mark internal macros with double underscores
efi/apple-properties: use PROPERTY_ENTRY_U8_ARRAY_LEN
software node: introduce PROPERTY_ENTRY_XXX_ARRAY_LEN()
software node: remove DEV_PROP_MAX
device property: Fix the description of struct fwnode_operations
lib/test_printf: Add tests for %pfw printk modifier
lib/vsprintf: Add %pfw conversion specifier for printing fwnode names
lib/vsprintf: OF nodes are first and foremost, struct device_nodes
lib/vsprintf: Make use of fwnode API to obtain node names and separators
lib/vsprintf: Add a note on re-using %pf or %pF
lib/vsprintf: Remove support for %pF and %pf in favour of %pS and %ps
device property: Add a function to obtain a node's prefix
device property: Add fwnode_get_name for returning the name of a node
device property: Add functions for accessing node's parents
device property: Move fwnode_get_parent() up
...
17 Oct, 2019
1 commit
-
It has been suggested several times to extend vsnprintf() to be able
to convert the numeric value of ENOSPC to print "ENOSPC". This
implements that as a %p extension: With %pe, one can doif (IS_ERR(foo)) {
pr_err("Sorry, can't do that: %pe\n", foo);
return PTR_ERR(foo);
}instead of what is seen in quite a few places in the kernel:
if (IS_ERR(foo)) {
pr_err("Sorry, can't do that: %ld\n", PTR_ERR(foo));
return PTR_ERR(foo);
}If the value passed to %pe is an ERR_PTR, but the library function
errname() added here doesn't know about the value, the value is simply
printed in decimal. If the value passed to %pe is not an ERR_PTR, we
treat it as an ordinary %p and thus print the hashed value (passing
non-ERR_PTR values to %pe indicates a bug in the caller, but we can't
do much about that).With my embedded hat on, and because it's not very invasive to do,
I've made it possible to remove this. The errname() function and
associated lookup tables take up about 3K. For most, that's probably
quite acceptable and a price worth paying for more readable
dmesg (once this starts getting used), while for those that disable
printk() it's of very little use - I don't see a
procfs/sysfs/seq_printf() file reasonably making use of this - and
they clearly want to squeeze vmlinux as much as possible. Hence the
default y if PRINTK.The symbols to include have been found by massaging the output of
find arch include -iname 'errno*.h' | xargs grep -E 'define\s*E'
In the cases where some common aliasing exists
(e.g. EAGAIN=EWOULDBLOCK on all platforms, EDEADLOCK=EDEADLK on most),
I've moved the more popular one (in terms of 'git grep -w Efoo | wc)
to the bottom so that one takes precedence.Link: http://lkml.kernel.org/r/20191015190706.15989-1-linux@rasmusvillemoes.dk
To: "Jonathan Corbet"
To: linux-kernel@vger.kernel.org
Cc: "Andy Shevchenko"
Cc: "Andrew Morton"
Cc: "Joe Perches"
Cc: linux-doc@vger.kernel.org
Signed-off-by: Rasmus Villemoes
Acked-by: Uwe Kleine-König
Reviewed-by: Petr Mladek
[andy.shevchenko@gmail.com: use abs()]
Acked-by: Andy Shevchenko
Signed-off-by: Petr Mladek
11 Oct, 2019
5 commits
-
Add support for %pfw conversion specifier (with "f" and "P" modifiers) to
support printing full path of the node, including its name ("f") and only
the node's name ("P") in the printk family of functions. The two flags
have equivalent functionality to existing %pOF with the same two modifiers
("f" and "P") on OF based systems. The ability to do the same on ACPI
based systems is added by this patch.On ACPI based systems the resulting strings look like
\_SB.PCI0.CIO2.port@1.endpoint@0
where the nodes are separated by a dot (".") and the first three are
ACPI device nodes and the latter two ACPI data nodes.Signed-off-by: Sakari Ailus
Reviewed-by: Andy Shevchenko
Reviewed-by: Petr Mladek
Signed-off-by: Rafael J. Wysocki -
Factor out static kobject_string() function that simply calls
device_node_string(), and thus remove references to kobjects (as these are
struct device_node).Signed-off-by: Sakari Ailus
Reviewed-by: Andy Shevchenko
Reviewed-by: Petr Mladek
Signed-off-by: Rafael J. Wysocki -
Instead of implementing our own means of discovering parent nodes, node
names or counting how many parents a node has, use the newly added
functions in the fwnode API to obtain that information.Signed-off-by: Sakari Ailus
Reviewed-by: Andy Shevchenko
Reviewed-by: Petr Mladek
Signed-off-by: Rafael J. Wysocki -
Add a note warning of re-use of obsolete %pf or %pF extensions.
Signed-off-by: Sakari Ailus
Suggested-by: Steven Rostedt (VMware)
Reviewed-by: Petr Mladek
Signed-off-by: Rafael J. Wysocki -
%pS and %ps are now the preferred conversion specifiers to print function
names. The functionality is equivalent; remove the old, deprecated %pF
and %pf support.Depends-on: commit 2d44d165e939 ("scsi: lpfc: Convert existing %pf users to %ps")
Depends-on: commit b295c3e39c13 ("tools lib traceevent: Convert remaining %p[fF] users to %p[sS]")
Signed-off-by: Sakari Ailus
Reviewed-by: Andy Shevchenko
Reviewed-by: Petr Mladek
Signed-off-by: Rafael J. Wysocki
15 Aug, 2019
1 commit
-
Commit 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid
pointers") prevents most crash except for %pD.
There is an additional pointer dereferencing before dentry_name.At least, vma->file can be NULL and be passed to printk %pD in
print_bad_pte, which can cause crash.This patch fixes it with introducing a new file_dentry_name.
Link: http://lkml.kernel.org/r/20190809012457.56685-1-justin.he@arm.com
Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
To: Geert Uytterhoeven
To: Thomas Gleixner
To: Andy Shevchenko
To: linux-kernel@vger.kernel.org
Cc: Kees Cook
Cc: "Steven Rostedt (VMware)"
Cc: Shuah Khan
Cc: "Tobin C. Harding"
Signed-off-by: Jia He
Reviewed-by: Andy Shevchenko
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek
10 Jul, 2019
1 commit
-
Pull printk updates from Petr Mladek:
- distinguish different legacy clocks again
- small clean up
* tag 'printk-for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
lib/vsprintf: Reinstate printing of legacy clock IDs
vsprintf: fix data type of variable in string_nocheck()
04 Jul, 2019
1 commit
-
When using the legacy clock framework, clock pointers are no longer
printed as IDs, as the !CONFIG_COMMON_CLK case was accidentally
considered an error case.Fix this by reverting to the old behavior, which allows to distinguish
clocks by ID, as the legacy clock framework does not store names with
clocks.Fixes: 0b74d4d763fd4ee9 ("vsprintf: Consolidate handling of unknown pointer specifiers")
Link: http://lkml.kernel.org/r/20190701140009.23683-1-geert+renesas@glider.be
Cc: Sergey Senozhatsky
Cc: Andy Shevchenko
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Geert Uytterhoeven
Signed-off-by: Petr Mladek
12 Jun, 2019
1 commit
-
This patch fixes data type of precision with int.
The precision is declared as signed int in struct printf_spec.Link: http://lkml.kernel.org/r/040301d51f60$b4959100$1dc0b300$@samsung.com
To:
To:
To:
To:
Signed-off-by: Youngmin Nam
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek
21 May, 2019
1 commit
-
Add SPDX license identifiers to all files which:
- Have no license information of any form
- Have EXPORT_.*_SYMBOL_GPL inside which was used in the
initial scan/conversion to ignore the fileThese files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:GPL-2.0-only
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman
10 May, 2019
1 commit
-
The commit 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing
invalid pointers") broke boot on several architectures. The common
pattern is that probe_kernel_read() is not working during early
boot because userspace access framework is not ready.It is a generic problem. We have to avoid any complex external
functions in vsprintf() code, especially in the common path.
They might break printk() easily and are hard to debug.Replace probe_kernel_read() with some simple checks for obvious
problems.Details:
1. Report on Power:
Kernel crashes very early during boot with with CONFIG_PPC_KUAP and
CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUGThe problem is the combination of some new code called via printk(),
check_pointer() which calls probe_kernel_read(). That then calls
allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
(before we've patched features). With the JUMP_LABEL debug enabled that
causes us to call printk() & dump_stack() and we end up recursing and
overflowing the stack.Because it happens so early you don't get any output, just an apparently
dead system.The stack trace (which you don't see) is something like:
...
dump_stack+0xdc
probe_kernel_read+0x1a4
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
printk_safe_log_store+0x7c
printk+0x40
dump_stack_print_info+0xbc
dump_stack+0x8
probe_kernel_read+0x1a4
probe_kernel_read+0x19c
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
vprintk_store+0x6c
vprintk_emit+0xec
vprintk_func+0xd4
printk+0x40
cpufeatures_process_feature+0xc8
scan_cpufeatures_subnodes+0x380
of_scan_flat_dt_subnodes+0xb4
dt_cpu_ftrs_scan_callback+0x158
of_scan_flat_dt+0xf0
dt_cpu_ftrs_scan+0x3c
early_init_devtree+0x360
early_setup+0x9c2. Report on s390:
vsnprintf invocations, are broken on s390. For example, the early boot
output now looks like this where the first (efault) should be
the linux_banner:[ 0.099985] (efault)
[ 0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode
[ 0.100066] setup: The maximum memory size is 8192MB
[ 0.100070] cma: Reserved 4 MiB at (efault)
[ 0.100100] numa: NUMA mode: (efault)The reason for this, is that the code assumes that
probe_kernel_address() works very early. This however is not true on
at least s390. Uaccess on KERNEL_DS works only after page tables have
been setup on s390, which happens with setup_arch()->paging_init().Any probe_kernel_address() invocation before that will return -EFAULT.
Fixes: 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing invalid pointers")
Link: http://lkml.kernel.org/r/20190510084213.22149-1-pmladek@suse.com
Cc: Andy Shevchenko
Cc: Rasmus Villemoes
Cc: "Tobin C . Harding"
Cc: Michal Hocko
Cc: Sergey Senozhatsky
Cc: Steven Rostedt
Cc: linux-kernel@vger.kernel.org
Cc: Michael Ellerman
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Russell Currey
Cc: Christophe Leroy
Cc: Stephen Rothwell
Cc: Heiko Carstens
Cc: linux-arch@vger.kernel.org
Cc: linux-s390@vger.kernel.org
Cc: Martin Schwidefsky
Cc: Petr Mladek
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek
29 Apr, 2019
1 commit
-
Fix sparse warning:
lib/vsprintf.c:673:6: warning:
symbol 'pointer_string' was not declared. Should it be static?Link: http://lkml.kernel.org/r/20190426164630.22104-1-yuehaibing@huawei.com
To:
To:
To:
To:
Signed-off-by: YueHaibing
Signed-off-by: Petr Mladek
26 Apr, 2019
10 commits
-
The inlined error messages must be used carefully because
they need to fit into the given buffer.Handle them using a custom wrapper that makes people aware
of the problem. Also define a reasonable hard limit to
avoid a completely insane usage.Suggested-by: Sergey Senozhatsky
Link: http://lkml.kernel.org/r/20190417115350.20479-11-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
We are able to detect invalid values handled by %p[iI] printk specifier.
The current error message is "invalid address". It might cause confusion
against "(efault)" reported by the generic valid_pointer_address() check.Let's unify the style and use the more appropriate error code description
"(einval)".Link: http://lkml.kernel.org/r/20190417115350.20479-10-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
We already prevent crash when dereferencing some obviously broken
pointers. But the handling is not consistent. Sometimes we print "(null)"
only for pure NULL pointer, sometimes for pointers in the first
page and sometimes also for pointers in the last page (error codes).Note that printk() call this code under logbuf_lock. Any recursive
printks are redirected to the printk_safe implementation and the messages
are stored into per-CPU buffers. These buffers might be eventually flushed
in printk_safe_flush_on_panic() but it is not guaranteed.This patch adds a check using probe_kernel_read(). It is not a full-proof
test. But it should help to see the error message in 99% situations where
the kernel would silently crash otherwise.Also it makes the error handling unified for "%s" and the many %p*
specifiers that need to read the data from a given address. We print:+ (null) when accessing data on pure pure NULL address
+ (efault) when accessing data on an invalid addressIt does not affect the %p* specifiers that just print the given address
in some form, namely %pF, %pf, %pS, %ps, %pB, %pK, %px, and plain %p.Note that we print (efault) from security reasons. In fact, the real
address can be seen only by %px or eventually %pK.Link: http://lkml.kernel.org/r/20190417115350.20479-9-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
There are few printk formats that make sense only with two or more
specifiers. Also some specifiers make sense only when a kernel feature
is enabled.The handling of unknown specifiers is inconsistent and not helpful.
Using WARN() looks like an overkill for this type of error. pr_warn()
is not good either. It would by handled via printk_safe buffer and
it might be hard to match it with the problematic string.A reasonable compromise seems to be writing the unknown format specifier
into the original string with a question mark, for example (%pC?).
It should be self-explaining enough. Note that it is in brackets
to follow the (null) style.Note that it introduces a warning about that test_hashed() function
is unused. It is going to be used again by a later patch.Link: http://lkml.kernel.org/r/20190417115350.20479-8-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
Move code from the long pointer() function. We are going to improve
error handling that will make it even more complicated.This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/20190417115350.20479-7-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
Move the code from the long pointer() function. We are going to improve
error handling that will make it more complicated.This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/20190417115350.20479-6-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
Move the non-trivial code from the long pointer() function. We are going
to improve error handling that will make it even more complicated.This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/20190417115350.20479-5-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Sergey Senozhatsky
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek -
We are going to check the address using probe_kernel_address(). It will
be more expensive and it does not make sense for well known address.This patch splits the string() function. The variant without the check
is then used on locations that handle string constants or strings defined
as local variables.This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/20190417115350.20479-4-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Andy Shevchenko
Signed-off-by: Petr Mladek
Reviewed-by: Sergey Senozhatsky -
restricted_pointer() pretends that it prints the address when kptr_restrict
is set to zero. But it is never called in this situation. Instead,
pointer() falls back to ptr_to_id() and hashes the pointer.This patch removes the potential confusion. klp_restrict is checked only
in restricted_pointer().It actually fixes a small race when the address might get printed unhashed:
CPU0 CPU1
pointer()
if (!kptr_restrict)
/* for example set to 2 */
restricted_pointer()
/* echo 0 >/proc/sys/kernel/kptr_restrict */
proc_dointvec_minmax_sysadmin()
klpr_restrict = 0;
switch(kptr_restrict)
case 0:
break:number()
Fixes: ef0010a30935de4e0211 ("vsprintf: don't use 'restricted_pointer()' when not restricting")
Link: http://lkml.kernel.org/r/20190417115350.20479-3-pmladek@suse.com
To: Andy Shevchenko
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Cc: Kees Cook
Reviewed-by: Andy Shevchenko
Reviewed-by: Steven Rostedt (VMware)
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek -
This is just a preparation step for further changes.
The patch does not change the code.
Link: http://lkml.kernel.org/r/20190417115350.20479-2-pmladek@suse.com
To: Rasmus Villemoes
Cc: Linus Torvalds
Cc: "Tobin C . Harding"
Cc: Joe Perches
Cc: Andrew Morton
Cc: Michal Hocko
Cc: Steven Rostedt
Cc: Sergey Senozhatsky
Cc: linux-kernel@vger.kernel.org
Reviewed-by: Andy Shevchenko
Reviewed-by: Sergey Senozhatsky
Signed-off-by: Petr Mladek
10 Mar, 2019
1 commit
-
Pull printk updates from Petr Mladek:
- Allow to sort mixed lines by an extra information about the caller
- Remove no longer used LOG_PREFIX.
- Some clean up and documentation update.
* tag 'printk-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
printk/docs: Add extra integer types to printk-formats
printk: Remove no longer used LOG_PREFIX.
lib/vsprintf: Remove %pCr remnant in comment
printk: Pass caller information to log_store().
printk: Add caller information to printk() output.
08 Mar, 2019
1 commit
-
At the time of commit d048419311ff ("lib/vsprintf.c: expand field_width
to 24 bits"), there was no compiletime_assert/BUILD_BUG/.... variant
that could be used outside function scope. Now we have static_assert(),
so move the assertion next to the definition instead of hiding it in
some arbitrary function.Also add the appropriate #include to avoid relying on build_bug.h being
pulled in via some arbitrary chain of includes.Link: http://lkml.kernel.org/r/20190208203015.29702-2-linux@rasmusvillemoes.dk
Signed-off-by: Rasmus Villemoes
Cc: Alexander Viro
Cc: Kees Cook
Cc: Luc Van Oostenryck
Cc: Masahiro Yamada
Cc: Nick Desaulniers
Cc: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds