29 Nov, 2017
1 commit
-
Currently there exist approximately 14 000 places in the kernel where
addresses are being printed using an unadorned %p. This potentially
leaks sensitive information regarding the Kernel layout in memory. Many
of these calls are stale, instead of fixing every call lets hash the
address by default before printing. This will of course break some
users, forcing code printing needed addresses to be updated.Code that _really_ needs the address will soon be able to use the new
printk specifier %px to print the address.For what it's worth, usage of unadorned %p can be broken down as
follows (thanks to Joe Perches).$ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
1084 arch
20 block
10 crypto
32 Documentation
8121 drivers
1221 fs
143 include
101 kernel
69 lib
100 mm
1510 net
40 samples
7 scripts
11 security
166 sound
152 tools
2 virtAdd function ptr_to_id() to map an address to a 32 bit unique
identifier. Hash any unadorned usage of specifier %p and any malformed
specifiers.Signed-off-by: Tobin C. Harding
16 Mar, 2016
1 commit
-
In mm we use several kinds of flags bitfields that are sometimes printed
for debugging purposes, or exported to userspace via sysfs. To make
them easier to interpret independently on kernel version and config, we
want to dump also the symbolic flag names. So far this has been done
with repeated calls to pr_cont(), which is unreliable on SMP, and not
usable for e.g. sysfs export.To get a more reliable and universal solution, this patch extends
printk() format string for pointers to handle the page flags (%pGp),
gfp_flags (%pGg) and vma flags (%pGv). Existing users of
dump_flag_names() are converted and simplified.It would be possible to pass flags by value instead of pointer, but the
%p format string for pointers already has extensions for various kernel
structures, so it's a good fit, and the extra indirection in a
non-critical path is negligible.[linux@rasmusvillemoes.dk: lots of good implementation suggestions]
Signed-off-by: Vlastimil Babka
Acked-by: Michal Hocko
Cc: Steven Rostedt
Cc: Peter Zijlstra
Cc: Arnaldo Carvalho de Melo
Cc: Ingo Molnar
Cc: Rasmus Villemoes
Cc: Joonsoo Kim
Cc: Minchan Kim
Cc: Sasha Levin
Cc: "Kirill A. Shutemov"
Cc: Mel Gorman
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
17 Jan, 2016
7 commits
-
Signed-off-by: Rasmus Villemoes
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Kees Cook
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Following "lib/vsprintf.c: expand field_width to 24 bits", let's add a
test to see that we now actually support bitmaps with 65536 bits.Signed-off-by: Rasmus Villemoes
Acked-by: Kees Cook
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
These should also count as performed tests.
Signed-off-by: Rasmus Villemoes
Acked-by: Kees Cook
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This adds a few tests to test_number, one of which serves to document
another deviation from POSIX/C99 (printing 0 with an explicit precision
of 0).Signed-off-by: Rasmus Villemoes
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Kees Cook
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The kernel's printf doesn't follow the standards in a few corner cases
(which are probably mostly irrelevant). Add tests that document the
current behaviour.Signed-off-by: Rasmus Villemoes
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Kees Cook
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Add a few padding bytes on either side of the test buffer, and check
that these (and the part of the buffer not used) are untouched by
vsnprintf.Signed-off-by: Rasmus Villemoes
Acked-by: Kees Cook
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
BUG is a completely unnecessarily big hammer, and we're more likely to
get the internal bug reported if we just pr_err() and ensure the test
suite fails.Signed-off-by: Rasmus Villemoes
Acked-by: Kees Cook
Cc: Al Viro
Cc: Andy Shevchenko
Cc: Ingo Molnar
Cc: Joe Perches
Cc: Maurizio Lombardi
Cc: Tejun Heo
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Nov, 2015
1 commit
-
This adds a simple module for testing the kernel's printf facilities.
Previously, some %p extensions have caused a wrong return value in case
the entire output didn't fit and/or been unusable in kasprintf(). This
should help catch such issues. Also, it should help ensure that changes
to the formatting algorithms don't break anything.I'm not sure if we have a struct dentry or struct file lying around at
boot time or if we can fake one, but most %p extensions should be
testable, as should the ordinary number and string formatting.The nature of vararg functions means we can't use a more conventional
table-driven approach.For now, this is mostly a skeleton; contributions are very
welcome. Some tests are/will be slightly annoying to write, since the
expected output depends on stuff like CONFIG_*, sizeof(long), runtime
values etc.Signed-off-by: Rasmus Villemoes
Reviewed-by: Kees Cook
Cc: Andy Shevchenko
Cc: Martin Kletzander
Cc: Rasmus Villemoes
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds