| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux
Pull printk updates from Petr Mladek:
- Benjamin Herrenschmidt solved a problem with non-matched console
aliases by first checking consoles defined on the command line. It is
a more conservative approach than the previous attempts.
- Benjamin also made sure that the console accessible via /dev/console
always has CON_CONSDEV flag.
- Andy Shevchenko added the %ptT modifier for printing struct time64_t.
It extends the existing %ptR handling for struct rtc_time.
- Bruno Meneguele fixed /dev/kmsg error value returned by unsupported
SEEK_CUR.
- Tetsuo Handa removed unused pr_cont_once().
... and a few small fixes.
* tag 'printk-for-5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
printk: Remove pr_cont_once()
printk: handle blank console arguments passed in.
kernel/printk: add kmsg SEEK_CUR handling
printk: Fix a typo in comment "interator"->"iterator"
usb: pulse8-cec: Switch to use %ptT
ARM: bcm2835: Switch to use %ptT
lib/vsprintf: Print time64_t in human readable format
lib/vsprintf: update comment about simple_strto<foo>() functions
printk: Correctly set CON_CONSDEV even when preferred console was not registered
printk: Fix preferred console selection with multiple matches
printk: Move console matching logic into a separate function
printk: Convert a use of sprintf to snprintf in console_unlock
|
|
|
|
There are users which print time and date represented by content of
time64_t type in human readable format.
Instead of open coding that each time introduce %ptT[dt][r] specifier.
Few test cases for %ptT specifier has been added as well.
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Andy Shevchenko <[email protected]>
Reviewed-by: Alexandre Belloni <[email protected]>
Acked-by: Sergey Senozhatsky <[email protected]>
Rewieved-by: Petr Mladek <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
I don't see what security concern is addressed by obfuscating NULL
and IS_ERR() error pointers, printed with %p/%pK. Given the number
of sites where %p is used (over 10000) and the fact that NULL pointers
aren't uncommon, it probably wouldn't take long for an attacker to
find the hash that corresponds to 0. Although harder, the same goes
for most common error values, such as -1, -2, -11, -14, etc.
The NULL part actually fixes a regression: NULL pointers weren't
obfuscated until commit 3e5903eb9cff ("vsprintf: Prevent crash when
dereferencing invalid pointers") which went into 5.2. I'm tacking
the IS_ERR() part on here because error pointers won't leak kernel
addresses and printing them as pointers shouldn't be any different
from e.g. %d with PTR_ERR_OR_ZERO(). Obfuscating them just makes
debugging based on existing pr_debug and friends excruciating.
Note that the "always print 0's for %pK when kptr_restrict == 2"
behaviour which goes way back is left as is.
Example output with the patch applied:
ptr error-ptr NULL
%p: 0000000001f8cc5b fffffffffffffff2 0000000000000000
%pK, kptr = 0: 0000000001f8cc5b fffffffffffffff2 0000000000000000
%px: ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 1: ffff888048c04020 fffffffffffffff2 0000000000000000
%pK, kptr = 2: 0000000000000000 0000000000000000 0000000000000000
Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
Signed-off-by: Ilya Dryomov <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Acked-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Usage of plain %s conversion specifier in bpf_trace_printk() suffers from the
very same issue as bpf_probe_read{,str}() helpers, that is, it is broken on
archs with overlapping address ranges.
While the helpers have been addressed through work in 6ae08ae3dea2 ("bpf: Add
probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers"), we need
an option for bpf_trace_printk() as well to fix it.
Similarly as with the helpers, force users to make an explicit choice by adding
%pks and %pus specifier to bpf_trace_printk() which will then pick the corresponding
strncpy_from_unsafe*() variant to perform the access under KERNEL_DS or USER_DS.
The %pk* (kernel specifier) and %pu* (user specifier) can later also be extended
for other objects aside strings that are probed and printed under tracing, and
reused out of other facilities like bpf_seq_printf() or BTF based type printing.
Existing behavior of %s for current users is still kept working for archs where it
is not broken and therefore gated through CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
For archs not having this property we fall-back to pick probing under KERNEL_DS as
a sensible default.
Fixes: 8d3b7dce8622 ("bpf: add support for %s specifier to bpf_trace_printk()")
Reported-by: Linus Torvalds <[email protected]>
Reported-by: Christoph Hellwig <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Signed-off-by: Alexei Starovoitov <[email protected]>
Cc: Masami Hiramatsu <[email protected]>
Cc: Brendan Gregg <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
The commit 885e68e8b7b1 ("kernel.h: update comment about simple_strto<foo>()
functions") updated a comment regard to simple_strto<foo>() functions, but
missed similar change in the vsprintf.c module.
Update comments in vsprintf.c as well for simple_strto<foo>() functions.
Link: https://lore.kernel.org/r/[email protected]
Reported-by: Uwe Kleine-König <[email protected]>
Signed-off-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
When a process updates the RSS of a different process, the rss_stat
tracepoint appears in the context of the process doing the update. This
can confuse userspace that the RSS of process doing the update is
updated, while in reality a different process's RSS was updated.
This issue happens in reclaim paths such as with direct reclaim or
background reclaim.
This patch adds more information to the tracepoint about whether the mm
being updated belongs to the current process's context (curr field). We
also include a hash of the mm pointer so that the process who the mm
belongs to can be uniquely identified (mm_id field).
Also vsprintf.c is refactored a bit to allow reuse of hashing code.
[[email protected]: remove unused local `str']
[[email protected]: inline call to ptr_to_hashval]
Link: http://lore.kernel.org/r/[email protected]
Link: http://lkml.kernel.org/r/[email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Joel Fernandes (Google) <[email protected]>
Reported-by: Ioannis Ilkos <[email protected]>
Acked-by: Petr Mladek <[email protected]> [lib/vsprintf.c]
Cc: Tim Murray <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Carmen Jackson <[email protected]>
Cc: Mayank Gupta <[email protected]>
Cc: Daniel Colascione <[email protected]>
Cc: Steven Rostedt (VMware) <[email protected]>
Cc: Minchan Kim <[email protected]>
Cc: "Aneesh Kumar K.V" <[email protected]>
Cc: Dan Williams <[email protected]>
Cc: Jerome Glisse <[email protected]>
Cc: Matthew Wilcox <[email protected]>
Cc: Ralph Campbell <[email protected]>
Cc: Vlastimil Babka <[email protected]>
Cc: Steven Rostedt <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull device properties framework updates from Rafael Wysocki:
"Add support for printing fwnode names using a new conversion specifier
"%pfw" (Sakari Ailus), clean up the software node and
efi/apple-properties code in preparation for improved software node
reference properties handling (Dmitry Torokhov) and fix the struct
fwnode_operations description (Heikki Krogerus)"
* tag 'devprop-5.5-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (22 commits)
software node: simplify property_entry_read_string_array()
software node: unify PROPERTY_ENTRY_XXX macros
software node: remove property_entry_read_uNN_array functions
software node: get rid of property_set_pointer()
software node: clean up property_copy_string_array()
software node: mark internal macros with double underscores
efi/apple-properties: use PROPERTY_ENTRY_U8_ARRAY_LEN
software node: introduce PROPERTY_ENTRY_XXX_ARRAY_LEN()
software node: remove DEV_PROP_MAX
device property: Fix the description of struct fwnode_operations
lib/test_printf: Add tests for %pfw printk modifier
lib/vsprintf: Add %pfw conversion specifier for printing fwnode names
lib/vsprintf: OF nodes are first and foremost, struct device_nodes
lib/vsprintf: Make use of fwnode API to obtain node names and separators
lib/vsprintf: Add a note on re-using %pf or %pF
lib/vsprintf: Remove support for %pF and %pf in favour of %pS and %ps
device property: Add a function to obtain a node's prefix
device property: Add fwnode_get_name for returning the name of a node
device property: Add functions for accessing node's parents
device property: Move fwnode_get_parent() up
...
|
|
It has been suggested several times to extend vsnprintf() to be able
to convert the numeric value of ENOSPC to print "ENOSPC". This
implements that as a %p extension: With %pe, one can do
if (IS_ERR(foo)) {
pr_err("Sorry, can't do that: %pe\n", foo);
return PTR_ERR(foo);
}
instead of what is seen in quite a few places in the kernel:
if (IS_ERR(foo)) {
pr_err("Sorry, can't do that: %ld\n", PTR_ERR(foo));
return PTR_ERR(foo);
}
If the value passed to %pe is an ERR_PTR, but the library function
errname() added here doesn't know about the value, the value is simply
printed in decimal. If the value passed to %pe is not an ERR_PTR, we
treat it as an ordinary %p and thus print the hashed value (passing
non-ERR_PTR values to %pe indicates a bug in the caller, but we can't
do much about that).
With my embedded hat on, and because it's not very invasive to do,
I've made it possible to remove this. The errname() function and
associated lookup tables take up about 3K. For most, that's probably
quite acceptable and a price worth paying for more readable
dmesg (once this starts getting used), while for those that disable
printk() it's of very little use - I don't see a
procfs/sysfs/seq_printf() file reasonably making use of this - and
they clearly want to squeeze vmlinux as much as possible. Hence the
default y if PRINTK.
The symbols to include have been found by massaging the output of
find arch include -iname 'errno*.h' | xargs grep -E 'define\s*E'
In the cases where some common aliasing exists
(e.g. EAGAIN=EWOULDBLOCK on all platforms, EDEADLOCK=EDEADLK on most),
I've moved the more popular one (in terms of 'git grep -w Efoo | wc)
to the bottom so that one takes precedence.
Link: http://lkml.kernel.org/r/[email protected]
To: "Jonathan Corbet" <[email protected]>
To: [email protected]
Cc: "Andy Shevchenko" <[email protected]>
Cc: "Andrew Morton" <[email protected]>
Cc: "Joe Perches" <[email protected]>
Cc: [email protected]
Signed-off-by: Rasmus Villemoes <[email protected]>
Acked-by: Uwe Kleine-König <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
[[email protected]: use abs()]
Acked-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Add support for %pfw conversion specifier (with "f" and "P" modifiers) to
support printing full path of the node, including its name ("f") and only
the node's name ("P") in the printk family of functions. The two flags
have equivalent functionality to existing %pOF with the same two modifiers
("f" and "P") on OF based systems. The ability to do the same on ACPI
based systems is added by this patch.
On ACPI based systems the resulting strings look like
\[email protected]@0
where the nodes are separated by a dot (".") and the first three are
ACPI device nodes and the latter two ACPI data nodes.
Signed-off-by: Sakari Ailus <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
Factor out static kobject_string() function that simply calls
device_node_string(), and thus remove references to kobjects (as these are
struct device_node).
Signed-off-by: Sakari Ailus <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
Instead of implementing our own means of discovering parent nodes, node
names or counting how many parents a node has, use the newly added
functions in the fwnode API to obtain that information.
Signed-off-by: Sakari Ailus <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
Add a note warning of re-use of obsolete %pf or %pF extensions.
Signed-off-by: Sakari Ailus <[email protected]>
Suggested-by: Steven Rostedt (VMware) <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
%pS and %ps are now the preferred conversion specifiers to print function
names. The functionality is equivalent; remove the old, deprecated %pF
and %pf support.
Depends-on: commit 2d44d165e939 ("scsi: lpfc: Convert existing %pf users to %ps")
Depends-on: commit b295c3e39c13 ("tools lib traceevent: Convert remaining %p[fF] users to %p[sS]")
Signed-off-by: Sakari Ailus <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
Commit 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid
pointers") prevents most crash except for %pD.
There is an additional pointer dereferencing before dentry_name.
At least, vma->file can be NULL and be passed to printk %pD in
print_bad_pte, which can cause crash.
This patch fixes it with introducing a new file_dentry_name.
Link: http://lkml.kernel.org/r/[email protected]
Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers")
To: Geert Uytterhoeven <[email protected]>
To: Thomas Gleixner <[email protected]>
To: Andy Shevchenko <[email protected]>
To: [email protected]
Cc: Kees Cook <[email protected]>
Cc: "Steven Rostedt (VMware)" <[email protected]>
Cc: Shuah Khan <[email protected]>
Cc: "Tobin C. Harding" <[email protected]>
Signed-off-by: Jia He <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:
- distinguish different legacy clocks again
- small clean up
* tag 'printk-for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
lib/vsprintf: Reinstate printing of legacy clock IDs
vsprintf: fix data type of variable in string_nocheck()
|
|
When using the legacy clock framework, clock pointers are no longer
printed as IDs, as the !CONFIG_COMMON_CLK case was accidentally
considered an error case.
Fix this by reverting to the old behavior, which allows to distinguish
clocks by ID, as the legacy clock framework does not store names with
clocks.
Fixes: 0b74d4d763fd4ee9 ("vsprintf: Consolidate handling of unknown pointer specifiers")
Link: http://lkml.kernel.org/r/[email protected]
Cc: Sergey Senozhatsky <[email protected]>
Cc: Andy Shevchenko <[email protected]>
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
This patch fixes data type of precision with int.
The precision is declared as signed int in struct printf_spec.
Link: http://lkml.kernel.org/r/[email protected]
To: <[email protected]>
To: <[email protected]>
To: <[email protected]>
To: <[email protected]>
Signed-off-by: Youngmin Nam <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Add SPDX license identifiers to all files which:
- Have no license information of any form
- Have EXPORT_.*_SYMBOL_GPL inside which was used in the
initial scan/conversion to ignore the file
These files fall under the project license, GPL v2 only. The resulting SPDX
license identifier is:
GPL-2.0-only
Signed-off-by: Thomas Gleixner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
The commit 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing
invalid pointers") broke boot on several architectures. The common
pattern is that probe_kernel_read() is not working during early
boot because userspace access framework is not ready.
It is a generic problem. We have to avoid any complex external
functions in vsprintf() code, especially in the common path.
They might break printk() easily and are hard to debug.
Replace probe_kernel_read() with some simple checks for obvious
problems.
Details:
1. Report on Power:
Kernel crashes very early during boot with with CONFIG_PPC_KUAP and
CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG
The problem is the combination of some new code called via printk(),
check_pointer() which calls probe_kernel_read(). That then calls
allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
(before we've patched features). With the JUMP_LABEL debug enabled that
causes us to call printk() & dump_stack() and we end up recursing and
overflowing the stack.
Because it happens so early you don't get any output, just an apparently
dead system.
The stack trace (which you don't see) is something like:
...
dump_stack+0xdc
probe_kernel_read+0x1a4
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
printk_safe_log_store+0x7c
printk+0x40
dump_stack_print_info+0xbc
dump_stack+0x8
probe_kernel_read+0x1a4
probe_kernel_read+0x19c
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
vprintk_store+0x6c
vprintk_emit+0xec
vprintk_func+0xd4
printk+0x40
cpufeatures_process_feature+0xc8
scan_cpufeatures_subnodes+0x380
of_scan_flat_dt_subnodes+0xb4
dt_cpu_ftrs_scan_callback+0x158
of_scan_flat_dt+0xf0
dt_cpu_ftrs_scan+0x3c
early_init_devtree+0x360
early_setup+0x9c
2. Report on s390:
vsnprintf invocations, are broken on s390. For example, the early boot
output now looks like this where the first (efault) should be
the linux_banner:
[ 0.099985] (efault)
[ 0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode
[ 0.100066] setup: The maximum memory size is 8192MB
[ 0.100070] cma: Reserved 4 MiB at (efault)
[ 0.100100] numa: NUMA mode: (efault)
The reason for this, is that the code assumes that
probe_kernel_address() works very early. This however is not true on
at least s390. Uaccess on KERNEL_DS works only after page tables have
been setup on s390, which happens with setup_arch()->paging_init().
Any probe_kernel_address() invocation before that will return -EFAULT.
Fixes: 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing invalid pointers")
Link: http://lkml.kernel.org/r/[email protected]
Cc: Andy Shevchenko <[email protected]>
Cc: Rasmus Villemoes <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: [email protected]
Cc: Michael Ellerman <[email protected]>
Cc: [email protected]
Cc: Russell Currey <[email protected]>
Cc: Christophe Leroy <[email protected]>
Cc: Stephen Rothwell <[email protected]>
Cc: Heiko Carstens <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: Martin Schwidefsky <[email protected]>
Cc: Petr Mladek <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Fix sparse warning:
lib/vsprintf.c:673:6: warning:
symbol 'pointer_string' was not declared. Should it be static?
Link: http://lkml.kernel.org/r/[email protected]
To: <[email protected]>
To: <[email protected]>
To: <[email protected]>
To: <[email protected]>
Signed-off-by: YueHaibing <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
The inlined error messages must be used carefully because
they need to fit into the given buffer.
Handle them using a custom wrapper that makes people aware
of the problem. Also define a reasonable hard limit to
avoid a completely insane usage.
Suggested-by: Sergey Senozhatsky <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
We are able to detect invalid values handled by %p[iI] printk specifier.
The current error message is "invalid address". It might cause confusion
against "(efault)" reported by the generic valid_pointer_address() check.
Let's unify the style and use the more appropriate error code description
"(einval)".
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
We already prevent crash when dereferencing some obviously broken
pointers. But the handling is not consistent. Sometimes we print "(null)"
only for pure NULL pointer, sometimes for pointers in the first
page and sometimes also for pointers in the last page (error codes).
Note that printk() call this code under logbuf_lock. Any recursive
printks are redirected to the printk_safe implementation and the messages
are stored into per-CPU buffers. These buffers might be eventually flushed
in printk_safe_flush_on_panic() but it is not guaranteed.
This patch adds a check using probe_kernel_read(). It is not a full-proof
test. But it should help to see the error message in 99% situations where
the kernel would silently crash otherwise.
Also it makes the error handling unified for "%s" and the many %p*
specifiers that need to read the data from a given address. We print:
+ (null) when accessing data on pure pure NULL address
+ (efault) when accessing data on an invalid address
It does not affect the %p* specifiers that just print the given address
in some form, namely %pF, %pf, %pS, %ps, %pB, %pK, %px, and plain %p.
Note that we print (efault) from security reasons. In fact, the real
address can be seen only by %px or eventually %pK.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
There are few printk formats that make sense only with two or more
specifiers. Also some specifiers make sense only when a kernel feature
is enabled.
The handling of unknown specifiers is inconsistent and not helpful.
Using WARN() looks like an overkill for this type of error. pr_warn()
is not good either. It would by handled via printk_safe buffer and
it might be hard to match it with the problematic string.
A reasonable compromise seems to be writing the unknown format specifier
into the original string with a question mark, for example (%pC?).
It should be self-explaining enough. Note that it is in brackets
to follow the (null) style.
Note that it introduces a warning about that test_hashed() function
is unused. It is going to be used again by a later patch.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Move code from the long pointer() function. We are going to improve
error handling that will make it even more complicated.
This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Cc: Kees Cook <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Move the code from the long pointer() function. We are going to improve
error handling that will make it more complicated.
This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Move the non-trivial code from the long pointer() function. We are going
to improve error handling that will make it even more complicated.
This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Sergey Senozhatsky <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
We are going to check the address using probe_kernel_address(). It will
be more expensive and it does not make sense for well known address.
This patch splits the string() function. The variant without the check
is then used on locations that handle string constants or strings defined
as local variables.
This patch does not change the existing behavior.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
|
|
restricted_pointer() pretends that it prints the address when kptr_restrict
is set to zero. But it is never called in this situation. Instead,
pointer() falls back to ptr_to_id() and hashes the pointer.
This patch removes the potential confusion. klp_restrict is checked only
in restricted_pointer().
It actually fixes a small race when the address might get printed unhashed:
CPU0 CPU1
pointer()
if (!kptr_restrict)
/* for example set to 2 */
restricted_pointer()
/* echo 0 >/proc/sys/kernel/kptr_restrict */
proc_dointvec_minmax_sysadmin()
klpr_restrict = 0;
switch(kptr_restrict)
case 0:
break:
number()
Fixes: ef0010a30935de4e0211 ("vsprintf: don't use 'restricted_pointer()' when not restricting")
Link: http://lkml.kernel.org/r/[email protected]
To: Andy Shevchenko <[email protected]>
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Cc: Kees Cook <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Steven Rostedt (VMware) <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
This is just a preparation step for further changes.
The patch does not change the code.
Link: http://lkml.kernel.org/r/[email protected]
To: Rasmus Villemoes <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: "Tobin C . Harding" <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Michal Hocko <[email protected]>
Cc: Steven Rostedt <[email protected]>
Cc: Sergey Senozhatsky <[email protected]>
Cc: [email protected]
Reviewed-by: Andy Shevchenko <[email protected]>
Reviewed-by: Sergey Senozhatsky <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:
- Allow to sort mixed lines by an extra information about the caller
- Remove no longer used LOG_PREFIX.
- Some clean up and documentation update.
* tag 'printk-for-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
printk/docs: Add extra integer types to printk-formats
printk: Remove no longer used LOG_PREFIX.
lib/vsprintf: Remove %pCr remnant in comment
printk: Pass caller information to log_store().
printk: Add caller information to printk() output.
|
|
At the time of commit d048419311ff ("lib/vsprintf.c: expand field_width
to 24 bits"), there was no compiletime_assert/BUILD_BUG/.... variant
that could be used outside function scope. Now we have static_assert(),
so move the assertion next to the definition instead of hiding it in
some arbitrary function.
Also add the appropriate #include to avoid relying on build_bug.h being
pulled in via some arbitrary chain of includes.
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Rasmus Villemoes <[email protected]>
Cc: Alexander Viro <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Luc Van Oostenryck <[email protected]>
Cc: Masahiro Yamada <[email protected]>
Cc: Nick Desaulniers <[email protected]>
Cc: Alexey Dobriyan <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Support for "%pCr" was removed, but a reference in a comment was
forgotten.
Fixes: 666902e42fd8344b ("lib/vsprintf: Remove atomic-unsafe support for %pCr")
Link: http://lkml.kernel.org/r/[email protected]
To: Andy Shevchenko <[email protected]>
To: Andrew Morton <[email protected]>
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
There are users which print time and date represented by content of
struct rtc_time in human readable format.
Instead of open coding that each time introduce %ptR[dt][r] specifier.
Cc: Arnd Bergmann <[email protected]>
Cc: Bartlomiej Zolnierkiewicz <[email protected]>
Cc: Dmitry Torokhov <[email protected]>
Cc: Geert Uytterhoeven <[email protected]>
Cc: Guan Xuetao <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Jason Wessel <[email protected]>
Cc: Jonathan Corbet <[email protected]>
Cc: Jonathan Hunter <[email protected]>
Cc: Krzysztof Kozlowski <[email protected]>
Cc: "Rafael J. Wysocki" <[email protected]>
Cc: Thierry Reding <[email protected]>
Cc: Petr Mladek <[email protected]>
Signed-off-by: Andy Shevchenko <[email protected]>
Reviewed-by: Petr Mladek <[email protected]>
Signed-off-by: Alexandre Belloni <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
Pull Devicetree updates from Rob Herring:
"A bit bigger than normal as I've been busy this cycle.
There's a few things with dependencies and a few things subsystem
maintainers didn't pick up, so I'm taking them thru my tree.
The fixes from Johan didn't get into linux-next, but they've been
waiting for some time now and they are what's left of what subsystem
maintainers didn't pick up.
Summary:
- Sync dtc with upstream version v1.4.7-14-gc86da84d30e4
- Work to get rid of direct accesses to struct device_node name and
type pointers in preparation for removing them. New helpers for
parsing DT cpu nodes and conversions to use the helpers. printk
conversions to %pOFn for printing DT node names. Most went thru
subystem trees, so this is the remainder.
- Fixes to DT child node lookups to actually be restricted to child
nodes instead of treewide.
- Refactoring of dtb targets out of arch code. This makes the support
more uniform and enables building all dtbs on c6x, microblaze, and
powerpc.
- Various DT binding updates for Renesas r8a7744 SoC
- Vendor prefixes for Facebook, OLPC
- Restructuring of some ARM binding docs moving some peripheral
bindings out of board/SoC binding files
- New "secure-chosen" binding for secure world settings on ARM
- Dual licensing of 2 DT IRQ binding headers"
* tag 'devicetree-for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (78 commits)
ARM: dt: relicense two DT binding IRQ headers
power: supply: twl4030-charger: fix OF sibling-node lookup
NFC: nfcmrvl_uart: fix OF child-node lookup
net: stmmac: dwmac-sun8i: fix OF child-node lookup
net: bcmgenet: fix OF child-node lookup
drm/msm: fix OF child-node lookup
drm/mediatek: fix OF sibling-node lookup
of: Add missing exports of node name compare functions
dt-bindings: Add OLPC vendor prefix
dt-bindings: misc: bk4: Add device tree binding for Liebherr's BK4 SPI bus
dt-bindings: thermal: samsung: Add SPDX license identifier
dt-bindings: clock: samsung: Add SPDX license identifiers
dt-bindings: timer: ostm: Add R7S9210 support
dt-bindings: phy: rcar-gen2: Add r8a7744 support
dt-bindings: can: rcar_can: Add r8a7744 support
dt-bindings: timer: renesas, cmt: Document r8a7744 CMT support
dt-bindings: watchdog: renesas-wdt: Document r8a7744 support
dt-bindings: thermal: rcar: Add device tree support for r8a7744
Documentation: dt: Add binding for /secure-chosen/stdout-path
dt-bindings: arm: zte: Move sysctrl bindings to their own doc
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:
- Fix two more locations where printf formatting leaked pointers
- Better log_buf_len parameter handling
- Add prefix to messages from printk code
- Do not miss messages on other consoles when the log is replayed on a
new one
- Reduce race between console registration and panic() when the log
might get replayed on all consoles
- Some cont buffer code clean up
- Call console only when there is something to do (log vs cont buffer)
* tag 'printk-for-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
lib/vsprintf: Hash printed address for netdev bits fallback
lib/vsprintf: Hash legacy clock addresses
lib/vsprintf: Prepare for more general use of ptr_to_id()
lib/vsprintf: Make ptr argument conts in ptr_to_id()
printk: fix integer overflow in setup_log_buf()
printk: do not preliminary split up cont buffer
printk: lock/unlock console only for new logbuf entries
printk: keep kernel cont support always enabled
printk: Give error on attempt to set log buffer length to over 2G
printk: Add KBUILD_MODNAME and remove a redundant print prefix
printk: Correct wrong casting
printk: Fix panic caused by passing log_buf_len to command line
printk: CON_PRINTBUFFER console registration is a bit racy
printk: Do not miss new messages when replaying the log
|
|
Pull documentation updates from Jonathan Corbet:
"This is a fairly typical cycle for documentation. There's some welcome
readability improvements for the formatted output, some LICENSES
updates including the addition of the ISC license, the removal of the
unloved and unmaintained 00-INDEX files, the deprecated APIs document
from Kees, more MM docs from Mike Rapoport, and the usual pile of typo
fixes and corrections"
* tag 'docs-4.20' of git://git.lwn.net/linux: (41 commits)
docs: Fix typos in histogram.rst
docs: Introduce deprecated APIs list
kernel-doc: fix declaration type determination
doc: fix a typo in adding-syscalls.rst
docs/admin-guide: memory-hotplug: remove table of contents
doc: printk-formats: Remove bogus kobject references for device nodes
Documentation: preempt-locking: Use better example
dm flakey: Document "error_writes" feature
docs/completion.txt: Fix a couple of punctuation nits
LICENSES: Add ISC license text
LICENSES: Add note to CDDL-1.0 license that it should not be used
docs/core-api: memory-hotplug: add some details about locking internals
docs/core-api: rename memory-hotplug-notifier to memory-hotplug
docs: improve readability for people with poorer eyesight
yama: clarify ptrace_scope=2 in Yama documentation
docs/vm: split memory hotplug notifier description to Documentation/core-api
docs: move memory hotplug description into admin-guide/mm
doc: Fix acronym "FEKEK" in ecryptfs
docs: fix some broken documentation references
iommu: Fix passthrough option documentation
...
|
|
When converting from text to rst, the kobjects section and its sole
subsection about device tree nodes were coalesced into a single section,
yielding an inconsistent result.
Remove all references to kobjects, as
1. Device tree object pointers are not compatible to kobject pointers
(the former may embed the latter, though), and
2. there are no printk formats defined for kobject types.
Update the vsprintf() source code comments to match the above.
Fixes: b3ed23213eab1e08 ("doc: convert printk-formats.txt to rst")
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Jonathan Corbet <[email protected]>
|
|
The handler for "%pN" falls back to printing the raw pointer value when
using a different format than the (sole supported) special format
"%pNF", potentially leaking sensitive information regarding the kernel
layout in memory.
Avoid this leak by printing the hashed address instead.
Note that there are no in-tree users of the fallback.
Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p")
Link: http://lkml.kernel.org/r/[email protected]
To: "Tobin C . Harding" <[email protected]>
To: Andrew Morton <[email protected]>
To: Jonathan Corbet <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
On platforms using the Common Clock Framework, "%pC" prints the clock's
name. On legacy platforms, it prints the unhashed clock's address,
potentially leaking sensitive information regarding the kernel layout in
memory.
Avoid this leak by printing the hashed address instead. To distinguish
between clocks, a 32-bit unique identifier is as good as an actual
pointer value.
Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p")
Link: http://lkml.kernel.org/r/[email protected]
To: "Tobin C . Harding" <[email protected]>
To: Andrew Morton <[email protected]>
To: Jonathan Corbet <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Move the function and its dependencies up so it can be called from
special pointer type formatting routines.
Link: http://lkml.kernel.org/r/[email protected]
To: "Tobin C . Harding" <[email protected]>
To: Andrew Morton <[email protected]>
To: Jonathan Corbet <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
[[email protected]: Split into separate patch]
Signed-off-by: Petr Mladek <[email protected]>
|
|
Make the ptr argument const to avoid adding casts in future callers.
Link: http://lkml.kernel.org/r/[email protected]
To: "Tobin C . Harding" <[email protected]>
To: Andrew Morton <[email protected]>
To: Jonathan Corbet <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Geert Uytterhoeven <[email protected]>
Reviewed-by: Andy Shevchenko <[email protected]>
[[email protected]: split into separate patch]
Signed-off-by: Petr Mladek <[email protected]>
|
|
The functions vbin_printf() and bstr_printf() are used by trace_printk() to
try to keep the overhead down during printing. trace_printk() uses
vbin_printf() at the time of execution, as it only scans the fmt string to
record the printf values into the buffer, and then uses vbin_printf() to do
the conversions to print the string based on the format and the saved
values in the buffer.
This is an issue for dereferenced pointers, as before commit 841a915d20c7b,
the processing of the pointer could happen some time after the pointer value
was recorded (reading the trace buffer). This means the processing of the
value at a later time could show different results, or even crash the
system, if the pointer no longer existed.
Commit 841a915d20c7b addressed this by processing dereferenced pointers at
the time of execution and save the result in the ring buffer as a string.
The bstr_printf() would then treat these pointers as normal strings, and
print the value. But there was an off-by-one bug here, where after
processing the argument, it move the pointer only "strlen(arg)" which made
the arg pointer not point to the next argument in the ring buffer, but
instead point to the nul character of the last argument. This causes any
values after a dereferenced pointer to be corrupted.
Cc: [email protected]
Fixes: 841a915d20c7b ("vsprintf: Do not have bprintf dereference pointers")
Reported-by: Nikolay Borisov <[email protected]>
Tested-by: Nikolay Borisov <[email protected]>
Signed-off-by: Steven Rostedt (VMware) <[email protected]>
|
|
In preparation to remove the node name pointer from struct device_node,
convert the node name print to get the node name from the full name.
Reviewed-by: Frank Rowand <[email protected]>
Signed-off-by: Rob Herring <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random
Pull random updates from Ted Ts'o:
"Some changes to trust cpu-based hwrng (such as RDRAND) for
initializing hashed pointers and (optionally, controlled by a config
option) to initialize the CRNG to avoid boot hangs"
* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: Make crng state queryable
random: remove preempt disabled region
random: add a config option to trust the CPU's hwrng
vsprintf: Add command line option debug_boot_weak_hash
vsprintf: Use hw RNG for ptr_key
random: Return nbytes filled from hw RNG
random: Fix whitespace pre random-bytes work
|
|
This patch avoids that gcc reports the following when building with W=1:
lib/vsprintf.c:1941:3: warning: this statement may fall through [-Wimplicit-fallthrough=]
switch (fmt[1]) {
^~~~~~
Fixes: 7b1924a1d930eb2 ("vsprintf: add printk specifier %px")
Link: http://lkml.kernel.org/r/[email protected]
Cc: [email protected]
Cc: Bart Van Assche <[email protected]>
Cc: Pantelis Antoniou <[email protected]>
Cc: Joe Perches <[email protected]>
Cc: Rob Herring <[email protected]>
Cc: v4.15+ <[email protected]>
Signed-off-by: Bart Van Assche <[email protected]>
Signed-off-by: Petr Mladek <[email protected]>
|
|
Currently printing [hashed] pointers requires enough entropy to be
available. Early in the boot sequence this may not be the case
resulting in a dummy string '(____ptrval____)' being printed. This
makes debugging the early boot sequence difficult. We can relax the
requirement to use cryptographically secure hashing during debugging.
This enables debugging while keeping development/production kernel
behaviour the same.
If new command line option debug_boot_weak_hash is enabled use
cryptographically insecure hashing and hash pointer value immediately.
Reviewed-by: Steven Rostedt (VMware) <[email protected]>
Signed-off-by: Tobin C. Harding <[email protected]>
Signed-off-by: Theodore Ts'o <[email protected]>
|
|
Currently we must wait for enough entropy to become available before
hashed pointers can be printed. We can remove this wait by using the
hw RNG if available.
Use hw RNG to get keying material.
Reviewed-by: Steven Rostedt (VMware) <[email protected]>
Suggested-by: Kees Cook <[email protected]>
Signed-off-by: Tobin C. Harding <[email protected]>
Signed-off-by: Theodore Ts'o <[email protected]>
|