From patchwork Wed Oct 19 19:34:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jane Chu X-Patchwork-Id: 13012307 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB5E0C433FE for ; Wed, 19 Oct 2022 19:35:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 487166B0073; Wed, 19 Oct 2022 15:35:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4381E6B0074; Wed, 19 Oct 2022 15:35:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 262EC6B0075; Wed, 19 Oct 2022 15:35:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 16FA56B0073 for ; Wed, 19 Oct 2022 15:35:17 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id CBFA6121057 for ; Wed, 19 Oct 2022 19:35:16 +0000 (UTC) X-FDA: 80038702632.25.A588997 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by imf07.hostedemail.com (Postfix) with ESMTP id 4B9384000A for ; Wed, 19 Oct 2022 19:35:16 +0000 (UTC) Received: from pps.filterd (m0246627.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29JIOU2Q020637; Wed, 19 Oct 2022 19:35:08 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : content-type : mime-version; s=corp-2022-7-12; bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=; b=OJsbF+iwum+35fsJAonXblXMhD0KsmPCf2rV1MdFcdR/QXj2EIuRKHcrVJyqfeVzcrJg AB7weH6aZY/ZfuHGJYSLCvQB7KT/ybTUbMai93W0zh5WU+qanm+/eqzt2VPAzfzUlwn7 gf83lX8INqwleD0dMzvB0NSEG25Rt35oxtHw1CpcxHqGGx711achF6DQBBJC14domtqI Ku3yc/eHRqPeqqxUS+YRIkK1qJfWUORH4sjkKrpt+U7x/5sG/CxNQNwSyfY294TFG0gG 7UhyKs612QNNqj0QqXf+Iuz6l9jUzkAkg7hcVltyRFjG16bG4EvlTuy/e9q0QIx6wR7P DQ== Received: from iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta03.appoci.oracle.com [130.35.103.27]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3k99ntf9b7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 19 Oct 2022 19:35:08 +0000 Received: from pps.filterd (iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 29JHo5d9016628; Wed, 19 Oct 2022 19:35:06 GMT Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2109.outbound.protection.outlook.com [104.47.58.109]) by iadpaimrmta03.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3k8hrc4bfy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 19 Oct 2022 19:35:06 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GzP/zuSjn12+dbTb/Hc5nPjOIpkB4ku5zo77R71NdxeLv+6qeZRGG5gahbn4Gjs/6Cnbb6hleyZcy1L5am4OGSGpVAcBesjSXV75PGM2a0mbr1dNZ8YyW7X41RSx//Iwvs6LRsgSFXGyl0j4Er9fjkpcMQi5eSNrSy60ICvW0NpPIBDl1stoevnjmh/VeJ5TxjRI37BoRhRXcfCK/TJm6BKsCC3+t5nhnoJJS5adtW8DLcTgtBuMS6odlcQOPNUID8N56v0H0xTmFrz/LnV8K4vqEgkRZc8tjb5OE1CdmFl87Fc8fwizVn6ZwclNcpejUPK2ePYhOncddfO6YyLnuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=; b=aylUQiResiIGr+0jOLxA/zBnO6GH1AbqLNPKKBfiqggDb4bX26ei6fMMfWCwxHKxKSg5kZsSzfy7gT8Xr3clVlTQZWEC69FPFsZ2XqQJO3+4Teen8F2J2GD6dycRTn+0yDOwK+fD7pVNIjoUrWYADqNv64Rr9v72VuDOjahk5Jb2UHRRHe+5kSL9LV1zaSTnLePB8sNe5+y35nthuNe8ILbrAeKLXo0i4JbUrpMiq5tGKeOhTifz/2UPHO7GUjfrTU23y5UZR8Pv0i83Txr7KVlv5a1wQGTjMHaDiU+tAxsUDyKKz/O+tsmQfFSDuHYwUV9sSyb+l5tJQ6pf2+IFbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=; b=YvduFuYXys8xUgpe7uc67bTvhhCpvVhJ9LAplgpJ3qr29/67x2efr0vNOlFPt1FSXupdSiQu1mAO1+gZ9qmXCEzKOWEj0PV4kqgWeF5NVCHB01BjsZkVG0RBT8bozxp3e+/V4SG6F4ntd2Ccw2mEZ9kWcNTth8raebR1rekJJcM= Received: from SJ0PR10MB4429.namprd10.prod.outlook.com (2603:10b6:a03:2d1::14) by CH0PR10MB5274.namprd10.prod.outlook.com (2603:10b6:610:dc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5723.30; Wed, 19 Oct 2022 19:35:05 +0000 Received: from SJ0PR10MB4429.namprd10.prod.outlook.com ([fe80::b281:7552:94f5:4606]) by SJ0PR10MB4429.namprd10.prod.outlook.com ([fe80::b281:7552:94f5:4606%7]) with mapi id 15.20.5723.033; Wed, 19 Oct 2022 19:35:05 +0000 From: Jane Chu To: pmladek@suse.com, rostedt@goodmis.org, senozhatsky@chromium.org, andriy.shevchenko@linux.intel.com, linux@rasmusvillemoes.dk, linux-mm@kvack.org, linux-kernel@vger.kernel.org Cc: wangkefeng.wang@huawei.com, konrad.wilk@oracle.com, haakon.bugge@oracle.com, john.haxby@oracle.com, jane.chu@oracle.com Subject: [PATCH v3 1/1] vsprintf: protect kernel from panic due to non-canonical pointer dereference Date: Wed, 19 Oct 2022 13:34:31 -0600 Message-Id: <20221019193431.2923462-2-jane.chu@oracle.com> X-Mailer: git-send-email 2.18.4 In-Reply-To: <20221019193431.2923462-1-jane.chu@oracle.com> References: <20221019193431.2923462-1-jane.chu@oracle.com> X-ClientProxiedBy: SA9P223CA0023.NAMP223.PROD.OUTLOOK.COM (2603:10b6:806:26::28) To SJ0PR10MB4429.namprd10.prod.outlook.com (2603:10b6:a03:2d1::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR10MB4429:EE_|CH0PR10MB5274:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d862e8a-9400-4fa3-f523-08dab20905d0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PZidBr9sJyR7v97I7d526OROzk9MKcnPKv/fxdHwVarD8yyxcd3zP55xXetDCZjoXx7e7xCeUJQAT0xR8EH4hdcKGzv1x4Vcb1sBHDf2PgPPZmFjNowAvZPVD38tlxTJFfpwBTi/KdP6HkNTPSwYiNMaUuG3YC5U9fU5QlNJcsWkEfjTha/D0/CpU5B5+oUwR3X+R+7RF8W1/pt0BHz2WTb+JjVeTel3YPX837OQWgmiDoRZGyIANKifdeunB5Ijp2N+PqT2SPT/fGs840bEKWz3WFSro1ib04cYzJGZJFMo2OR2mgCq4A3KLwiQp3ADt/ZBd82KpaZ+k+PvBdvsHVc4Y1ffcEFcR6WaPPMc0dIaapO91pp9Gox0nop7372tIDMoYSZmBYHAHhCXv3w2ceXBH+EaGE1brrwFFOAenSrz8NrJIvGbP+ub2zplpzIawxcfevirucnrkaQoH3MXDtBRiOIDmIca1S7eahHTqZe0tZV0L74ZxrLPIFE5eJxqcirgK8a81buReOBQn0TFwGvteJTV90oHXr9/Ez5+qrnNb3JAYL0FS1X9DFS5G+HEpWdQURjz0gAaa5QQA1rM4P4ynk/6ifh3te8ei/i9E15SAf7cEjT8lt6o4OFNx+9EXbCq7LSpJFquU3DpdEzIuq6+wNmXt6HjNo/bLCG8qdCx6SNILUY3q/XNj1hEAxVuwKOgMF+NNQ5YlDvP1wC+5A== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR10MB4429.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(396003)(376002)(366004)(346002)(136003)(39860400002)(451199015)(38100700002)(478600001)(6486002)(186003)(6506007)(36756003)(4326008)(44832011)(2616005)(316002)(66946007)(107886003)(66556008)(8676002)(6666004)(6512007)(5660300002)(66476007)(1076003)(2906002)(8936002)(86362001)(52116002)(83380400001)(41300700001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: wbjUvIWOsyJ81KPwUKnKtGeaON7G2STTMlkc/AfXVO66iwN4ogisyakK72f+HLyfXy0CGCtWCWW+hbQD+n6K7VCy+w99nOLn0DqZ/lAhkHBr1wTsxwKxA0eyS+mBKehmhyArm0ti4XY6d+wtfCL1rVWSi6IHHYv1f7zNQ94K+8vxB5jIGgfS2x+VhCIaOqjboC+VTsBaGsiHcnqaTcDVmTxvv067zaSU3zjD4op9pkffVPh65kqa0Uz/Fp9YNALdqVKmmJs4/v5A2UutevWS6onToUcOKaUZYXp8i4ytxlTH2D+0D2E1j4edvtF8TY5x29TLUQgGEGdRYaGFYBpiaL1CE2+UQF/vuOYT1T5YRxezdWrLJFfvnAlGMTlMke7R0MJpOJRj+Q+vcAo5RLl1ocEOpD2u5ESDLhItkWZZNG9nlpDC6nKrGtfp2eVPCl/g2ipJvUE0X/X9CBRlQukSORw2zw325bkUwTGJ8HnCu49gkHzQsk7IjleHfEgE6AQeSkXiZFob5k6DOuA0N487TNlPa0ASjyzesiWzIUMHQFv8ffCHju5e1UyA+5rinLfZjRLtMHf4Kx2vFYUcNT4fTjNQWyVNsGRBtEi9yzm957Xe+ZEjxCZxglD5LeEJmaWPyZqgb9T0qv38cx+6gzFTHK2KleSSm8UlJuxvFMwOqB7UVLvhSCa3Ac5i+6KzNNaFNNR174/guWgpXxidRxm2b0oE975wZVUfieMMzofhZkD0gFOIEwvuEzdqLwUdhyyGXdKK/Mf9Q4JGJtilmQ9o+YlbHX5HzqYn2VfIt/XFairsFcIJPj3eMKsPlLxeV+M6zcdAfIfT6rOJ2dpRyUA8Vf7khn6Es5KroIJkDPBZYonPtPgsX83NrZrUJGqne68x8NoADRTCqFXhJnrSwl+EFFgN/Mpn9tsLEsM6Su+EmjwpV4IPRaG7HDToVmkjGDtHG8zXg5rwGToYorJpMh1zbRISh3dyJmWHbADAhJNyUYoYEv67v0JSNUiFcVjFTL3HG/so59RjMDxEnRIrDsgWvC5e38XeSqBPufNO33pqBAPTMgHw72JYi3lvMcrl42vZh5FTzmRw9Q66mn/zJxWDq1cJxDX+Sbu1Jov34utu8cHj3y43sa5z4jL0rOyZ929HQEzI68mZbV4vOUgaAgCtPkJpPitRcvmBYcmfTH0XyHCLGL9rBetQmWp4KYPWB7duXIF2dG7uLX5KN2M3d+kSL/4xb9kdT7a0vAV4oIWGaEFQScgjEBeWNT3ROvlWhqaRN08bNgkT99Hv552mXj2ONnXHxx++zKOCG2jyPBon8lBGTy0df/t8rUzPT4tU1Kz5YOAvUDY3GeOEfklhkUtq1kpEGuyQVXjDXS+bVwRH6ie9bHsn+X0Rex7CG2GAyWfuz4r/P0uKodgOvi0Fy+TvvePpFcoVkPX2tYg580oqZTfn8vq2mZnst9PdHr0OKKmfVU7ZxlkBOulJRWfbZCkds5K23msXpAiY/+OUeIMj+l9/RGwD5yA5nfQMo4tKEn3MYq0iCkKdAoKWISjkAW2p7brwrSthlGyJQVozDgpY6DHXuC2Nti6fQMhmSVJSkMAVF5g2odoSjQzxVw+xpZv11Q== X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4d862e8a-9400-4fa3-f523-08dab20905d0 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR10MB4429.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Oct 2022 19:35:04.9938 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: lmP1rk73RnhmYUMcDAtNUtiZEej3tJZm9coSI4vAjAujOyyMbRbeZmDR4law/BLEtSCcxQ8WkEl6NUsACH3Yug== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR10MB5274 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-19_11,2022-10-19_04,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 spamscore=0 bulkscore=0 mlxscore=0 phishscore=0 suspectscore=0 adultscore=0 mlxlogscore=999 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210190110 X-Proofpoint-ORIG-GUID: thcmcBxTODlROz6ojSHTKTZ-3d1MEGZ0 X-Proofpoint-GUID: thcmcBxTODlROz6ojSHTKTZ-3d1MEGZ0 ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1666208116; a=rsa-sha256; cv=pass; b=ikdgjUmPg2dVdaZaboc7RQvmYt92Kn7DiY3upgYZcPbryxeWh4/laT9PgKT6z4c8Q6joMh 6ewHR/hrULSAph/2EcyIiay6juz8pnX7yh9zQCk8dLKXgAsJfVEQk9//Q4GcqHzx8+H8tX wdlWNuIcQnjHj64CaU4O8EWXmTi9VOQ= ARC-Authentication-Results: i=2; imf07.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b=OJsbF+iw; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=YvduFuYX; spf=pass (imf07.hostedemail.com: domain of jane.chu@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=jane.chu@oracle.com; dmarc=pass (policy=none) header.from=oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666208116; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DfB8XbkCziBN7trknZ4xHefVWGriSxO1QsC+ztB2gGA=; b=0tWdCWDfVSmgZ2UKV50qJV+h9PyFZkODNh5XpqmiGMlsyD6MDKn0voAoMAG8y4N+FX2D0f +oqw5p1E/iTobFtaOt7k6JAve5P2ewy56q0w5d7hOpEHLUJGcHdSXyz8bQgI19X4ZEp0QC L0QiGyKJxUacVQA5Z4So7JUamOsRFUA= X-Stat-Signature: oziwbatnsrn6r3dyeuhom1axf9indhgy X-Rspamd-Queue-Id: 4B9384000A X-Rspam-User: X-Rspamd-Server: rspam03 Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=oracle.com header.s=corp-2022-7-12 header.b=OJsbF+iw; dkim=pass header.d=oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=YvduFuYX; spf=pass (imf07.hostedemail.com: domain of jane.chu@oracle.com designates 205.220.165.32 as permitted sender) smtp.mailfrom=jane.chu@oracle.com; dmarc=pass (policy=none) header.from=oracle.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") X-HE-Tag: 1666208116-33159 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Having stepped on a local kernel bug where reading sysfs has led to out-of-bound pointer dereference by vsprintf() which led to GPF panic. And the reason for GPF is that the OOB pointer was turned to a non-canonical address such as 0x7665645f63616465. vsprintf() already has this line of defense if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr)) return "(efault)"; Since a non-canonical pointer can be detected by kern_addr_valid() on architectures that present VM holes as well as meaningful implementation of kern_addr_valid() that detects the non-canonical addresses, this patch addes a check on non-canonical string pointer by kern_addr_valid() and display "(efault)" to alert user that something is wrong instead of unecessarily panic the server. On the other hand, if the non-canonical string pointer is dereferenced else where in the kernel, by virtue of being non-canonical, a crash is expected to be immediate. Signed-off-by: Jane Chu --- lib/vsprintf.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index c414a8d9f1ea..b38c12ef1e45 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -698,6 +698,9 @@ static const char *check_pointer_msg(const void *ptr) if ((unsigned long)ptr < PAGE_SIZE || IS_ERR_VALUE(ptr)) return "(efault)"; + if (!kern_addr_valid((unsigned long)ptr)) + return "(efault)"; + return NULL; }