On Fri, Feb 5, 2016 at 5:45 AM, Jason A. Donenfeld <[email protected]> wrote: > The kptr_restrict flag, when set to 1, only prints the kernel > address when the user has CAP_SYSLOG. When it is set to 2, the > kernel address is always printed as zero. When set to 1, this > needs to check whether or not we're in IRQ. However, when set to > 2, this check is unneccessary, and produces confusing results > in dmesg. Thus, only make sure we're not in IRQ when mode 1 is > used, but not mode 2.
Cool, nice fix. > > Signed-off-by: Jason A. Donenfeld <[email protected]> > --- > lib/vsprintf.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 80d8ce5..fab875f 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -1609,8 +1609,8 @@ char *pointer(const char *fmt, char *buf, char *end, > void *ptr, > * %pK cannot be used in IRQ context because its test > * for CAP_SYSLOG would be meaningless. > */ > - if (kptr_restrict && (in_irq() || in_serving_softirq() || > - in_nmi())) { > + if (kptr_restrict == 1 && (in_irq() || in_serving_softirq() || > + in_nmi())) { Instead of doing a double-check of kptr_restrict, how about moving this logic down into the "case 1" test? I think that would be more readable in the end. -Kees > if (spec.field_width == -1) > spec.field_width = default_width; > return string(buf, end, "pK-error", spec); > -- > 2.7.0 > -- Kees Cook Chrome OS & Brillo Security
