On Tue, 2017-12-05 at 08:17 +1100, Tobin C. Harding wrote: > Usage of the new %px specifier potentially leaks sensitive > inforamtion. Printing kernel addresses exposes the kernel layout in
information > memory, this is potentially exploitable. We have tools in the kernel to > help us do the right thing. We can have checkpatch warn developers of > potential dangers of using %px. > > Have checkpatch emit a warning for usage of specifier %px. > > Suggested-by: Andrew Morton <[email protected]> > Signed-off-by: Tobin C. Harding <[email protected]> > Co-Developed-by: Joe Perches <[email protected]> > > --- > > Joe, > > Are you happy with this tagging? Needs your signed-off-by still. Maybe with a few corrections (below) > > Andrew, > > Is it okay to add your Suggested-by tag here? > > I'm not entirely sure when one is supposed to add someones signed-off-by > tag since the docs state that it should not be added without > permission. I am also unsure where/when is the best time to request this > permission. [] > diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl [] > @@ -1612,6 +1612,17 @@ sub raw_line { > return $line; > } > > +sub stat_real { > + my ($linenr, $lc) = @_; > + > + my $stat_real = raw_line($linenr, 0); > + for (my $count = $linenr + 1; $count <= $lc; $count++) { > + $stat_real = $stat_real . "\n" . raw_line($count, 0); > + } > + > + return $stat_real; > +} If you are going to make a subroutine of this there are some other places it could be used too. > + > sub cat_vet { > my ($vet) = @_; > my ($res, $coded); > @@ -5747,24 +5758,35 @@ sub process { > defined $stat && > $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s && > $1 !~ /^_*volatile_*$/) { > - my $bad_extension = ""; > + my ($specifier, $extension, $stat_real); My preference is not to define multiple variables on a single line. I'd rather have: my $specifier; my $extension; my $stat_real; > + my $bad_specifier = ""; > my $lc = $stat =~ tr@\n@@; > $lc = $lc + $linenr; > for (my $count = $linenr; $count <= $lc; $count++) { > my $fmt = get_quoted_string($lines[$count - 1], > raw_line($count, 0)); > $fmt =~ s/%%//g; > - if ($fmt =~ > /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGNOx]).)/) { > - $bad_extension = $1; > - last; > + > + while ($fmt =~ /(\%[\*\d\.]*p(\w))/g) { > + $specifier = $1; > + $extension = $2; > + if ($extension !~ > /[FfSsBKRraEhMmIiUDdgVCbGNOx]/) { > + $bad_specifier = $specifier; > + last; > + } > + if ($extension eq "x" && > !defined($stat_real)) { > + if (!defined($stat_real)) { > + $stat_real = > stat_real($linenr, $lc); > + } > + WARN("VSPRINTF_SPECIFIER_PX", > + "Using vsprintf specifier > '\%px' potentially exposes the kernel layout in memory, if you don't _realy_ > need the address please consider using '\%p'.\n" . "$here\n$stat_real\n"); "kernel memory layout" not "kernel layout in memory" "really" not "_realy_"
