Re: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p<foo> extensions

Commit Message

Andrew Morton March 1, 2017, 12:06 a.m. UTC

On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches <joe@perches.com> wrote:

> %pK was at least once misused at %pk in an out-of-tree module.
> This lead to some security concerns.  Add the ability to track
> single and multiple line statements for misuses of %p<foo>.

Should we also do this?

Comments

Kees Cook March 1, 2017, 12:11 a.m. UTC | #1

On Tue, Feb 28, 2017 at 4:06 PM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches <joe@perches.com> wrote:
>
>> %pK was at least once misused at %pk in an out-of-tree module.
>> This lead to some security concerns.  Add the ability to track
>> single and multiple line statements for misuses of %p<foo>.
>
> Should we also do this?

Ah yes, good idea. Maybe "...when adding/removing new conversion..." ?

-Kees

>
> --- a/lib/vsprintf.c~checkpatch-add-ability-to-find-bad-uses-of-vsprintf-%pfoo-extensions-fix
> +++ a/lib/vsprintf.c
> @@ -1477,6 +1477,9 @@ int kptr_restrict __read_mostly;
>   * by an extra set of alphanumeric characters that are extended format
>   * specifiers.
>   *
> + * Please update scripts/checkpatch.pl when adding new conversion characters.
> + * (search for "check for vsprintf extension").
> + *
>   * Right now we handle:
>   *
>   * - 'F' For symbolic function descriptor pointers with offset
> _
>

Joe Perches March 1, 2017, 12:12 a.m. UTC | #2

On Tue, 2017-02-28 at 16:06 -0800, Andrew Morton wrote:
> On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches <joe@perches.com> wrote:
> 
> > %pK was at least once misused at %pk in an out-of-tree module.
> > This lead to some security concerns.  Add the ability to track
> > single and multiple line statements for misuses of %p<foo>.
> 
> Should we also do this?
> 
> --- a/lib/vsprintf.c~checkpatch-add-ability-to-find-bad-uses-of-vsprintf-%pfoo-extensions-fix
> +++ a/lib/vsprintf.c
> @@ -1477,6 +1477,9 @@ int kptr_restrict __read_mostly;
>   * by an extra set of alphanumeric characters that are extended format
>   * specifiers.
>   *
> + * Please update scripts/checkpatch.pl when adding new conversion characters.
> + * (search for "check for vsprintf extension").
> + *

Seems sensible, thanks.

Joe Perches March 1, 2017, 1:14 a.m. UTC | #3

On Tue, 2017-02-28 at 16:11 -0800, Kees Cook wrote:
> On Tue, Feb 28, 2017 at 4:06 PM, Andrew Morton
> <akpm@linux-foundation.org> wrote:
> > On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches <joe@perches.com> wrote:
> > 
> > > %pK was at least once misused at %pk in an out-of-tree module.
> > > This lead to some security concerns.  Add the ability to track
> > > single and multiple line statements for misuses of %p<foo>.
> > 
> > Should we also do this?
> 
> Ah yes, good idea. Maybe "...when adding/removing new conversion..." ?

Deleting conversions seems unlikely.

Patch

--- a/lib/vsprintf.c~checkpatch-add-ability-to-find-bad-uses-of-vsprintf-%pfoo-extensions-fix
+++ a/lib/vsprintf.c
@@ -1477,6 +1477,9 @@  int kptr_restrict __read_mostly;
  * by an extra set of alphanumeric characters that are extended format
  * specifiers.
  *
+ * Please update scripts/checkpatch.pl when adding new conversion characters.
+ * (search for "check for vsprintf extension").
+ *
  * Right now we handle:
  *
  * - 'F' For symbolic function descriptor pointers with offset