Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.4.42 2019-08-15T14:40:10Z 2019-08-15T14:40:10Z Jia He justin.he@arm.com 2019-08-09T01:24:56Z urn:sha1:36594b317c656bec8f968db93701d2cb9bc9155c Commit 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers") prevents most crash except for %pD. There is an additional pointer dereferencing before dentry_name. At least, vma->file can be NULL and be passed to printk %pD in print_bad_pte, which can cause crash. This patch fixes it with introducing a new file_dentry_name. Link: http://lkml.kernel.org/r/20190809012457.56685-1-justin.he@arm.com Fixes: 3e5903eb9cff ("vsprintf: Prevent crash when dereferencing invalid pointers") To: Geert Uytterhoeven <geert+renesas@glider.be> To: Thomas Gleixner <tglx@linutronix.de> To: Andy Shevchenko <andriy.shevchenko@linux.intel.com> To: linux-kernel@vger.kernel.org Cc: Kees Cook <keescook@chromium.org> Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org> Cc: Shuah Khan <shuah@kernel.org> Cc: "Tobin C. Harding" <tobin@kernel.org> Signed-off-by: Jia He <justin.he@arm.com> Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-07-09T19:25:58Z Linus Torvalds torvalds@linux-foundation.org 2019-07-09T19:25:58Z urn:sha1:7011b7e1b702cc76f9e969b41d9a95969f2aecaa Pull printk updates from Petr Mladek: - distinguish different legacy clocks again - small clean up * tag 'printk-for-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: lib/vsprintf: Reinstate printing of legacy clock IDs vsprintf: fix data type of variable in string_nocheck() 2019-07-04T10:45:14Z Geert Uytterhoeven geert+renesas@glider.be 2019-07-01T14:00:09Z urn:sha1:4ca96aa99f3e1e530f63559c0cc63ae186ecd677 When using the legacy clock framework, clock pointers are no longer printed as IDs, as the !CONFIG_COMMON_CLK case was accidentally considered an error case. Fix this by reverting to the old behavior, which allows to distinguish clocks by ID, as the legacy clock framework does not store names with clocks. Fixes: 0b74d4d763fd4ee9 ("vsprintf: Consolidate handling of unknown pointer specifiers") Link: http://lkml.kernel.org/r/20190701140009.23683-1-geert+renesas@glider.be Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-06-12T07:12:27Z Youngmin Nam youngmin.nam@samsung.com 2019-06-10T07:47:07Z urn:sha1:b314dd49a28a38997aa8f472d02f0631a830d37a This patch fixes data type of precision with int. The precision is declared as signed int in struct printf_spec. Link: http://lkml.kernel.org/r/040301d51f60$b4959100$1dc0b300$@samsung.com To: <andriy.shevchenko@linux.intel.com> To: <geert+renesas@glider.be> To: <rostedt@goodmis.org> To: <me@tobin.cc> Signed-off-by: Youngmin Nam <youngmin.nam@samsung.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-05-21T08:50:45Z Thomas Gleixner tglx@linutronix.de 2019-05-19T12:08:55Z urn:sha1:457c89965399115e5cd8bf38f9c597293405703d Add SPDX license identifiers to all files which: - Have no license information of any form - Have EXPORT_.*_SYMBOL_GPL inside which was used in the initial scan/conversion to ignore the file These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-10T14:17:26Z Petr Mladek pmladek@suse.com 2019-05-10T08:42:13Z urn:sha1:2ac5a3bf7042a1c4abbcce1b6f0ec61e5d3786c2 The commit 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing invalid pointers") broke boot on several architectures. The common pattern is that probe_kernel_read() is not working during early boot because userspace access framework is not ready. It is a generic problem. We have to avoid any complex external functions in vsprintf() code, especially in the common path. They might break printk() easily and are hard to debug. Replace probe_kernel_read() with some simple checks for obvious problems. Details: 1. Report on Power: Kernel crashes very early during boot with with CONFIG_PPC_KUAP and CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG The problem is the combination of some new code called via printk(), check_pointer() which calls probe_kernel_read(). That then calls allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early (before we've patched features). With the JUMP_LABEL debug enabled that causes us to call printk() & dump_stack() and we end up recursing and overflowing the stack. Because it happens so early you don't get any output, just an apparently dead system. The stack trace (which you don't see) is something like: ... dump_stack+0xdc probe_kernel_read+0x1a4 check_pointer+0x58 string+0x3c vsnprintf+0x1bc vscnprintf+0x20 printk_safe_log_store+0x7c printk+0x40 dump_stack_print_info+0xbc dump_stack+0x8 probe_kernel_read+0x1a4 probe_kernel_read+0x19c check_pointer+0x58 string+0x3c vsnprintf+0x1bc vscnprintf+0x20 vprintk_store+0x6c vprintk_emit+0xec vprintk_func+0xd4 printk+0x40 cpufeatures_process_feature+0xc8 scan_cpufeatures_subnodes+0x380 of_scan_flat_dt_subnodes+0xb4 dt_cpu_ftrs_scan_callback+0x158 of_scan_flat_dt+0xf0 dt_cpu_ftrs_scan+0x3c early_init_devtree+0x360 early_setup+0x9c 2. Report on s390: vsnprintf invocations, are broken on s390. For example, the early boot output now looks like this where the first (efault) should be the linux_banner: [ 0.099985] (efault) [ 0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode [ 0.100066] setup: The maximum memory size is 8192MB [ 0.100070] cma: Reserved 4 MiB at (efault) [ 0.100100] numa: NUMA mode: (efault) The reason for this, is that the code assumes that probe_kernel_address() works very early. This however is not true on at least s390. Uaccess on KERNEL_DS works only after page tables have been setup on s390, which happens with setup_arch()->paging_init(). Any probe_kernel_address() invocation before that will return -EFAULT. Fixes: 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing invalid pointers") Link: http://lkml.kernel.org/r/20190510084213.22149-1-pmladek@suse.com Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Michal Hocko <mhocko@suse.cz> Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: linux-kernel@vger.kernel.org Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: linuxppc-dev@lists.ozlabs.org Cc: Russell Currey <ruscur@russell.cc> Cc: Christophe Leroy <christophe.leroy@c-s.fr> Cc: Stephen Rothwell <sfr@ozlabs.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: linux-arch@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Petr Mladek <pmladek@suse.com> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-04-29T10:39:58Z YueHaibing yuehaibing@huawei.com 2019-04-26T16:46:30Z urn:sha1:ce9d3eceb7ffb74445a8d892ca0685395a93a7e2 Fix sparse warning: lib/vsprintf.c:673:6: warning: symbol 'pointer_string' was not declared. Should it be static? Link: http://lkml.kernel.org/r/20190426164630.22104-1-yuehaibing@huawei.com To: <sergey.senozhatsky@gmail.com> To: <andriy.shevchenko@linux.intel.com> To: <geert+renesas@glider.be> To: <rostedt@goodmis.org> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-04-26T14:21:22Z Petr Mladek pmladek@suse.com 2019-04-17T11:53:50Z urn:sha1:c8c3b584343cb7522fc00322769a9f288305743f The inlined error messages must be used carefully because they need to fit into the given buffer. Handle them using a custom wrapper that makes people aware of the problem. Also define a reasonable hard limit to avoid a completely insane usage. Suggested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Link: http://lkml.kernel.org/r/20190417115350.20479-11-pmladek@suse.com To: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Joe Perches <joe@perches.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Cc: linux-kernel@vger.kernel.org Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-04-26T14:21:03Z Petr Mladek pmladek@suse.com 2019-04-17T11:53:49Z urn:sha1:635720ac75a51092b456bed517ff170047883252 We are able to detect invalid values handled by %p[iI] printk specifier. The current error message is "invalid address". It might cause confusion against "(efault)" reported by the generic valid_pointer_address() check. Let's unify the style and use the more appropriate error code description "(einval)". Link: http://lkml.kernel.org/r/20190417115350.20479-10-pmladek@suse.com To: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Joe Perches <joe@perches.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Cc: linux-kernel@vger.kernel.org Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Petr Mladek <pmladek@suse.com> 2019-04-26T14:20:43Z Petr Mladek pmladek@suse.com 2019-04-17T11:53:48Z urn:sha1:3e5903eb9cff707301712498aed9e34b3e2ee883 We already prevent crash when dereferencing some obviously broken pointers. But the handling is not consistent. Sometimes we print "(null)" only for pure NULL pointer, sometimes for pointers in the first page and sometimes also for pointers in the last page (error codes). Note that printk() call this code under logbuf_lock. Any recursive printks are redirected to the printk_safe implementation and the messages are stored into per-CPU buffers. These buffers might be eventually flushed in printk_safe_flush_on_panic() but it is not guaranteed. This patch adds a check using probe_kernel_read(). It is not a full-proof test. But it should help to see the error message in 99% situations where the kernel would silently crash otherwise. Also it makes the error handling unified for "%s" and the many %p* specifiers that need to read the data from a given address. We print: + (null) when accessing data on pure pure NULL address + (efault) when accessing data on an invalid address It does not affect the %p* specifiers that just print the given address in some form, namely %pF, %pf, %pS, %ps, %pB, %pK, %px, and plain %p. Note that we print (efault) from security reasons. In fact, the real address can be seen only by %px or eventually %pK. Link: http://lkml.kernel.org/r/20190417115350.20479-9-pmladek@suse.com To: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: "Tobin C . Harding" <me@tobin.cc> Cc: Joe Perches <joe@perches.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Michal Hocko <mhocko@suse.cz> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Cc: linux-kernel@vger.kernel.org Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Petr Mladek <pmladek@suse.com>