vsprintf: don't use 'restricted_pointer()' when not restricting
authorLinus Torvalds <torvalds@linux-foundation.org>
Wed, 29 Nov 2017 19:28:09 +0000 (11:28 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 29 Nov 2017 19:28:09 +0000 (11:28 -0800)
Instead, just fall back on the new '%p' behavior which hashes the
pointer.

Otherwise, '%pK' - that was intended to mark a pointer as restricted -
just ends up leaking pointers that a normal '%p' wouldn't leak.  Which
just make the whole thing pointless.

I suspect we should actually get rid of '%pK' entirely, and make it just
work as '%p' regardless, but this is the minimal obvious fix.  People
who actually use 'kptr_restrict' should weigh in on which behavior they
want.

Cc: Tobin Harding <me@tobin.cc>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
lib/vsprintf.c

index d960aead03368e70503936b55d8d42ba82649518..01c3957b2de621ae21fed6162058c37f801ff526 100644 (file)
@@ -1931,6 +1931,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
                        return buf;
                }
        case 'K':
+               if (!kptr_restrict)
+                       break;
                return restricted_pointer(buf, end, ptr, spec);
        case 'N':
                return netdev_bits(buf, end, ptr, fmt);