Commit 0b523769 authored by Joe Perches's avatar Joe Perches Committed by Linus Torvalds
Browse files

checkpatch: add ability to find bad uses of vsprintf %p<foo> extensions 

%pK was at least once misused at %pk in an out-of-tree module.  This
lead to some security concerns.  Add the ability to track single and
multiple line statements for misuses of %p<foo>.

[akpm@linux-foundation.org: add helpful comment into lib/vsprintf.c]
[akpm@linux-foundation.org: text tweak]
Link: http://lkml.kernel.org/r/163a690510e636a23187c0dc9caa09ddac6d4cde.1488228427.git.joe@perches.com


Signed-off-by: default avatarJoe Perches <joe@perches.com>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarWilliam Roberts <william.c.roberts@intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent cd8618ab

lib/vsprintf.c

+3 −0
Original line number Diff line number Diff line
@@ -1477,6 +1477,9 @@ int kptr_restrict __read_mostly; 
 * by an extra set of alphanumeric characters that are extended format

 * specifiers.

 *

 * Please update scripts/checkpatch.pl when adding/removing conversion

 * characters.  (Search for "check for vsprintf extension").

 *

 * Right now we handle:

 *

 * - 'F' For symbolic function descriptor pointers with offset

scripts/checkpatch.pl

+26 −0
Original line number Diff line number Diff line
@@ -5663,6 +5663,32 @@ sub process { 
			}

		}



		# check for vsprintf extension %p<foo> misuses

		if ($^V && $^V ge 5.10.0 &&

		    defined $stat &&

		    $stat =~ /^\+(?![^\{]*\{\s*).*\b(\w+)\s*\(.*$String\s*,/s &&

		    $1 !~ /^_*volatile_*$/) {

			my $bad_extension = "";

			my $lc = $stat =~ tr@\n@@;

			$lc = $lc + $linenr;

		        for (my $count = $linenr; $count <= $lc; $count++) {

				my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));

				$fmt =~ s/%%//g;

				if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGN]).)/) {

					$bad_extension = $1;

					last;

				}

			}

			if ($bad_extension ne "") {

				my $stat_real = raw_line($linenr, 0);

				for (my $count = $linenr + 1; $count <= $lc; $count++) {

					$stat_real = $stat_real . "\n" . raw_line($count, 0);

				}

				WARN("VSPRINTF_POINTER_EXTENSION",

				     "Invalid vsprintf pointer extension '$bad_extension'\n" . "$here\n$stat_real\n");

			}

		}



# Check for misused memsets

		if ($^V && $^V ge 5.10.0 &&

		    defined $stat &&

CRA Git | Maintained and supported by SUSTech CRA and CCSE