On (09/07/17 16:56), Sergey Senozhatsky wrote:
[..]
> BTW, are we sure we can crash? when attempt to deference IP from
> the given descriptor? shall we handle page fault in this case and
> do something sane? just asking.
I don't know... does the below code make any sense?
quick and dirty. NOT TESTED at all (not even compile tested).
we can avoid extra probe_kernel_address() on anything that is
not ia64, ppc64, etc.
basically it checks that it's safe to access ptr (we can access it
without page fault in __dereference_function_descriptor()). then
we do ptr->ip, and also check if it's safe, but in
dereference_function_descriptor().
I suppose somethign like
pr_err("%pF\n", 1);
can crash ia64, etc. correct?
well. not tested.
---
lib/vsprintf.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 86c3385b9eb3..0dc39b95e1d9 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1593,6 +1593,16 @@ char *device_node_string(char *buf, char *end, struct
device_node *dn,
int kptr_restrict __read_mostly;
+static void *__dereference_function_descriptor(void *ptr)
+{
+ void *p;
+
+ if (!probe_kernel_address(ptr, p))
+ return dereference_function_descriptor(ptr);
+
+ return ptr;
+}
+
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
* by an extra set of alphanumeric characters that are extended format
@@ -1723,7 +1733,7 @@ char *pointer(const char *fmt, char *buf, char *end, void
*ptr,
switch (*fmt) {
case 'F':
case 'f':
- ptr = dereference_function_descriptor(ptr);
+ ptr = __dereference_function_descriptor(ptr);
/* Fallthrough */
case 'S':
case 's':
