aboutsummaryrefslogtreecommitdiffstats
diff options
Diffstat
-rw-r--r--drivers-uio-un-restrict-sysfs-pointers-for-uio.patch31
-rw-r--r--lib-vsprintf-add-pap-padp-options.patch80
-rw-r--r--lib-vsprintf-additional-kernel-pointer-filtering-options.patch233
-rw-r--r--lib-vsprintf-default-kptr_restrict-to-the-maximum-value.patch26
-rw-r--r--lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch131
-rw-r--r--lib-vsprintf-whitelist-stack-traces.patch59
-rw-r--r--series6
7 files changed, 0 insertions, 566 deletions
diff --git a/drivers-uio-un-restrict-sysfs-pointers-for-uio.patch b/drivers-uio-un-restrict-sysfs-pointers-for-uio.patch
deleted file mode 100644
index d41a2a46aec82c..00000000000000
--- a/drivers-uio-un-restrict-sysfs-pointers-for-uio.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Chris Fries <cfries@google.com>
-Subject: drivers: uio: Un-restrict sysfs pointers for UIO
-
-The addr and size on the UIO devices are required by userspace to function
-properly. Let's unrestrict these by adding the 'P' modifier to %p and %pa.
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Dave Weinstein <olorin@google.com>
-Signed-off-by: Chris Fries <cfries@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/uio/uio.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/drivers/uio/uio.c
-+++ b/drivers/uio/uio.c
-@@ -56,12 +56,12 @@ static ssize_t map_name_show(struct uio_
-
- static ssize_t map_addr_show(struct uio_mem *mem, char *buf)
- {
-- return sprintf(buf, "%pa\n", &mem->addr);
-+ return sprintf(buf, "%paP\n", &mem->addr);
- }
-
- static ssize_t map_size_show(struct uio_mem *mem, char *buf)
- {
-- return sprintf(buf, "%pa\n", &mem->size);
-+ return sprintf(buf, "%paP\n", &mem->size);
- }
-
- static ssize_t map_offset_show(struct uio_mem *mem, char *buf)
diff --git a/lib-vsprintf-add-pap-padp-options.patch b/lib-vsprintf-add-pap-padp-options.patch
deleted file mode 100644
index 3c2202ceabe737..00000000000000
--- a/lib-vsprintf-add-pap-padp-options.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Chris Fries <cfries@google.com>
-Subject: lib: vsprintf: Add "%paP", "%padP" options
-
-Add %paP and %padP for physical address that need to always be shown
-regardless of kptr restrictions.
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Dave Weinstein <olorin@google.com>
-Signed-off-by: Chris Fries <cfries@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- Documentation/printk-formats.txt | 10 ++++++----
- lib/vsprintf.c | 12 +++++++++---
- 2 files changed, 15 insertions(+), 7 deletions(-)
-
---- a/Documentation/printk-formats.txt
-+++ b/Documentation/printk-formats.txt
-@@ -121,21 +121,23 @@ Physical addresses types ``phys_addr_t``
-
- ::
-
-- %pa[p] 0x01234567 or 0x0123456789abcdef
-+ %pa[p][P] 0x01234567 or 0x0123456789abcdef
-
- For printing a ``phys_addr_t`` type (and its derivatives, such as
- ``resource_size_t``) which can vary based on build options, regardless of
--the width of the CPU data path. Passed by reference.
-+the width of the CPU data path. Passed by reference. Use the trailing
-+'P' if it needs to be always shown.
-
- DMA addresses types ``dma_addr_t``
- ==================================
-
- ::
-
-- %pad 0x01234567 or 0x0123456789abcdef
-+ %pad[P] 0x01234567 or 0x0123456789abcdef
-
- For printing a ``dma_addr_t`` type which can vary based on build options,
--regardless of the width of the CPU data path. Passed by reference.
-+regardless of the width of the CPU data path. Passed by reference. Use
-+the trailing 'P' if it needs to be always shown.
-
- Raw buffer as an escaped string
- ===============================
---- a/lib/vsprintf.c
-+++ b/lib/vsprintf.c
-@@ -1395,23 +1395,29 @@ static noinline_for_stack
- char *address_val(char *buf, char *end, const void *addr, const char *fmt)
- {
- unsigned long long num;
-+ int cleanse = kptr_restrict_cleanse_addresses();
-+ int decleanse_idx = 1;
- int size;
-
- switch (fmt[1]) {
- case 'd':
- num = *(const dma_addr_t *)addr;
- size = sizeof(dma_addr_t);
-+ decleanse_idx = 2;
- break;
- case 'p':
-+ decleanse_idx = 2;
-+ /* fall thru */
- default:
- num = *(const phys_addr_t *)addr;
- size = sizeof(phys_addr_t);
- break;
- }
-
-- return special_hex_number(buf, end,
-- kptr_restrict_cleanse_addresses() ? 0UL : num,
-- size);
-+ /* 'P' on the tail means don't restrict the pointer. */
-+ cleanse = cleanse && (fmt[decleanse_idx] != 'P');
-+
-+ return special_hex_number(buf, end, cleanse ? 0UL : num, size);
- }
-
- static noinline_for_stack
diff --git a/lib-vsprintf-additional-kernel-pointer-filtering-options.patch b/lib-vsprintf-additional-kernel-pointer-filtering-options.patch
deleted file mode 100644
index c2e939fc025b43..00000000000000
--- a/lib-vsprintf-additional-kernel-pointer-filtering-options.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-From: Dave Weinstein <olorin@google.com>
-Subject: lib: vsprintf: additional kernel pointer filtering options
-
-Add the kptr_restrict setting of 3 which results in both
-%p and %pK values being replaced by zeros.
-
-Add an additional %pP value inspired by the Grsecurity
-option which explicitly whitelists pointers for output.
-
-This patch is based on work by William Roberts
-<william.c.roberts@intel.com>
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Chris Fries <cfries@google.com>
-Signed-off-by: Dave Weinstein <olorin@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- Documentation/printk-formats.txt | 5 ++
- Documentation/sysctl/kernel.txt | 3 +
- kernel/sysctl.c | 3 -
- lib/vsprintf.c | 90 +++++++++++++++++++++++++--------------
- 4 files changed, 68 insertions(+), 33 deletions(-)
-
---- a/Documentation/printk-formats.txt
-+++ b/Documentation/printk-formats.txt
-@@ -97,6 +97,11 @@ For printing kernel pointers which shoul
- users. The behaviour of ``%pK`` depends on the ``kptr_restrict sysctl`` - see
- Documentation/sysctl/kernel.txt for more details.
-
-+ %pP 0x01234567 or 0x0123456789abcdef
-+
-+For printing kernel pointers which should always be shown, even to
-+unprivileged users.
-+
- Struct Resources
- ================
-
---- a/Documentation/sysctl/kernel.txt
-+++ b/Documentation/sysctl/kernel.txt
-@@ -394,6 +394,9 @@ values to unprivileged users is a concer
- When kptr_restrict is set to (2), kernel pointers printed using
- %pK will be replaced with 0's regardless of privileges.
-
-+When kptr_restrict is set to (3), kernel pointers printed using
-+%p and %pK will be replaced with 0's regardless of privileges.
-+
- ==============================================================
-
- l2cr: (PPC only)
---- a/kernel/sysctl.c
-+++ b/kernel/sysctl.c
-@@ -129,6 +129,7 @@ static unsigned long one_ul = 1;
- static int one_hundred = 100;
- static int one_thousand = 1000;
- #ifdef CONFIG_PRINTK
-+static int three = 3;
- static int ten_thousand = 10000;
- #endif
- #ifdef CONFIG_PERF_EVENTS
-@@ -852,7 +853,7 @@ static struct ctl_table kern_table[] = {
- .mode = 0644,
- .proc_handler = proc_dointvec_minmax_sysadmin,
- .extra1 = &zero,
-- .extra2 = &two,
-+ .extra2 = &three,
- },
- #endif
- {
---- a/lib/vsprintf.c
-+++ b/lib/vsprintf.c
-@@ -396,6 +396,16 @@ struct printf_spec {
- #define FIELD_WIDTH_MAX ((1 << 23) - 1)
- #define PRECISION_MAX ((1 << 15) - 1)
-
-+int kptr_restrict __read_mostly;
-+
-+/*
-+ * Always cleanse %p and %pK specifiers
-+ */
-+static inline int kptr_restrict_always_cleanse_pointers(void)
-+{
-+ return kptr_restrict >= 3;
-+}
-+
- static noinline_for_stack
- char *number(char *buf, char *end, unsigned long long num,
- struct printf_spec spec)
-@@ -1591,8 +1601,6 @@ char *device_node_string(char *buf, char
- return widen_string(buf, buf - buf_start, end, spec);
- }
-
--int kptr_restrict __read_mostly;
--
- /*
- * Show a '%p' thing. A kernel extension is that the '%p' is followed
- * by an extra set of alphanumeric characters that are extended format
-@@ -1664,6 +1672,7 @@ int kptr_restrict __read_mostly;
- * Do not use this feature without some mechanism to verify the
- * correctness of the format string and va_list arguments.
- * - 'K' For a kernel pointer that should be hidden from unprivileged users
-+ * - 'P' For a kernel pointer that should be shown to all users
- * - 'NF' For a netdev_features_t
- * - 'h[CDN]' For a variable-length buffer, it prints it as a hex string with
- * a certain separator (' ' by default):
-@@ -1703,6 +1712,9 @@ int kptr_restrict __read_mostly;
- * Note: The difference between 'S' and 'F' is that on ia64 and ppc64
- * function pointers are really function descriptors, which contain a
- * pointer to the real address.
-+ *
-+ * Note: That for kptr_restrict set to 3, %p and %pK have the same
-+ * meaning.
- */
- static noinline_for_stack
- char *pointer(const char *fmt, char *buf, char *end, void *ptr,
-@@ -1710,7 +1722,7 @@ char *pointer(const char *fmt, char *buf
- {
- const int default_width = 2 * sizeof(void *);
-
-- if (!ptr && *fmt != 'K') {
-+ if (!ptr && *fmt != 'K' && !kptr_restrict_always_cleanse_pointers()) {
- /*
- * Print (null) with the same width as a pointer so it makes
- * tabular output look nice.
-@@ -1791,10 +1803,48 @@ char *pointer(const char *fmt, char *buf
- va_end(va);
- return buf;
- }
-+ case 'N':
-+ return netdev_bits(buf, end, ptr, fmt);
-+ case 'a':
-+ return address_val(buf, end, ptr, fmt);
-+ case 'd':
-+ return dentry_name(buf, end, ptr, spec, fmt);
-+ case 'C':
-+ return clock(buf, end, ptr, spec, fmt);
-+ case 'D':
-+ return dentry_name(buf, end,
-+ ((const struct file *)ptr)->f_path.dentry,
-+ spec, fmt);
-+#ifdef CONFIG_BLOCK
-+ case 'g':
-+ return bdev_name(buf, end, ptr, spec, fmt);
-+#endif
-+
-+ case 'G':
-+ return flags_string(buf, end, ptr, fmt);
-+ case 'O':
-+ switch (fmt[1]) {
-+ case 'F':
-+ return device_node_string(buf, end, ptr, spec, fmt + 1);
-+ }
-+ case 'P':
-+ /*
-+ * an explicitly whitelisted kernel pointer should never be
-+ * cleansed
-+ */
-+ break;
-+ default:
-+ /*
-+ * plain %p, no extension, check if we should always cleanse and
-+ * treat like %pK.
-+ */
-+ if (!kptr_restrict_always_cleanse_pointers())
-+ break;
-+ /* fallthrough */
- case 'K':
- switch (kptr_restrict) {
- case 0:
-- /* Always print %pK values */
-+ /* Always print %p values */
- break;
- case 1: {
- const struct cred *cred;
-@@ -1813,7 +1863,7 @@ char *pointer(const char *fmt, char *buf
- * Only print the real pointer value if the current
- * process has CAP_SYSLOG and is running with the
- * same credentials it started with. This is because
-- * access to files is checked at open() time, but %pK
-+ * access to files is checked at open() time, but %p
- * checks permission at read() time. We don't want to
- * leak pointer values if a binary opens a file using
- * %pK and then elevates privileges before reading it.
-@@ -1825,38 +1875,14 @@ char *pointer(const char *fmt, char *buf
- ptr = NULL;
- break;
- }
-- case 2:
-+ case 2: /* restrict only %pK */
-+ case 3: /* restrict all non-extensioned %p and %pK */
- default:
-- /* Always print 0's for %pK */
- ptr = NULL;
- break;
- }
- break;
-
-- case 'N':
-- return netdev_bits(buf, end, ptr, fmt);
-- case 'a':
-- return address_val(buf, end, ptr, fmt);
-- case 'd':
-- return dentry_name(buf, end, ptr, spec, fmt);
-- case 'C':
-- return clock(buf, end, ptr, spec, fmt);
-- case 'D':
-- return dentry_name(buf, end,
-- ((const struct file *)ptr)->f_path.dentry,
-- spec, fmt);
--#ifdef CONFIG_BLOCK
-- case 'g':
-- return bdev_name(buf, end, ptr, spec, fmt);
--#endif
--
-- case 'G':
-- return flags_string(buf, end, ptr, fmt);
-- case 'O':
-- switch (fmt[1]) {
-- case 'F':
-- return device_node_string(buf, end, ptr, spec, fmt + 1);
-- }
- }
- spec.flags |= SMALL;
- if (spec.field_width == -1) {
-@@ -1865,7 +1891,7 @@ char *pointer(const char *fmt, char *buf
- }
- spec.base = 16;
-
-- return number(buf, end, (unsigned long) ptr, spec);
-+ return number(buf, end, (unsigned long long) ptr, spec);
- }
-
- /*
diff --git a/lib-vsprintf-default-kptr_restrict-to-the-maximum-value.patch b/lib-vsprintf-default-kptr_restrict-to-the-maximum-value.patch
deleted file mode 100644
index 807f3b0a85a3bd..00000000000000
--- a/lib-vsprintf-default-kptr_restrict-to-the-maximum-value.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Dave Weinstein <olorin@google.com>
-Subject: lib: vsprintf: default kptr_restrict to the maximum value
-
-Set the initial value of kptr_restrict to the maximum
-setting rather than the minimum setting, to ensure that
-early boot logging is not leaking information.
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Chris Fries <cfries@google.com>
-Signed-off-by: Dave Weinstein <olorin@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- lib/vsprintf.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/lib/vsprintf.c
-+++ b/lib/vsprintf.c
-@@ -396,7 +396,7 @@ struct printf_spec {
- #define FIELD_WIDTH_MAX ((1 << 23) - 1)
- #define PRECISION_MAX ((1 << 15) - 1)
-
--int kptr_restrict __read_mostly;
-+int kptr_restrict __read_mostly = 4;
-
- /*
- * Always cleanse %p and %pK specifiers
diff --git a/lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch b/lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch
deleted file mode 100644
index 0a77defcde226d..00000000000000
--- a/lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From: Dave Weinstein <olorin@google.com>
-Subject: lib: vsprintf: physical address kernel pointer filtering options
-
-Add the kptr_restrict setting of 4 which results in %pa and
-%p[rR] values being replaced by zeros.
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Chris Fries <cfries@google.com>
-Signed-off-by: Dave Weinstein <olorin@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- Documentation/sysctl/kernel.txt | 8 +++++++-
- kernel/sysctl.c | 3 +--
- lib/vsprintf.c | 33 ++++++++++++++++++++++++++++++---
- 3 files changed, 38 insertions(+), 6 deletions(-)
-
---- a/Documentation/sysctl/kernel.txt
-+++ b/Documentation/sysctl/kernel.txt
-@@ -395,7 +395,13 @@ When kptr_restrict is set to (2), kernel
- %pK will be replaced with 0's regardless of privileges.
-
- When kptr_restrict is set to (3), kernel pointers printed using
--%p and %pK will be replaced with 0's regardless of privileges.
-+%p and %pK will be replaced with 0's regardless of privileges,
-+however kernel pointers printed using %pP will continue to be printed.
-+
-+When kptr_restrict is set to (4), kernel pointers printed with
-+%p, %pK, %pa, and %p[rR] will be replaced with 0's regardless of
-+privileges. Kernel pointers printed using %pP will continue to be
-+printed.
-
- ==============================================================
-
---- a/kernel/sysctl.c
-+++ b/kernel/sysctl.c
-@@ -129,7 +129,6 @@ static unsigned long one_ul = 1;
- static int one_hundred = 100;
- static int one_thousand = 1000;
- #ifdef CONFIG_PRINTK
--static int three = 3;
- static int ten_thousand = 10000;
- #endif
- #ifdef CONFIG_PERF_EVENTS
-@@ -853,7 +852,7 @@ static struct ctl_table kern_table[] = {
- .mode = 0644,
- .proc_handler = proc_dointvec_minmax_sysadmin,
- .extra1 = &zero,
-- .extra2 = &three,
-+ .extra2 = &four,
- },
- #endif
- {
---- a/lib/vsprintf.c
-+++ b/lib/vsprintf.c
-@@ -406,6 +406,22 @@ static inline int kptr_restrict_always_c
- return kptr_restrict >= 3;
- }
-
-+/*
-+ * Always cleanse physical addresses (%pa* specifiers)
-+ */
-+static inline int kptr_restrict_cleanse_addresses(void)
-+{
-+ return kptr_restrict >= 4;
-+}
-+
-+/*
-+ * Always cleanse resource addresses (%p[rR] specifiers)
-+ */
-+static inline int kptr_restrict_cleanse_resources(void)
-+{
-+ return kptr_restrict >= 4;
-+}
-+
- static noinline_for_stack
- char *number(char *buf, char *end, unsigned long long num,
- struct printf_spec spec)
-@@ -758,6 +774,7 @@ char *resource_string(char *buf, char *e
-
- char *p = sym, *pend = sym + sizeof(sym);
- int decode = (fmt[0] == 'R') ? 1 : 0;
-+ int cleanse = kptr_restrict_cleanse_resources();
- const struct printf_spec *specp;
-
- *p++ = '[';
-@@ -785,10 +802,11 @@ char *resource_string(char *buf, char *e
- p = string(p, pend, "size ", str_spec);
- p = number(p, pend, resource_size(res), *specp);
- } else {
-- p = number(p, pend, res->start, *specp);
-+ p = number(p, pend, cleanse ? 0UL : res->start, *specp);
- if (res->start != res->end) {
- *p++ = '-';
-- p = number(p, pend, res->end, *specp);
-+ p = number(p, pend, cleanse ?
-+ res->end - res->start : res->end, *specp);
- }
- }
- if (decode) {
-@@ -1391,7 +1409,9 @@ char *address_val(char *buf, char *end,
- break;
- }
-
-- return special_hex_number(buf, end, num, size);
-+ return special_hex_number(buf, end,
-+ kptr_restrict_cleanse_addresses() ? 0UL : num,
-+ size);
- }
-
- static noinline_for_stack
-@@ -1715,6 +1735,12 @@ char *device_node_string(char *buf, char
- *
- * Note: That for kptr_restrict set to 3, %p and %pK have the same
- * meaning.
-+ *
-+ * Note: That for kptr_restrict set to 4, %pa will null out the physical
-+ * address.
-+ *
-+ * Note: That for kptr_restrict set to 4, %p[rR] will null out the memory
-+ * address.
- */
- static noinline_for_stack
- char *pointer(const char *fmt, char *buf, char *end, void *ptr,
-@@ -1877,6 +1903,7 @@ char *pointer(const char *fmt, char *buf
- }
- case 2: /* restrict only %pK */
- case 3: /* restrict all non-extensioned %p and %pK */
-+ case 4: /* restrict all non-extensioned %p, %pK, %pa*, %p[rR] */
- default:
- ptr = NULL;
- break;
diff --git a/lib-vsprintf-whitelist-stack-traces.patch b/lib-vsprintf-whitelist-stack-traces.patch
deleted file mode 100644
index 49f426bcea8a32..00000000000000
--- a/lib-vsprintf-whitelist-stack-traces.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From: Dave Weinstein <olorin@google.com>
-Subject: lib: vsprintf: whitelist stack traces
-
-Use the %pP functionality to explicitly allow kernel
-pointers to be logged for stack traces
-
-Cc: William Roberts <william.c.roberts@intel.com>
-Cc: Chris Fries <cfries@google.com>
-Signed-off-by: Dave Weinstein <olorin@google.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm64/kernel/traps.c | 4 ++--
- include/linux/kallsyms.h | 2 +-
- kernel/printk/printk.c | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
---- a/arch/arm64/kernel/traps.c
-+++ b/arch/arm64/kernel/traps.c
-@@ -147,7 +147,7 @@ void dump_backtrace(struct pt_regs *regs
- struct stackframe frame;
- int skip;
-
-- pr_debug("%s(regs = %p tsk = %p)\n", __func__, regs, tsk);
-+ pr_debug("%s(regs = %pP tsk = %pP)\n", __func__, regs, tsk);
-
- if (!tsk)
- tsk = current;
-@@ -233,7 +233,7 @@ static int __die(const char *str, int er
-
- print_modules();
- __show_regs(regs);
-- pr_emerg("Process %.*s (pid: %d, stack limit = 0x%p)\n",
-+ pr_emerg("Process %.*s (pid: %d, stack limit = 0x%pP)\n",
- TASK_COMM_LEN, tsk->comm, task_pid_nr(tsk),
- end_of_stack(tsk));
-
---- a/include/linux/kallsyms.h
-+++ b/include/linux/kallsyms.h
-@@ -123,7 +123,7 @@ static inline void print_symbol(const ch
-
- static inline void print_ip_sym(unsigned long ip)
- {
-- printk("[<%p>] %pS\n", (void *) ip, (void *) ip);
-+ printk("[<%pP>] %pS\n", (void *) ip, (void *) ip);
- }
-
- #endif /*_LINUX_KALLSYMS_H*/
---- a/kernel/printk/printk.c
-+++ b/kernel/printk/printk.c
-@@ -3142,7 +3142,7 @@ void show_regs_print_info(const char *lo
- {
- dump_stack_print_info(log_lvl);
-
-- printk("%stask: %p task.stack: %p\n",
-+ printk("%stask: %pP task.stack: %pP\n",
- log_lvl, current, task_stack_page(current));
- }
-
diff --git a/series b/series
index 6c234a19f3ac16..73e177f1497fa1 100644
--- a/series
+++ b/series
@@ -1,12 +1,6 @@
#
usb_DEVICE_ATTR.patch
-lib-vsprintf-additional-kernel-pointer-filtering-options.patch
-lib-vsprintf-whitelist-stack-traces.patch
-lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch
-lib-vsprintf-default-kptr_restrict-to-the-maximum-value.patch
-lib-vsprintf-add-pap-padp-options.patch
-drivers-uio-un-restrict-sysfs-pointers-for-uio.patch
generated by cgit 1.2.3-korg (git 2.43.0) at 2026-03-01 14:07:28 +0000