On Tue, 9 Jan 2018, Kees Cook wrote:
> -static void report_usercopy(unsigned long len, bool to_user, const char *type)
> +int report_usercopy(const char *name, const char *detail, bool to_user,
> + unsigned long offset, unsigned long len)
> {
> - pr_emerg("kernel memory %s attempt detected %s '%s' (%lu bytes)\n",
> + pr_emerg("kernel memory %s attempt detected %s %s%s%s%s (offset %lu, size %lu)\n",
> to_user ? "exposure" : "overwrite",
> - to_user ? "from" : "to", type ? : "unknown", len);
> + to_user ? "from" : "to",
> + name ? : "unknown?!",
> + detail ? " '" : "", detail ? : "", detail ? "'" : "",
> + offset, len);
> /*
> * For greater effect, it would be nice to do do_group_exit(),
> * but BUG() actually hooks all the lock-breaking and per-arch
> * Oops code, so that is used here instead.
> */
> BUG();
Should this be a WARN() or so? Or some configuration that changes
BUG() behavior? Otherwise
> +
> + return -1;
This return code will never be returned.
Why a return code at all? Maybe I will see that in the following patches?
