On Wed, Nov 20, 2024 at 08:35:38AM +0100, Linus Walleij wrote: > On Wed, Nov 20, 2024 at 6:31 AM David Wang <00107082@xxxxxxx> wrote: > > > Using device name as format string of seq_printf() is proned to > > "Format string attack", opens possibility for exploitation. > > Seq_puts() is safer and more efficient. > > > > Signed-off-by: David Wang <00107082@xxxxxxx> > > Okay better get Kees' eye on this, he looks after string vulnerabilities. > (But I think you're right.) Agreed, this may lead to kernel memory content exposures. seq_puts() looks right. Reviewed-by: Kees Cook <kees@xxxxxxxxxx> To defend against this, it might be interesting to detect single-argument seq_printf() usage and aim it at seq_puts() automatically... > > > drivers/gpio/gpio-aspeed-sgpio.c | 2 +- > > drivers/gpio/gpio-aspeed.c | 2 +- > > drivers/gpio/gpio-ep93xx.c | 2 +- > > drivers/gpio/gpio-hlwd.c | 2 +- > > drivers/gpio/gpio-mlxbf2.c | 2 +- > > drivers/gpio/gpio-omap.c | 2 +- > > drivers/gpio/gpio-pca953x.c | 2 +- > > drivers/gpio/gpio-pl061.c | 2 +- > > drivers/gpio/gpio-tegra.c | 2 +- > > drivers/gpio/gpio-tegra186.c | 2 +- > > drivers/gpio/gpio-tqmx86.c | 2 +- > > drivers/gpio/gpio-visconti.c | 2 +- > > drivers/gpio/gpio-xgs-iproc.c | 2 +- > > drivers/irqchip/irq-gic.c | 2 +- > > drivers/irqchip/irq-mvebu-pic.c | 2 +- > > drivers/irqchip/irq-versatile-fpga.c | 2 +- > > drivers/pinctrl/bcm/pinctrl-iproc-gpio.c | 2 +- > > drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 2 +- > > drivers/pinctrl/pinctrl-mcp23s08.c | 2 +- > > drivers/pinctrl/pinctrl-stmfx.c | 2 +- > > drivers/pinctrl/pinctrl-sx150x.c | 2 +- > > drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- > > Can you split this in three patches per-subsystem? > One for gpio, one for irqchip and one for pinctrl? > > Then send to each subsystem maintainer and CC kees on > each. > > I'm just the pinctrl maintainer. The rest can be found with > scripts/get_maintainer.pl. Oof. That's a lot of work for a mechanical change like this. Perhaps Greg KH can take it directly to the drivers tree instead? -Kees -- Kees Cook
Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- From: Kees Cook <kees@xxxxxxxxxx>
- Date: Wed, 20 Nov 2024 10:12:40 -0800
- In-reply-to: <CACRpkdZ0zwn0908LDqrfQJtF7M-WRcKA4qdJdwSXZNzm0L47CA@mail.gmail.com>
- References: <20241120053055.225195-1-00107082@163.com> <CACRpkdZ0zwn0908LDqrfQJtF7M-WRcKA4qdJdwSXZNzm0L47CA@mail.gmail.com>
- Follow-Ups:
- Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- From: Greg Kroah-Hartman
- Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- References:
- Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- From: Linus Walleij
- Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- Prev by Date: Re: [PATCH 00/15] Add support for SAMA7D65
- Next by Date: Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- Previous by thread: Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- Next by thread: Re: [PATCH] Fix a potential abuse of seq_printf() format string in drivers
- Index(es):
 |