From patchwork Thu Feb 13 16:41:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Thompson X-Patchwork-Id: 183398 Delivered-To: patches@linaro.org Received: by 2002:a92:1f12:0:0:0:0:0 with SMTP id i18csp741056ile; Thu, 13 Feb 2020 08:42:05 -0800 (PST) X-Received: by 2002:a1c:541b:: with SMTP id i27mr7179716wmb.137.1581612124921; Thu, 13 Feb 2020 08:42:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581612124; cv=none; d=google.com; s=arc-20160816; b=Ipz18aS5GqNPKjg4MzMUBrQ0VSC7kTKmmbrSnxZNirlRhKdl5WsdYJKkS+kPBqtxIQ 4w5EU4yzRUyGtYa15yvI1LsLrG1dzMERRzqoza1MK+qGf9HOZop7IFJt+q0+1q0yAvyS HviKltX7KtufA8bPuvazbLzl2iJ+QaaVABXfnxpg/sIpaOOjRJ/cVA00szokaaw6rQKB 84NyW4SbyxyhNyw5QC5e5j1ZFN0idAzab43kW+aCjoJa5awtDKGzQlB4IuYXGMIm0M78 98d0lH2qnayZPRNo6jijF81KYvxYbB55ZyiIiJoME1NExvXbY8/FmziesJptYog95PQM B2gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=bhsGWp5ne3QnPpqxRlkmT7D4Kf4En5d9ZglTG1EbOnk=; b=eYKBke2E+QfNEQsWbgGxuOYMqdFE0daCIw0g9vqMcFoFQe/LhBJ7psc2BCKlPPkKGA 3c4R/mvL7RUur+rf54JIzEFaPXXe+SZ0EBMJFzJ13lDE5wMm2zRd0sJG/Ysd269WKuzS 54pWJI1rS9gOkczsjhJM/029XADLWLAJhsc195WQXZYRqRfVuztbGVkxOfxOYcBWcZVb RvrVXmMCMfc5FlHWAvGVMdzkklk1LTuzfDouico63uBdzSyBzIGjNBFHRFsUuGohZfXW j2iKgi66Y+GGLh21It6ifqivlpBEUiDvjITM2i4ITQVxPMmWIl/oxMcY1UVtPXvyyzEu 68AQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=m8NYusRz; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id q2sor1687163wro.0.2020.02.13.08.42.04 for (Google Transport Security); Thu, 13 Feb 2020 08:42:04 -0800 (PST) Received-SPF: pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=m8NYusRz; spf=pass (google.com: domain of daniel.thompson@linaro.org designates 209.85.220.65 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bhsGWp5ne3QnPpqxRlkmT7D4Kf4En5d9ZglTG1EbOnk=; b=m8NYusRz6pGqHOIbtp/UK78XKjqljtr184HPe9b+etmJlQW5bOC0mqRml3sp3A2Nex N9KUVzKA/H6LA57hd/WtL2VYTogSF+e5X26N9Asa0oqItBCe9w+TUW3A2kGEytUCAOD4 6rFqWl2yOLpJLp1uNWXRV1ynAwxNB/iZFrbk6gFXpgUzJYYaetcphvbT2Xdlvm3AHYo4 Y8xCiIKAkjS6D9Uh9wSpED1US3WCBkrs4amLxNRKzPpVQnDzUUUMIw67I85IBjoV0yp8 JLsaF3tMPDbO6nD1dEbIxfITuTMegxy42BdnsKnyTucmzuDRSFW7cuD8Dr4LGBexGAX0 JLDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=bhsGWp5ne3QnPpqxRlkmT7D4Kf4En5d9ZglTG1EbOnk=; b=YXLlYNokGvl/A7z8DRXZuRBXephzTlcuZfCZB8WE1hSCMawrbWZK4o60XN2Eqa216D 8C4IrDuuT779xOj6sux0/5+77/hLKTD/j8mJNJUjn1QEyTwUdpsbBpnJZZZ67LHg3sao HJBbSuvYBSzZrTUog9zeVGQMXngfENYdu+xKyJnbOfswqm0+XjGDC2ahUoVudMglUKTQ xwBGCzw3yJBuc5ZddSSeSWDEnP/p+gxZViLFcYBatVuWy+VIVKMkAa44/Hr1wn278Ond Bptf1gGEYoZSw+KeBt0++ZUS4Jk6dkaEYYxvlcYGV585XCiCYPBwm7iCyMU1Q/TNZ/Qz RfoA== X-Gm-Message-State: APjAAAVKQM7bBanrjFjrLvbepMHjD2x5r/zsUBA+IbBiuZ7S5IBYW/13 hyl3maNLfzvlwLmzqEV2tOly8eZ9 X-Google-Smtp-Source: APXvYqyDkeGF7a8mW0wXHklVzjs0VtRvaPbtmdGxhIbIJZmYTZw8vqRf/7h0b/F1wPHDGl17lZYMFw== X-Received: by 2002:a5d:438c:: with SMTP id i12mr21947668wrq.51.1581612124532; Thu, 13 Feb 2020 08:42:04 -0800 (PST) Return-Path: Received: from wychelm.lan (cpc141214-aztw34-2-0-cust773.18-1.cable.virginm.net. [86.9.19.6]) by smtp.gmail.com with ESMTPSA id o4sm3461402wrx.25.2020.02.13.08.42.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Feb 2020 08:42:04 -0800 (PST) From: Daniel Thompson To: Jason Wessel , Daniel Thompson , Douglas Anderson Cc: kgdb-bugreport@lists.sourceforge.net, linux-kernel@vger.kernel.org, patches@linaro.org, Wang Xiayang Subject: [PATCH] kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ Date: Thu, 13 Feb 2020 16:41:46 +0000 Message-Id: <20200213164146.366251-1-daniel.thompson@linaro.org> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 Currently the PROMPT variable could be abused to provoke the printf() machinery to read outside the current stack frame. Normally this doesn't matter becaues md is already a much better tool for reading from memory. However the md command can be disabled by not setting KDB_ENABLE_MEM_READ. Let's also prevent PROMPT from being modified in these circumstances. Whilst adding a comment to help future code reviewers we also remove the #ifdef where PROMPT in consumed. There is no problem passing an unused (0) to snprintf when !CONFIG_SMP. argument Reported-by: Wang Xiayang Signed-off-by: Daniel Thompson --- kernel/debug/kdb/kdb_main.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) base-commit: bb6d3fb354c5ee8d6bde2d576eb7220ea09862b9 -- 2.23.0 Reviewed-by: Douglas Anderson diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c index ba12e9f4661e..8dae08792641 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -398,6 +398,13 @@ int kdb_set(int argc, const char **argv) if (argc != 2) return KDB_ARGCOUNT; + /* + * Censor sensitive variables + */ + if (strcmp(argv[1], "PROMPT") == 0 && + !kdb_check_flags(KDB_ENABLE_MEM_READ, kdb_cmd_enabled, false)) + return KDB_NOPERM; + /* * Check for internal variables */ @@ -1298,12 +1305,9 @@ static int kdb_local(kdb_reason_t reason, int error, struct pt_regs *regs, *(cmd_hist[cmd_head]) = '\0'; do_full_getstr: -#if defined(CONFIG_SMP) + /* PROMPT can only be set if we have MEM_READ permission. */ snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT"), raw_smp_processor_id()); -#else - snprintf(kdb_prompt_str, CMD_BUFLEN, kdbgetenv("PROMPT")); -#endif if (defcmd_in_progress) strncat(kdb_prompt_str, "[defcmd]", CMD_BUFLEN);