diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-05-22 11:19:20 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-05-22 11:19:20 +0200 |
commit | 32c95828dc1374643ffcb1addf516907f41b5e10 (patch) | |
tree | c28ca51754363bf219a74b3d362f83eece593503 | |
parent | 3b7788d1aea6b90fe52aec889e79aad8b10c0b12 (diff) | |
download | patches-32c95828dc1374643ffcb1addf516907f41b5e10.tar.gz |
usb patch
-rw-r--r-- | series | 1 | ||||
-rw-r--r-- | usb-core-replace-p-with-pk.patch | 122 |
2 files changed, 123 insertions, 0 deletions
@@ -1,4 +1,5 @@ #goldfish_pipe-an-implementation-of-more-parallel-pipe.patch +usb-core-replace-p-with-pk.patch lib-vsprintf-additional-kernel-pointer-filtering-options.patch lib-vsprintf-whitelist-stack-traces.patch lib-vsprintf-physical-address-kernel-pointer-filtering-options.patch diff --git a/usb-core-replace-p-with-pk.patch b/usb-core-replace-p-with-pk.patch new file mode 100644 index 00000000000000..489eae2e4c559b --- /dev/null +++ b/usb-core-replace-p-with-pk.patch @@ -0,0 +1,122 @@ +From foo@baz Tue May 16 12:08:33 CEST 2017 +Date: Tue, 16 May 2017 12:08:33 +0200 +To: Greg KH <gregkh@linuxfoundation.org> +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Subject: [PATCH] USB: core: replace %p with %pK + +From: Vamsi Krishna Samavedam <vskrishn@codeaurora.org> + +Format specifier %p can leak kernel addresses while not valuing the +kptr_restrict system settings. When kptr_restrict is set to (1), kernel +pointers printed using the %pK format specifier will be replaced with +Zeros. Debugging Note : &pK prints only Zeros as address. If you need +actual address information, write 0 to kptr_restrict. + +echo 0 > /proc/sys/kernel/kptr_restrict + +[Found by poking around in a random vendor kernel tree, it would be nice +if someone would actually send these types of patches upstream - gkh] + +Signed-off-by: Vamsi Krishna Samavedam <vskrishn@codeaurora.org> +Cc: stable <stable@vger.kernel.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + + +--- + drivers/usb/core/devio.c | 14 +++++++------- + drivers/usb/core/hcd.c | 4 ++-- + drivers/usb/core/urb.c | 2 +- + 3 files changed, 10 insertions(+), 10 deletions(-) + +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -475,11 +475,11 @@ static void snoop_urb(struct usb_device + + if (userurb) { /* Async */ + if (when == SUBMIT) +- dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " ++ dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, " + "length %u\n", + userurb, ep, t, d, length); + else +- dev_info(&udev->dev, "userurb %p, ep%d %s-%s, " ++ dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, " + "actual_length %u status %d\n", + userurb, ep, t, d, length, + timeout_or_status); +@@ -1895,7 +1895,7 @@ static int proc_reapurb(struct usb_dev_s + if (as) { + int retval; + +- snoop(&ps->dev->dev, "reap %p\n", as->userurb); ++ snoop(&ps->dev->dev, "reap %pK\n", as->userurb); + retval = processcompl(as, (void __user * __user *)arg); + free_async(as); + return retval; +@@ -1912,7 +1912,7 @@ static int proc_reapurbnonblock(struct u + + as = async_getcompleted(ps); + if (as) { +- snoop(&ps->dev->dev, "reap %p\n", as->userurb); ++ snoop(&ps->dev->dev, "reap %pK\n", as->userurb); + retval = processcompl(as, (void __user * __user *)arg); + free_async(as); + } else { +@@ -2043,7 +2043,7 @@ static int proc_reapurb_compat(struct us + if (as) { + int retval; + +- snoop(&ps->dev->dev, "reap %p\n", as->userurb); ++ snoop(&ps->dev->dev, "reap %pK\n", as->userurb); + retval = processcompl_compat(as, (void __user * __user *)arg); + free_async(as); + return retval; +@@ -2060,7 +2060,7 @@ static int proc_reapurbnonblock_compat(s + + as = async_getcompleted(ps); + if (as) { +- snoop(&ps->dev->dev, "reap %p\n", as->userurb); ++ snoop(&ps->dev->dev, "reap %pK\n", as->userurb); + retval = processcompl_compat(as, (void __user * __user *)arg); + free_async(as); + } else { +@@ -2489,7 +2489,7 @@ static long usbdev_do_ioctl(struct file + #endif + + case USBDEVFS_DISCARDURB: +- snoop(&dev->dev, "%s: DISCARDURB %p\n", __func__, p); ++ snoop(&dev->dev, "%s: DISCARDURB %pK\n", __func__, p); + ret = proc_unlinkurb(ps, p); + break; + +--- a/drivers/usb/core/hcd.c ++++ b/drivers/usb/core/hcd.c +@@ -1723,7 +1723,7 @@ int usb_hcd_unlink_urb (struct urb *urb, + if (retval == 0) + retval = -EINPROGRESS; + else if (retval != -EIDRM && retval != -EBUSY) +- dev_dbg(&udev->dev, "hcd_unlink_urb %p fail %d\n", ++ dev_dbg(&udev->dev, "hcd_unlink_urb %pK fail %d\n", + urb, retval); + usb_put_dev(udev); + } +@@ -1890,7 +1890,7 @@ rescan: + /* kick hcd */ + unlink1(hcd, urb, -ESHUTDOWN); + dev_dbg (hcd->self.controller, +- "shutdown urb %p ep%d%s%s\n", ++ "shutdown urb %pK ep%d%s%s\n", + urb, usb_endpoint_num(&ep->desc), + is_in ? "in" : "out", + ({ char *s; +--- a/drivers/usb/core/urb.c ++++ b/drivers/usb/core/urb.c +@@ -338,7 +338,7 @@ int usb_submit_urb(struct urb *urb, gfp_ + if (!urb || !urb->complete) + return -EINVAL; + if (urb->hcpriv) { +- WARN_ONCE(1, "URB %p submitted while active\n", urb); ++ WARN_ONCE(1, "URB %pK submitted while active\n", urb); + return -EBUSY; + } + |