Commit f3bc432a authored by Alan Stern's avatar Alan Stern Committed by Greg Kroah-Hartman

USB: core: Change %pK for __user pointers to %px

Commit 2f964780 ("USB: core: replace %p with %pK") used the %pK
format specifier for a bunch of __user pointers.  But as the 'K' in
the specifier indicates, it is meant for kernel pointers.  The reason
for the %pK specifier is to avoid leaks of kernel addresses, but when
the pointer is to an address in userspace the security implications
are minimal.  In particular, no kernel information is leaked.

This patch changes the __user %pK specifiers (used in a bunch of
debugging output lines) to %px, which will always print the actual
address with no mangling.  (Notably, there is no printk format
specifier particularly intended for __user pointers.)

Fixes: 2f964780 ("USB: core: replace %p with %pK")
CC: Vamsi Krishna Samavedam <vskrishn@codeaurora.org>
CC: <stable@vger.kernel.org>
Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20201119170228.GB576844@rowland.harvard.eduSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 184eead0
...@@ -482,11 +482,11 @@ static void snoop_urb(struct usb_device *udev, ...@@ -482,11 +482,11 @@ static void snoop_urb(struct usb_device *udev,
if (userurb) { /* Async */ if (userurb) { /* Async */
if (when == SUBMIT) if (when == SUBMIT)
dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, " dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
"length %u\n", "length %u\n",
userurb, ep, t, d, length); userurb, ep, t, d, length);
else else
dev_info(&udev->dev, "userurb %pK, ep%d %s-%s, " dev_info(&udev->dev, "userurb %px, ep%d %s-%s, "
"actual_length %u status %d\n", "actual_length %u status %d\n",
userurb, ep, t, d, length, userurb, ep, t, d, length,
timeout_or_status); timeout_or_status);
...@@ -1997,7 +1997,7 @@ static int proc_reapurb(struct usb_dev_state *ps, void __user *arg) ...@@ -1997,7 +1997,7 @@ static int proc_reapurb(struct usb_dev_state *ps, void __user *arg)
if (as) { if (as) {
int retval; int retval;
snoop(&ps->dev->dev, "reap %pK\n", as->userurb); snoop(&ps->dev->dev, "reap %px\n", as->userurb);
retval = processcompl(as, (void __user * __user *)arg); retval = processcompl(as, (void __user * __user *)arg);
free_async(as); free_async(as);
return retval; return retval;
...@@ -2014,7 +2014,7 @@ static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg) ...@@ -2014,7 +2014,7 @@ static int proc_reapurbnonblock(struct usb_dev_state *ps, void __user *arg)
as = async_getcompleted(ps); as = async_getcompleted(ps);
if (as) { if (as) {
snoop(&ps->dev->dev, "reap %pK\n", as->userurb); snoop(&ps->dev->dev, "reap %px\n", as->userurb);
retval = processcompl(as, (void __user * __user *)arg); retval = processcompl(as, (void __user * __user *)arg);
free_async(as); free_async(as);
} else { } else {
...@@ -2142,7 +2142,7 @@ static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg) ...@@ -2142,7 +2142,7 @@ static int proc_reapurb_compat(struct usb_dev_state *ps, void __user *arg)
if (as) { if (as) {
int retval; int retval;
snoop(&ps->dev->dev, "reap %pK\n", as->userurb); snoop(&ps->dev->dev, "reap %px\n", as->userurb);
retval = processcompl_compat(as, (void __user * __user *)arg); retval = processcompl_compat(as, (void __user * __user *)arg);
free_async(as); free_async(as);
return retval; return retval;
...@@ -2159,7 +2159,7 @@ static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *ar ...@@ -2159,7 +2159,7 @@ static int proc_reapurbnonblock_compat(struct usb_dev_state *ps, void __user *ar
as = async_getcompleted(ps); as = async_getcompleted(ps);
if (as) { if (as) {
snoop(&ps->dev->dev, "reap %pK\n", as->userurb); snoop(&ps->dev->dev, "reap %px\n", as->userurb);
retval = processcompl_compat(as, (void __user * __user *)arg); retval = processcompl_compat(as, (void __user * __user *)arg);
free_async(as); free_async(as);
} else { } else {
...@@ -2624,7 +2624,7 @@ static long usbdev_do_ioctl(struct file *file, unsigned int cmd, ...@@ -2624,7 +2624,7 @@ static long usbdev_do_ioctl(struct file *file, unsigned int cmd,
#endif #endif
case USBDEVFS_DISCARDURB: case USBDEVFS_DISCARDURB:
snoop(&dev->dev, "%s: DISCARDURB %pK\n", __func__, p); snoop(&dev->dev, "%s: DISCARDURB %px\n", __func__, p);
ret = proc_unlinkurb(ps, p); ret = proc_unlinkurb(ps, p);
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment