[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2] vsprintf: Make sure argument to %pX specifier is valid

To: ian.campbell@xxxxxxxxxx, ian.jackson@xxxxxxxxxxxxx, jbeulich@xxxxxxxx, keir@xxxxxxx, tim@xxxxxxx
From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Date: Wed, 11 Feb 2015 15:58:52 -0500
Cc: boris.ostrovsky@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 11 Feb 2015 20:51:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

If invalid pointer (i.e. something smaller than HYPERVISOR_VIRT_START)
is passed for %*ph/%pv/%ps/%pS format specifiers then print "(NULL)"

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
---
 xen/common/vsprintf.c |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

v2:
 * Print "(NULL)" instead of specifier-specific string
 * Consider all addresses under HYPERVISOR_VIRT_START as invalid. (I think
   this is true for both x86 and ARM but I don't have ARM platform to test).


diff --git a/xen/common/vsprintf.c b/xen/common/vsprintf.c
index 065cc42..b9542b5 100644
--- a/xen/common/vsprintf.c
+++ b/xen/common/vsprintf.c
@@ -270,6 +270,22 @@ static char *pointer(char *str, char *end, const char 
**fmt_ptr,
     const char *fmt = *fmt_ptr, *s;
 
     /* Custom %p suffixes. See XEN_ROOT/docs/misc/printk-formats.txt */
+
+    switch ( fmt[1] )
+    {
+        case 'h':
+        case 's':
+        case 'S':
+        case 'v':
+            ++*fmt_ptr;
+    }
+
+    if ( (unsigned long)arg < HYPERVISOR_VIRT_START )
+    {
+        char *s = "(NULL)";
+        return string(str, end, s, -1, -1, 0);
+    }
+
     switch ( fmt[1] )
     {
     case 'h': /* Raw buffer as hex string. */
@@ -277,9 +293,6 @@ static char *pointer(char *str, char *end, const char 
**fmt_ptr,
         const uint8_t *hex_buffer = arg;
         unsigned int i;
 
-        /* Consumed 'h' from the format string. */
-        ++*fmt_ptr;
-
         /* Bound user count from %* to between 0 and 64 bytes. */
         if ( field_width <= 0 )
             return str;
@@ -306,9 +319,6 @@ static char *pointer(char *str, char *end, const char 
**fmt_ptr,
         unsigned long sym_size, sym_offset;
         char namebuf[KSYM_NAME_LEN+1];
 
-        /* Advance parents fmt string, as we have consumed 's' or 'S' */
-        ++*fmt_ptr;
-
         s = symbols_lookup((unsigned long)arg, &sym_size, &sym_offset, 
namebuf);
 
         /* If the symbol is not found, fall back to printing the address */
@@ -335,7 +345,6 @@ static char *pointer(char *str, char *end, const char 
**fmt_ptr,
     {
         const struct vcpu *v = arg;
 
-        ++*fmt_ptr;
         if ( str < end )
             *str = 'd';
         str = number(str + 1, end, v->domain->domain_id, 10, -1, -1, 0);
-- 
1.7.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v2] vsprintf: Make sure argument to %pX specifier is valid
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH] modify the IO_TLB_SEGSIZE to io_tlb_segsize configurable as flexible requirement about SW-IOMMU.
Next by Date: [Xen-devel] [linux-3.16 test] 34434: regressions - FAIL
Previous by thread: [Xen-devel] [PATCH] MdeModulePkg: mark completion of PCI enumeration in PciEnumeratorLight
Next by thread: Re: [Xen-devel] [PATCH v2] vsprintf: Make sure argument to %pX specifier is valid
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.