DivestOS/Patches/Linux_CVEs/CVE-2016-8407/ANY/0001.patch
2017-11-07 17:32:46 -05:00

158 lines
5.0 KiB
Diff

From c01b4ad61a7e4291ea3db18baaf6c3532eff7e38 Mon Sep 17 00:00:00 2001
From: Min Chong <mchong@google.com>
Date: Fri, 14 Oct 2016 13:38:11 -0700
Subject: [PATCH] usb: gadget: f_mbim: Change %p to %pK in debug messages
The format specifier %p can leak kernel addresses
while not valuing the kptr_restrict system settings.
Use %pK instead of %p, which also evaluates whether
kptr_restrict is set.
Bug: 31802656
Change-Id: I74e83192e0379586469edba3c7579a1cd75cf3c0
Signed-off-by: Min Chong <mchong@google.com>
---
drivers/usb/gadget/f_mbim.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/usb/gadget/f_mbim.c b/drivers/usb/gadget/f_mbim.c
index d1d10e07eb8db..797756dc46548 100644
--- a/drivers/usb/gadget/f_mbim.c
+++ b/drivers/usb/gadget/f_mbim.c
@@ -589,24 +589,24 @@ static void fmbim_ctrl_response_available(struct f_mbim *dev)
unsigned long flags;
int ret;
- pr_debug("dev:%p portno#%d\n", dev, dev->port_num);
+ pr_debug("dev:%pK portno#%d\n", dev, dev->port_num);
spin_lock_irqsave(&dev->lock, flags);
if (!atomic_read(&dev->online)) {
- pr_err("dev:%p is not online\n", dev);
+ pr_err("dev:%pK is not online\n", dev);
spin_unlock_irqrestore(&dev->lock, flags);
return;
}
if (!req) {
- pr_err("dev:%p req is NULL\n", dev);
+ pr_err("dev:%pK req is NULL\n", dev);
spin_unlock_irqrestore(&dev->lock, flags);
return;
}
if (!req->buf) {
- pr_err("dev:%p req->buf is NULL\n", dev);
+ pr_err("dev:%pK req->buf is NULL\n", dev);
spin_unlock_irqrestore(&dev->lock, flags);
return;
}
@@ -645,21 +645,21 @@ fmbim_send_cpkt_response(struct f_mbim *gr, struct ctrl_pkt *cpkt)
unsigned long flags;
if (!gr || !cpkt) {
- pr_err("Invalid cpkt, dev:%p cpkt:%p\n",
+ pr_err("Invalid cpkt, dev:%pK cpkt:%pK\n",
gr, cpkt);
return -ENODEV;
}
- pr_debug("dev:%p port_num#%d\n", dev, dev->port_num);
+ pr_debug("dev:%pK port_num#%d\n", dev, dev->port_num);
if (!atomic_read(&dev->online)) {
- pr_err("dev:%p is not connected\n", dev);
+ pr_err("dev:%pK is not connected\n", dev);
mbim_free_ctrl_pkt(cpkt);
return 0;
}
if (dev->not_port.notify_state != MBIM_NOTIFY_RESPONSE_AVAILABLE) {
- pr_err("dev:%p state=%d, recover!!\n", dev,
+ pr_err("dev:%pK state=%d, recover!!\n", dev,
dev->not_port.notify_state);
mbim_free_ctrl_pkt(cpkt);
return 0;
@@ -700,7 +700,7 @@ static int mbim_bam_connect(struct f_mbim *dev)
enum peer_bam bam_name = (dev->xport == USB_GADGET_XPORT_BAM2BAM_IPA) ?
IPA_P_BAM : A2_P_BAM;
- pr_info("dev:%p portno:%d\n", dev, dev->port_num);
+ pr_info("dev:%pK portno:%d\n", dev, dev->port_num);
src_connection_idx = usb_bam_get_connection_idx(gadget->name, bam_name,
USB_TO_PEER_PERIPHERAL, USB_BAM_DEVICE, dev->port_num);
@@ -727,7 +727,7 @@ static int mbim_bam_connect(struct f_mbim *dev)
static int mbim_bam_disconnect(struct f_mbim *dev)
{
- pr_info("%s - dev:%p port:%d\n", __func__, dev, dev->port_num);
+ pr_info("%s - dev:%pK port:%d\n", __func__, dev, dev->port_num);
bam_data_disconnect(&dev->bam_port, dev->port_num);
return 0;
@@ -862,7 +862,7 @@ static void mbim_notify_complete(struct usb_ep *ep, struct usb_request *req)
struct f_mbim *mbim = req->context;
struct usb_cdc_notification *event = req->buf;
- pr_debug("dev:%p\n", mbim);
+ pr_debug("dev:%pK\n", mbim);
spin_lock(&mbim->lock);
switch (req->status) {
@@ -892,7 +892,7 @@ static void mbim_notify_complete(struct usb_ep *ep, struct usb_request *req)
mbim_do_notify(mbim);
spin_unlock(&mbim->lock);
- pr_debug("dev:%p Exit\n", mbim);
+ pr_debug("dev:%pK Exit\n", mbim);
}
static void mbim_ep0out_complete(struct usb_ep *ep, struct usb_request *req)
@@ -903,7 +903,7 @@ static void mbim_ep0out_complete(struct usb_ep *ep, struct usb_request *req)
struct f_mbim *mbim = func_to_mbim(f);
struct mbim_ntb_input_size *ntb = NULL;
- pr_debug("dev:%p\n", mbim);
+ pr_debug("dev:%pK\n", mbim);
req->context = NULL;
if (req->status || req->actual != req->length) {
@@ -941,7 +941,7 @@ static void mbim_ep0out_complete(struct usb_ep *ep, struct usb_request *req)
invalid:
usb_ep_set_halt(ep);
- pr_err("dev:%p Failed\n", mbim);
+ pr_err("dev:%pK Failed\n", mbim);
return;
}
@@ -963,7 +963,7 @@ fmbim_cmd_complete(struct usb_ep *ep, struct usb_request *req)
return;
}
- pr_debug("dev:%p port#%d\n", dev, dev->port_num);
+ pr_debug("dev:%pK port#%d\n", dev, dev->port_num);
cpkt = mbim_alloc_ctrl_pkt(len, GFP_ATOMIC);
if (!cpkt) {
@@ -1313,7 +1313,7 @@ static int mbim_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
return ret;
}
- pr_info("Set mbim port in_desc = 0x%p",
+ pr_info("Set mbim port in_desc = 0x%pK",
mbim->bam_port.in->desc);
ret = config_ep_by_speed(cdev->gadget, f,
@@ -1325,7 +1325,7 @@ static int mbim_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
return ret;
}
- pr_info("Set mbim port out_desc = 0x%p",
+ pr_info("Set mbim port out_desc = 0x%pK",
mbim->bam_port.out->desc);
if (mbim->xport == USB_GADGET_XPORT_BAM2BAM_IPA