mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-01 19:06:25 -05:00
103 lines
3.8 KiB
Diff
103 lines
3.8 KiB
Diff
From d7a15270ad80aff21d09aaea9c0e98e03e541b50 Mon Sep 17 00:00:00 2001
|
|
From: Min Chong <mchong@google.com>
|
|
Date: Thu, 13 Oct 2016 17:15:35 -0700
|
|
Subject: [PATCH] netfilter: Change %p to %pK in debug messages
|
|
|
|
The format specifier %p can leak kernel addresses
|
|
while not valuing the kptr_restrict system settings.
|
|
Use %pK instead of %p, which also evaluates whether
|
|
kptr_restrict is set.
|
|
|
|
Bug: 31796940
|
|
Change-Id: Ia2946d6b493126d68281f97778faf578247f088e
|
|
Signed-off-by: Min Chong <mchong@google.com>
|
|
---
|
|
net/netfilter/nf_conntrack_core.c | 20 ++++++++++----------
|
|
1 file changed, 10 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
|
|
index 1c118edd4b794..d9b86c2e96e24 100644
|
|
--- a/net/netfilter/nf_conntrack_core.c
|
|
+++ b/net/netfilter/nf_conntrack_core.c
|
|
@@ -188,7 +188,7 @@ EXPORT_SYMBOL_GPL(nf_ct_invert_tuple);
|
|
static void
|
|
clean_from_lists(struct nf_conn *ct)
|
|
{
|
|
- pr_debug("clean_from_lists(%p)\n", ct);
|
|
+ pr_debug("clean_from_lists(%pK)\n", ct);
|
|
hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode);
|
|
hlist_nulls_del_rcu(&ct->tuplehash[IP_CT_DIR_REPLY].hnnode);
|
|
|
|
@@ -203,7 +203,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
|
|
struct net *net = nf_ct_net(ct);
|
|
struct nf_conntrack_l4proto *l4proto;
|
|
|
|
- pr_debug("destroy_conntrack(%p)\n", ct);
|
|
+ pr_debug("destroy_conntrack(%pK)\n", ct);
|
|
NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
|
|
NF_CT_ASSERT(!timer_pending(&ct->timeout));
|
|
|
|
@@ -234,7 +234,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
|
|
if (ct->master)
|
|
nf_ct_put(ct->master);
|
|
|
|
- pr_debug("destroy_conntrack: returning ct=%p to slab\n", ct);
|
|
+ pr_debug("destroy_conntrack: returning ct=%pK to slab\n", ct);
|
|
nf_conntrack_free(ct);
|
|
}
|
|
|
|
@@ -496,7 +496,7 @@ __nf_conntrack_confirm(struct sk_buff *skb)
|
|
/* No external references means no one else could have
|
|
confirmed us. */
|
|
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
|
|
- pr_debug("Confirming conntrack %p\n", ct);
|
|
+ pr_debug("Confirming conntrack %pK\n", ct);
|
|
|
|
spin_lock_bh(&nf_conntrack_lock);
|
|
|
|
@@ -826,7 +826,7 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
|
|
spin_lock_bh(&nf_conntrack_lock);
|
|
exp = nf_ct_find_expectation(net, zone, tuple);
|
|
if (exp) {
|
|
- pr_debug("conntrack: expectation arrives ct=%p exp=%p\n",
|
|
+ pr_debug("conntrack: expectation arrives ct=%pK exp=%pK\n",
|
|
ct, exp);
|
|
/* Welcome, Mr. Bond. We've been expecting you... */
|
|
__set_bit(IPS_EXPECTED_BIT, &ct->status);
|
|
@@ -916,14 +916,14 @@ resolve_normal_ct(struct net *net, struct nf_conn *tmpl,
|
|
} else {
|
|
/* Once we've had two way comms, always ESTABLISHED. */
|
|
if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
|
|
- pr_debug("nf_conntrack_in: normal packet for %p\n", ct);
|
|
+ pr_debug("nf_conntrack_in: normal packet for %pK\n", ct);
|
|
*ctinfo = IP_CT_ESTABLISHED;
|
|
} else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) {
|
|
- pr_debug("nf_conntrack_in: related packet for %p\n",
|
|
+ pr_debug("nf_conntrack_in: related packet for %pK\n",
|
|
ct);
|
|
*ctinfo = IP_CT_RELATED;
|
|
} else {
|
|
- pr_debug("nf_conntrack_in: new packet for %p\n", ct);
|
|
+ pr_debug("nf_conntrack_in: new packet for %pK\n", ct);
|
|
*ctinfo = IP_CT_NEW;
|
|
}
|
|
*set_reply = 0;
|
|
@@ -1065,7 +1065,7 @@ void nf_conntrack_alter_reply(struct nf_conn *ct,
|
|
/* Should be unconfirmed, so not in hash table yet */
|
|
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
|
|
|
|
- pr_debug("Altering reply tuple of %p to ", ct);
|
|
+ pr_debug("Altering reply tuple of %pK to ", ct);
|
|
nf_ct_dump_tuple(newreply);
|
|
|
|
ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
|
|
@@ -1640,7 +1640,7 @@ int nf_conntrack_init_net(struct net *net)
|
|
goto err_stat;
|
|
}
|
|
|
|
- net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
|
|
+ net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%pK", net);
|
|
if (!net->ct.slabname) {
|
|
ret = -ENOMEM;
|
|
goto err_slabname;
|