455cd5ab30
Add the %pK printk format specifier and the /proc/sys/kernel/kptr_restrict sysctl. The %pK format specifier is designed to hide exposed kernel pointers, specifically via /proc interfaces. Exposing these pointers provides an easy target for kernel write vulnerabilities, since they reveal the locations of writable structures containing easily triggerable function pointers. The behavior of %pK depends on the kptr_restrict sysctl. If kptr_restrict is set to 0, no deviation from the standard %p behavior occurs. If kptr_restrict is set to 1, the default, if the current user (intended to be a reader via seq_printf(), etc.) does not have CAP_SYSLOG (currently in the LSM tree), kernel pointers using %pK are printed as 0's. If kptr_restrict is set to 2, kernel pointers using %pK are printed as 0's regardless of privileges. Replacing with 0's was chosen over the default "(null)", which cannot be parsed by userland %p, which expects "(nil)". [akpm@linux-foundation.org: check for IRQ context when !kptr_restrict, save an indent level, s/WARN/WARN_ONCE/] [akpm@linux-foundation.org: coding-style fixup] [randy.dunlap@oracle.com: fix kernel/sysctl.c warning] Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com> Cc: James Morris <jmorris@namei.org> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Thomas Graf <tgraf@infradead.org> Cc: Eugene Teo <eugeneteo@kernel.org> Cc: Kees Cook <kees.cook@canonical.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: David S. Miller <davem@davemloft.net> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Eric Paris <eparis@parisplace.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
249 lines
7.8 KiB
C
249 lines
7.8 KiB
C
#ifndef __KERNEL_PRINTK__
|
|
#define __KERNEL_PRINTK__
|
|
|
|
extern const char linux_banner[];
|
|
extern const char linux_proc_banner[];
|
|
|
|
#define KERN_EMERG "<0>" /* system is unusable */
|
|
#define KERN_ALERT "<1>" /* action must be taken immediately */
|
|
#define KERN_CRIT "<2>" /* critical conditions */
|
|
#define KERN_ERR "<3>" /* error conditions */
|
|
#define KERN_WARNING "<4>" /* warning conditions */
|
|
#define KERN_NOTICE "<5>" /* normal but significant condition */
|
|
#define KERN_INFO "<6>" /* informational */
|
|
#define KERN_DEBUG "<7>" /* debug-level messages */
|
|
|
|
/* Use the default kernel loglevel */
|
|
#define KERN_DEFAULT "<d>"
|
|
/*
|
|
* Annotation for a "continued" line of log printout (only done after a
|
|
* line that had no enclosing \n). Only to be used by core/arch code
|
|
* during early bootup (a continued line is not SMP-safe otherwise).
|
|
*/
|
|
#define KERN_CONT "<c>"
|
|
|
|
extern int console_printk[];
|
|
|
|
#define console_loglevel (console_printk[0])
|
|
#define default_message_loglevel (console_printk[1])
|
|
#define minimum_console_loglevel (console_printk[2])
|
|
#define default_console_loglevel (console_printk[3])
|
|
|
|
struct va_format {
|
|
const char *fmt;
|
|
va_list *va;
|
|
};
|
|
|
|
/*
|
|
* FW_BUG
|
|
* Add this to a message where you are sure the firmware is buggy or behaves
|
|
* really stupid or out of spec. Be aware that the responsible BIOS developer
|
|
* should be able to fix this issue or at least get a concrete idea of the
|
|
* problem by reading your message without the need of looking at the kernel
|
|
* code.
|
|
*
|
|
* Use it for definite and high priority BIOS bugs.
|
|
*
|
|
* FW_WARN
|
|
* Use it for not that clear (e.g. could the kernel messed up things already?)
|
|
* and medium priority BIOS bugs.
|
|
*
|
|
* FW_INFO
|
|
* Use this one if you want to tell the user or vendor about something
|
|
* suspicious, but generally harmless related to the firmware.
|
|
*
|
|
* Use it for information or very low priority BIOS bugs.
|
|
*/
|
|
#define FW_BUG "[Firmware Bug]: "
|
|
#define FW_WARN "[Firmware Warn]: "
|
|
#define FW_INFO "[Firmware Info]: "
|
|
|
|
/*
|
|
* HW_ERR
|
|
* Add this to a message for hardware errors, so that user can report
|
|
* it to hardware vendor instead of LKML or software vendor.
|
|
*/
|
|
#define HW_ERR "[Hardware Error]: "
|
|
|
|
#ifdef CONFIG_PRINTK
|
|
asmlinkage int vprintk(const char *fmt, va_list args)
|
|
__attribute__ ((format (printf, 1, 0)));
|
|
asmlinkage int printk(const char * fmt, ...)
|
|
__attribute__ ((format (printf, 1, 2))) __cold;
|
|
|
|
/*
|
|
* Please don't use printk_ratelimit(), because it shares ratelimiting state
|
|
* with all other unrelated printk_ratelimit() callsites. Instead use
|
|
* printk_ratelimited() or plain old __ratelimit().
|
|
*/
|
|
extern int __printk_ratelimit(const char *func);
|
|
#define printk_ratelimit() __printk_ratelimit(__func__)
|
|
extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
|
|
unsigned int interval_msec);
|
|
|
|
extern int printk_delay_msec;
|
|
extern int dmesg_restrict;
|
|
extern int kptr_restrict;
|
|
|
|
/*
|
|
* Print a one-time message (analogous to WARN_ONCE() et al):
|
|
*/
|
|
#define printk_once(x...) ({ \
|
|
static bool __print_once; \
|
|
\
|
|
if (!__print_once) { \
|
|
__print_once = true; \
|
|
printk(x); \
|
|
} \
|
|
})
|
|
|
|
void log_buf_kexec_setup(void);
|
|
#else
|
|
static inline int vprintk(const char *s, va_list args)
|
|
__attribute__ ((format (printf, 1, 0)));
|
|
static inline int vprintk(const char *s, va_list args) { return 0; }
|
|
static inline int printk(const char *s, ...)
|
|
__attribute__ ((format (printf, 1, 2)));
|
|
static inline int __cold printk(const char *s, ...) { return 0; }
|
|
static inline int printk_ratelimit(void) { return 0; }
|
|
static inline bool printk_timed_ratelimit(unsigned long *caller_jiffies, \
|
|
unsigned int interval_msec) \
|
|
{ return false; }
|
|
|
|
/* No effect, but we still get type checking even in the !PRINTK case: */
|
|
#define printk_once(x...) printk(x)
|
|
|
|
static inline void log_buf_kexec_setup(void)
|
|
{
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* Dummy printk for disabled debugging statements to use whilst maintaining
|
|
* gcc's format and side-effect checking.
|
|
*/
|
|
static inline __attribute__ ((format (printf, 1, 2)))
|
|
int no_printk(const char *s, ...) { return 0; }
|
|
|
|
extern int printk_needs_cpu(int cpu);
|
|
extern void printk_tick(void);
|
|
|
|
extern void asmlinkage __attribute__((format(printf, 1, 2)))
|
|
early_printk(const char *fmt, ...);
|
|
|
|
static inline void console_silent(void)
|
|
{
|
|
console_loglevel = 0;
|
|
}
|
|
|
|
static inline void console_verbose(void)
|
|
{
|
|
if (console_loglevel)
|
|
console_loglevel = 15;
|
|
}
|
|
|
|
extern void dump_stack(void) __cold;
|
|
|
|
enum {
|
|
DUMP_PREFIX_NONE,
|
|
DUMP_PREFIX_ADDRESS,
|
|
DUMP_PREFIX_OFFSET
|
|
};
|
|
extern void hex_dump_to_buffer(const void *buf, size_t len,
|
|
int rowsize, int groupsize,
|
|
char *linebuf, size_t linebuflen, bool ascii);
|
|
extern void print_hex_dump(const char *level, const char *prefix_str,
|
|
int prefix_type, int rowsize, int groupsize,
|
|
const void *buf, size_t len, bool ascii);
|
|
extern void print_hex_dump_bytes(const char *prefix_str, int prefix_type,
|
|
const void *buf, size_t len);
|
|
|
|
#ifndef pr_fmt
|
|
#define pr_fmt(fmt) fmt
|
|
#endif
|
|
|
|
#define pr_emerg(fmt, ...) \
|
|
printk(KERN_EMERG pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_alert(fmt, ...) \
|
|
printk(KERN_ALERT pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_crit(fmt, ...) \
|
|
printk(KERN_CRIT pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_err(fmt, ...) \
|
|
printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_warning(fmt, ...) \
|
|
printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_warn pr_warning
|
|
#define pr_notice(fmt, ...) \
|
|
printk(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_info(fmt, ...) \
|
|
printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_cont(fmt, ...) \
|
|
printk(KERN_CONT fmt, ##__VA_ARGS__)
|
|
|
|
/* pr_devel() should produce zero code unless DEBUG is defined */
|
|
#ifdef DEBUG
|
|
#define pr_devel(fmt, ...) \
|
|
printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
|
|
#else
|
|
#define pr_devel(fmt, ...) \
|
|
({ if (0) printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__); 0; })
|
|
#endif
|
|
|
|
/* If you are writing a driver, please use dev_dbg instead */
|
|
#if defined(DEBUG)
|
|
#define pr_debug(fmt, ...) \
|
|
printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
|
|
#elif defined(CONFIG_DYNAMIC_DEBUG)
|
|
/* dynamic_pr_debug() uses pr_fmt() internally so we don't need it here */
|
|
#define pr_debug(fmt, ...) \
|
|
dynamic_pr_debug(fmt, ##__VA_ARGS__)
|
|
#else
|
|
#define pr_debug(fmt, ...) \
|
|
({ if (0) printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__); 0; })
|
|
#endif
|
|
|
|
/*
|
|
* ratelimited messages with local ratelimit_state,
|
|
* no local ratelimit_state used in the !PRINTK case
|
|
*/
|
|
#ifdef CONFIG_PRINTK
|
|
#define printk_ratelimited(fmt, ...) ({ \
|
|
static DEFINE_RATELIMIT_STATE(_rs, \
|
|
DEFAULT_RATELIMIT_INTERVAL, \
|
|
DEFAULT_RATELIMIT_BURST); \
|
|
\
|
|
if (__ratelimit(&_rs)) \
|
|
printk(fmt, ##__VA_ARGS__); \
|
|
})
|
|
#else
|
|
/* No effect, but we still get type checking even in the !PRINTK case: */
|
|
#define printk_ratelimited printk
|
|
#endif
|
|
|
|
#define pr_emerg_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_EMERG pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_alert_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_ALERT pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_crit_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_CRIT pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_err_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_warning_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_warn_ratelimited pr_warning_ratelimited
|
|
#define pr_notice_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__)
|
|
#define pr_info_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
|
|
/* no pr_cont_ratelimited, don't do that... */
|
|
/* If you are writing a driver, please use dev_dbg instead */
|
|
#if defined(DEBUG)
|
|
#define pr_debug_ratelimited(fmt, ...) \
|
|
printk_ratelimited(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
|
|
#else
|
|
#define pr_debug_ratelimited(fmt, ...) \
|
|
({ if (0) printk_ratelimited(KERN_DEBUG pr_fmt(fmt), \
|
|
##__VA_ARGS__); 0; })
|
|
#endif
|
|
|
|
#endif
|