[PATCH] lib/vsprintf: Validate sleepable context during restrictred pointer formatting

[Thomas Weißschuh]

Depending on the system configuration, the restricted pointer formatting
might call into the security subsystem which might sleep.
As %pK is intended to be only used from read handlers of virtual files,
which always run in task context, this should never happen in practice.
However, developers have used %pK before from atomic context without
realizing this restriction. While all existing user of %pK through
printk() have been removed, new ones might be reintroduced accidentally
in the future.

Add a might_sleep(), so that misuse of %pK from atomic context is
detected right away.

Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c7070468023@xxxxxxxxxxxxx/
Link: https://lore.kernel.org/lkml/20241217142032.55793-1-acarmina@xxxxxxxxxx/
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@xxxxxxxxxxxxx>
---
This depends on commit 5886cc8f895b ("drm/msm/dpu: Don't use %pK through
printk (again)"), which was merged in v7.0-rc2.
---
 lib/vsprintf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 800b8ac49f53..eb9dbb28fb9b 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -862,6 +862,9 @@ static noinline_for_stack
 char *restricted_pointer(char *buf, char *end, const void *ptr,
 			 struct printf_spec spec)
 {
+	/* Only usable from task context, The call to has_capability_noaudit() might sleep. */
+	might_sleep();
+
 	switch (kptr_restrict) {
 	case 0:
 		/* Handle as %p, hash and do _not_ leak addresses. */

---
base-commit: 2d1373e4246da3b58e1df058374ed6b101804e07
change-id: 20260107-restricted-pointers-final-cd24979fd752

Best regards,
-- 
Thomas Weißschuh <thomas.weissschuh@xxxxxxxxxxxxx>