Re: [PATCH] lib/vsprintf: Validate sleepable context during restrictred pointer formatting

Next message: Borislav Petkov: "Re: [PATCH v2 1/2] x86/cpu: Disable CR pinning during CPU bringup"
Previous message: Richard Genoud: "[PATCH v3 9/9] mtd: rawnand: sunxi: introduce maximize variable user data length"
In reply to: Andy Shevchenko: "Re: [PATCH] lib/vsprintf: Validate sleepable context during restrictred pointer formatting"
Next in thread: Steven Rostedt: "Re: [PATCH] lib/vsprintf: Validate sleepable context during restrictred pointer formatting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Thomas Weißschuh

Date: Tue Mar 17 2026 - 10:42:14 EST

On Tue, Mar 17, 2026 at 04:07:56PM +0200, Andy Shevchenko wrote:
> On Tue, Mar 17, 2026 at 12:41:23PM +0100, Thomas Weißschuh wrote:
> > Depending on the system configuration, the restricted pointer formatting
> > might call into the security subsystem which might sleep.
> > As %pK is intended to be only used from read handlers of virtual files,
> > which always run in task context, this should never happen in practice.
> > However, developers have used %pK before from atomic context without
> > realizing this restriction. While all existing user of %pK through
> > printk() have been removed, new ones might be reintroduced accidentally
> > in the future.
> >
> > Add a might_sleep(), so that misuse of %pK from atomic context is
> > detected right away.
>
> ...
>
> > + /* Only usable from task context, The call to has_capability_noaudit() might sleep. */
> > + might_sleep();
>
> Yeah, but for kptr_restrict != 1 it's not true. Perhaps might_sleep_if() ?

kptr_restrict can change any time at runtime. The whole point of this patch
is to detect the API misuse independently from the system configuration.
Developers probably don't test against kptr_restrict == 1 and therefore
it will only blow up on users system.

Thomas