video: tegra: nvmap: Fix print format specifier
Gagan Grover [Tue, 29 Nov 2016 13:15:33 +0000 (18:15 +0530)]
The format specifier %p can leak kernel addresses.
The fix is designed to use %pK instead of %p, which also evaluates
whether kptr_restrict is set.

CVE-2016-8408 A-31496571

Bug 1844902

Change-Id: I35c3ddb7b6a52e4edba814de0eaa5e85629130b9
Signed-off-by: Gagan Grover <ggrover@nvidia.com>
Reviewed-on: http://git-master/r/1262308
Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>

drivers/video/tegra/nvmap/nvmap_dev.c

index 1029dfc..7179ad9 100644 (file)
@@ -763,7 +763,7 @@ static void allocations_stringify(struct nvmap_client *client,
                        phys_addr_t base = heap_type == NVMAP_HEAP_IOVMM ? 0 :
                                           (handle->carveout->base);
                        seq_printf(s,
-                               "%-18s %-18s %8llx %10zuK %8x %6u %6u %6u %6u %6u %6u %8p\n",
+                               "%-18s %-18s %8llx %10zuK %8x %6u %6u %6u %6u %6u %6u %8pK\n",
                                "", "",
                                (unsigned long long)base, K(handle->size),
                                handle->userflags,