From nobody Thu Apr  2 18:49:16 2026
Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com
 [209.85.219.43])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E13511DEFE0
	for <linux-kernel@vger.kernel.org>; Fri, 27 Mar 2026 03:33:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.219.43
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774582420; cv=none;
 b=c7PLTz35pHlZw6+jjG0QN5Z5uwA4hp8oA4Vm0cnyKNyZzR0ZLW0jD59tQKb7ur1pC0oVKi2zDCGzQE8fKXGmOHeka8180E1pgx0sXL3j04fPLPsAImUe6FqQe0uBIumEIFMa7GuTocbtDBKZWAo7B2ImyAUsttRR8hTTTbD+IHw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774582420; c=relaxed/simple;
	bh=pd2uvYHBSMAgA0yLve+m/ccHxTIR5c0aDL+TySoU03A=;
	h=From:To:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=r0F7cs+GzM6zmz3FRIk+3SKXSjVu90pzB3CjU/zgBwNXcx3RbgisWPKcGMlzMjluW89NuzIVb12mFYsJ6SWoEZ/7ANnrid2SnGDvcyVU5kj+SyCOJIyyOX39XAqiCcCLbQRwYeuAlRL23sezuRTTTSUdvUSalYbb6FVeuSJdGwc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=soleen.com;
 spf=pass smtp.mailfrom=soleen.com;
 dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com
 header.b=Oq59iogM; arc=none smtp.client-ip=209.85.219.43
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=soleen.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=soleen.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=soleen.com header.i=@soleen.com
 header.b="Oq59iogM"
Received: by mail-qv1-f43.google.com with SMTP id
 6a1803df08f44-89a1d7cc7f0so14216276d6.1
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Mar 2026 20:33:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=soleen.com; s=google; t=1774582418; x=1775187218;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=uLvspK1gu6gX+80jQiUMF5aw95bvgPpDygvOrl90xlM=;
        b=Oq59iogMcNQSF/fCkEQh8VsZ1Z3hKc7vuW9oGVkeEsugo0R04lvd6m8RhlNvRpTnMf
         VfOe49RksB7zVw6l7bWvnqHVDm8NJBiQl13S2Qk9eUp5rhB2sEb62QUL9+z8rNbvMmom
         Y2AQUSPug2DRIayrwACGb4rcUPbnguCaXwTJ1T9iiNKppnvrKtjkOe3XeGuMr+TKcXc7
         GQhgMsYWpmUA9GwSBFgpNN9C4P7Phv0K8FzpqIDcIwr4lUA8EzXF7GX/sLQA61NKdI2a
         Ao0U1AhmDuU21BXTNUdidsO4Yv9WDMnHOuMUuOJ67yC7Kmw675IcuRJZUUBa06fSeUY6
         d0Mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774582418; x=1775187218;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=uLvspK1gu6gX+80jQiUMF5aw95bvgPpDygvOrl90xlM=;
        b=WR3jx7Wj0eQ6ULUshoKR4tM2cHCrQIfk9KvXnyYb3d/Gx/rYeTHhYTMpLlCrrqERDs
         IawL3FjCNPzgh45du70KXdy4bWGVWm6aRESddzuaH4FwSpTM4l8pUDqB2ktVHbN+xVvZ
         ZFoGOhhhlNnSZQyw3lmaeR97CYmf6E42CeH3WCLgDhbHTAZaIu7fJiLwx+9EywlXlHtF
         fYMOhIIwlbskr1pFdUmSSHHJIy0ssvnaT97uvTaPWZW0i5G6a3DL3dQ+Y7PqonGap+n6
         hucg2921diDBoGyoghCrCQwNStiHkIpyBrqTr2dHeaIlqlJ5v4XOkvksDezuJ1K5ifHQ
         DSiQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCViOVNogW2r1jFZnV+F8N7Yq0UU/SBbXeTAC7XTwIcIEkfa0JsKXWfE/xljvWfvcSXluz8Mih2vCacM0B0=@vger.kernel.org
X-Gm-Message-State: AOJu0YwXUdA/b/D90VWMtniaYv8zuPtKaX9xxUAxQ3EeOwNAq8K25yRH
	k22wXIaqhP4mm6B2pXPhF8fdytT0QVvClHCckSHlBlHA45G13HRUYQddBt22IAqcgRY=
X-Gm-Gg: ATEYQzxJuDvkA0Wj5tjyFfTWGFOzKquVX10Qyade7/tjV2HKgBGGjY9sC4wxFZc6yCA
	gD76XKs5k9Tte8PGcBLoN09XqmSn7WMJn3uTwKB0G8EyoTmTnBICGkC6oMHg8jaVRuc4DNQAvJA
	pKpmAQKLahUkz2zMbRAMTdwVmKEDoRFS5wR+1r12OW4HI8R3Nwpe7MROWAnuyx/poqT5UGj5cif
	gR2dLlaheuZ6B/m7Xz7iKYhLoExXGIaL3N7LIkJEfaJfhaJjc+11axSF+34OwmWED1Yjiam9leg
	K0JYHPrW7qFofEsYnpVlcI9Wzn5f40rTTNz3KnimFNl6VGo+xhs2RY1dF+2oFROCu8VbEOhcZ6/
	odEHMhjeg75NMy4r+aE1CZbj+oSFkIHBbm2gfVhkI/e293pcVha/g4ZDTTOYDtudPn9nvF6If0q
	Yzenaeht+dNW0FpzAgP+VyQfTnuyPs8n7zH9ZKrVk4hf0BI47mY6ENoJMjGoZONEXETw==
X-Received: by 2002:a05:6214:3d9c:b0:89c:5d56:bcac with SMTP id
 6a1803df08f44-89ce8b87d89mr11941016d6.0.1774582417846;
        Thu, 26 Mar 2026 20:33:37 -0700 (PDT)
Received: from plex.localdomain ([71.181.43.54])
        by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-89cd5a22711sm46519186d6.27.2026.03.26.20.33.36
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 26 Mar 2026 20:33:37 -0700 (PDT)
From: Pasha Tatashin <pasha.tatashin@soleen.com>
To: rppt@kernel.org,
	akpm@linux-foundation.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	pasha.tatashin@soleen.com,
	dmatlack@google.com,
	pratyush@kernel.org,
	skhawaja@google.com
Subject: [PATCH v3 01/10] liveupdate: Safely print untrusted strings
Date: Fri, 27 Mar 2026 03:33:25 +0000
Message-ID: <20260327033335.696621-2-pasha.tatashin@soleen.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260327033335.696621-1-pasha.tatashin@soleen.com>
References: <20260327033335.696621-1-pasha.tatashin@soleen.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Deserialized strings from KHO data (such as file handler compatible
strings and session names) are provided by the previous kernel and
might not be null-terminated if the data is corrupted or maliciously
crafted.

When printing these strings in error messages, use the %.*s format
specifier with the maximum buffer size to prevent out-of-bounds reads
into adjacent kernel memory.

Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Pratyush Yadav (Google) <pratyush@kernel.org>
---
 kernel/liveupdate/luo_file.c    | 3 ++-
 kernel/liveupdate/luo_session.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/liveupdate/luo_file.c b/kernel/liveupdate/luo_file.c
index 5acee4174bf0..a6d98fc75d25 100644
--- a/kernel/liveupdate/luo_file.c
+++ b/kernel/liveupdate/luo_file.c
@@ -785,7 +785,8 @@ int luo_file_deserialize(struct luo_file_set *file_set,
 		}
=20
 		if (!handler_found) {
-			pr_warn("No registered handler for compatible '%s'\n",
+			pr_warn("No registered handler for compatible '%.*s'\n",
+				(int)sizeof(file_ser[i].compatible),
 				file_ser[i].compatible);
 			return -ENOENT;
 		}
diff --git a/kernel/liveupdate/luo_session.c b/kernel/liveupdate/luo_sessio=
n.c
index 25ae704d7787..8c76dece679b 100644
--- a/kernel/liveupdate/luo_session.c
+++ b/kernel/liveupdate/luo_session.c
@@ -544,7 +544,8 @@ int luo_session_deserialize(void)
=20
 		session =3D luo_session_alloc(sh->ser[i].name);
 		if (IS_ERR(session)) {
-			pr_warn("Failed to allocate session [%s] during deserialization %pe\n",
+			pr_warn("Failed to allocate session [%.*s] during deserialization %pe\n=
",
+				(int)sizeof(sh->ser[i].name),
 				sh->ser[i].name, session);
 			return PTR_ERR(session);
 		}
--=20
2.43.0