Re: [PATCH v2] printk: hash addresses printed with %p

From: Steven Rostedt
Date: Tue Oct 17 2017 - 09:31:29 EST


On Tue, 17 Oct 2017 15:52:51 +1100
"Tobin C. Harding" <me@xxxxxxxx> wrote:

> Currently there are many places in the kernel where addresses are being
> printed using an unadorned %p. Kernel pointers should be printed using
> %pK allowing some control via the kptr_restrict sysctl. Exposing addresses
> gives attackers sensitive information about the kernel layout in memory.
>
> We can reduce the attack surface by hashing all addresses printed with
> %p. This will of course break some users, forcing code printing needed
> addresses to be updated.
>
> For what it's worth, usage of unadorned %p can be broken down as follows
>
> git grep '%p[^KFfSsBRrbMmIiEUVKNhdDgCGO]' | wc -l

Does %p[FfSs] leak addresses? Well, I guess it does if they are not
found in kallsyms, but otherwise you have:

function+0x<offset>

-- Steve


>
> arch: 2512
> block: 20
> crypto: 12
> fs: 1221
> include: 147
> kernel: 109
> lib: 77
> mm: 120
> net: 1516
> security: 11
> sound: 168
> virt: 2
> drivers: 8420
>
> Add helper function siphash_1ulong(). Add function ptr_to_id() to map an
> address to a 32 bit unique identifier.
>
> Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
> ---
>