Re: [PATCH V9] printk: hash addresses printed with %p
From: Petr Mladek
Date: Tue Oct 31 2017 - 11:39:58 EST
On Mon 2017-10-30 09:59:16, Tobin C. Harding wrote:
> Currently there are many places in the kernel where addresses are being
> printed using an unadorned %p. Kernel pointers should be printed using
> %pK allowing some control via the kptr_restrict sysctl. Exposing addresses
> gives attackers sensitive information about the kernel layout in memory.
>
> We can reduce the attack surface by hashing all addresses printed with
> %p. This will of course break some users, forcing code printing needed
> addresses to be updated.
I am sorry for my ignorance but what is the right update, please?
I expect that there are several possibilities:
+ remove the pointer at all
+ replace it with %pK so that it honors kptr_restrict setting
+ any other option?
Is kptr_restrict considered a safe mechanism?
Also kptr_restrict seems to be primary for the messages that are available
via /proc and /sys. Is it good enough for the messages logged by
printk()?
Will there be a debug option that would allow to see the original
pointers? Or what is the preferred way for debug messages?
> For what it's worth, usage of unadorned %p can be broken down as
> follows (thanks to Joe Perches).
>
> $ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
> 1084 arch
> 20 block
> 10 crypto
> 32 Documentation
> 8121 drivers
> 1221 fs
> 143 include
> 101 kernel
> 69 lib
> 100 mm
> 1510 net
> 40 samples
> 7 scripts
> 11 security
> 166 sound
> 152 tools
> 2 virt
It is evident that it will hit many people. I guess that they will
be suprised and might have similar questions. It might make sense
to decribe this in Documentation/printk-formats.txt.
Best Regards,
Petr