Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 05 Dec 2017 15:31:20 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: geert@...ux-m68k.org
Cc: me@...in.cc, kernel-hardening@...ts.openwall.com,
 torvalds@...ux-foundation.org, Jason@...c4.com, tytso@....edu,
 keescook@...omium.org, pbonzini@...hat.com, tycho@...ho.ws,
 william.c.roberts@...el.com, tj@...nel.org, Golden_Miller83@...tonmail.ch,
 gregkh@...uxfoundation.org, pmladek@...e.com, joe@...ches.com,
 ijc@...lion.org.uk, sergey.senozhatsky@...il.com, catalin.marinas@....com,
 wilal.deacon@....com, rostedt@...dmis.org, cfries@...gle.com,
 olorin@...gle.com, danielmicay@...il.com, tixxdz@...il.com,
 rkrcmar@...hat.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
 sfr@...b.auug.org.au, aryabinin@...tuozzo.com, glider@...gle.com,
 dvyukov@...gle.com, akpm@...ux-foundation.org,
 sergei.shtylyov@...entembedded.com
Subject: Re: [PATCH V11 3/5] printk: hash addresses printed with %p

From: Geert Uytterhoeven <geert@...ux-m68k.org>
Date: Tue, 5 Dec 2017 21:20:57 +0100

> Hi Tobin,
> 
> On Wed, Nov 29, 2017 at 3:05 AM, Tobin C. Harding <me@...in.cc> wrote:
>> Currently there exist approximately 14 000 places in the kernel where
>> addresses are being printed using an unadorned %p. This potentially
>> leaks sensitive information regarding the Kernel layout in memory. Many
>> of these calls are stale, instead of fixing every call lets hash the
>> address by default before printing. This will of course break some
>> users, forcing code printing needed addresses to be updated.
>>
>> Code that _really_ needs the address will soon be able to use the new
>> printk specifier %px to print the address.
> 
>> --- a/lib/vsprintf.c
>> +++ b/lib/vsprintf.c
> 
>> +/* Maps a pointer to a 32 bit unique identifier. */
>> +static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec)
>> +{
>> +       unsigned long hashval;
>> +       const int default_width = 2 * sizeof(ptr);
>> +
>> +       if (unlikely(!have_filled_random_ptr_key)) {
>> +               spec.field_width = default_width;
>> +               /* string length must be less than default_width */
>> +               return string(buf, end, "(ptrval)", spec);
>> +       }
>> +
>> +#ifdef CONFIG_64BIT
>> +       hashval = (unsigned long)siphash_1u64((u64)ptr, &ptr_key);
>> +       /*
>> +        * Mask off the first 32 bits, this makes explicit that we have
>> +        * modified the address (and 32 bits is plenty for a unique ID).
>> +        */
>> +       hashval = hashval & 0xffffffff;
>> +#else
>> +       hashval = (unsigned long)siphash_1u32((u32)ptr, &ptr_key);
>> +#endif
> 
> Would it make sense to keep the 3 lowest bits of the address?
> 
> Currently printed pointers no longer have any correlation with the actual
> alignment in memory of the object, which is a typical cause of a class of bugs.

Yeah, this is driving people nuts who wonder why pointers are aligned
all weird now.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.