Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Oct 2017 21:25:20 +0200
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: "Tobin C. Harding" <me@...in.cc>
Cc: kernel-hardening@...ts.openwall.com,  "Jason A. Donenfeld" <Jason@...c4.com>,  Theodore Ts'o <tytso@....edu>,  Linus Torvalds <torvalds@...ux-foundation.org>,  Kees Cook <keescook@...omium.org>,  Paolo Bonzini <pbonzini@...hat.com>,  Tycho Andersen <tycho@...ker.com>,  "Roberts\, William C" <william.c.roberts@...el.com>,  Tejun Heo <tj@...nel.org>,  Jordan Glover <Golden_Miller83@...tonmail.ch>,  Greg KH <gregkh@...uxfoundation.org>,  Petr Mladek <pmladek@...e.com>,  Joe Perches <joe@...ches.com>,  Ian Campbell <ijc@...lion.org.uk>,  Sergey Senozhatsky <sergey.senozhatsky@...il.com>,  Catalin Marinas <catalin.marinas@....com>,  Will Deacon <wilal.deacon@....com>,  Steven Rostedt <rostedt@...dmis.org>,  Chris Fries <cfries@...gle.com>
Subject: Re: [PATCH v7] printk: hash addresses printed with %p

On Tue, Oct 24 2017, "Tobin C. Harding" <me@...in.cc> wrote:

> +
> +/* Maps a pointer to a 32 bit unique identifier. */
> +static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec)
> +{
> +	unsigned int hashval;
> +
> +	if (static_branch_unlikely(&no_ptr_secret))
> +		return "(pointer value)";

Eh, you probably meant to call

  string(buf, end, "(pointer value)", some-appropriate-spec)

otherwise this will either crash very soon (when the following output
wants to overwrite that '(' in .rodata), or at the very least cause a
completely bogus eventual return value (if the "(pointer value)" string
happens to have an address > end, so that we don't actually attempt any
more printing).

Whether the given spec is suitable as some-appropriate-spec or one
should just use a fixed one I don't know.


The rest are just random thoughts/ramblings/questions, feel free to ignore.

Can one do some qemu magic to test the no_ptr_secret code path?

> +
> +#ifdef CONFIG_64BIT
> +	hashval = (unsigned int)siphash_1u64((u64)ptr, &ptr_secret);
> +#else
> +	hashval = (unsigned int)siphash_1u32((u32)ptr, &ptr_secret);
> +#endif
> +
> +	spec.field_width = 2 * sizeof(unsigned int);
> +	spec.flags = SMALL;
> +	spec.base = 16;
> +
> +	return number(buf, end, hashval, spec);
> +}

Maybe include SPECIAL in flags? I know that this is just meant to be
mostly-unique identifier and its not really a number, but it's still
weird to see a string of hex digits not preceded by 0x. Also, maybe use
.precision to get zero-padding instead of spaces?

I haven't followed the discussion too closely, but has it been
considered to exempt NULL from hashing?

Rasmus

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.