On Tue, Dec 19, 2017 at 2:22 PM, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote: >> > >> This BUG is reporting >> > >> >> > >> [ 26.089789] usercopy: kernel memory overwrite attempt detected to 0000000022a5b430 (kmalloc-1024) (1024 bytes) >> > >> >> > >> line. But isn't 0000000022a5b430 strange for kmalloc(1024, GFP_KERNEL)ed kernel address? >> > > >> > > The address is hashed (see the %p threads for 4.15). >> > >> > >> > +Tobin, is there a way to disable hashing entirely? The only >> > designation of syzbot is providing crash reports to kernel developers >> > with as much info as possible. It's fine for it to leak whatever. >> >> We have new specifier %px to print addresses in hex if leaking info is >> not a worry. > > Could we have a way to know that the printed address is hashed and not just > a pointer getting completely scrogged? Perhaps prefix it with ... a hash! > So this line would look like: > > [ 26.089789] usercopy: kernel memory overwrite attempt detected to #0000000022a5b430 (kmalloc-1024) (1024 bytes) > > Or does that miss the point of hashing the address, so the attacker > thinks its a real address? If we do something with this, I would suggest that we just disable hashing. Any of the concerns that lead to hashed pointers are not applicable in this context, moreover they are harmful, cause confusion and make it harder to debug these bugs. That perfectly can be an opt-in CONFIG_DEBUG_INSECURE_BLA_BLA_BLA. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>