The patch titled
Subject: docs: correct documentation for %pK
has been removed from the -mm tree. Its filename was
docs-correct-documentation-for-%pk.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: "Tobin C. Harding" <me@xxxxxxxx>
Subject: docs: correct documentation for %pK
Patch series "hash addresses printed with %p", v11.
Currently there exist approximately 14000 places in the Kernel where
addresses are being printed using an unadorned %p. This potentially leaks
sensitive information regarding the Kernel layout in memory. Many of
these calls are stale, instead of fixing every call lets hash the address
by default before printing. This will of course break some users, forcing
code printing needed addresses to be updated. We can add a printk
specifier for this purpose (%px) to give developers a clear upgrade path
for breakages caused by applying this patch set.
The added advantage of hashing %p is that security is now opt-out, if you
_really_ want the address you have to work a little harder and use %px.
The idea for creating the printk specifier %px to print the actual address
was suggested by Kees Cook (see below for email threads by subject).
Newbie question: I don't know who is potentially going to want to apply
this, I've CC'd Andrew Morton. I'm guessing this should go into
linux-next so we can see what breaks? I do not know exactly how code gets
into linux-next. I've CC'd Stephen Rothwell.
Here is the behaviour that this series implements.
For kpt_restrict==0
Randomness not ready:
printed with %p: (ptrval) # NOTE: with padding
Valid pointer:
printed with %pK: deadbeefdeadbeef
printed with %p: 00000000deadbeef
malformed specifier (eg %i): 00000000deadbeef
NULL pointer:
printed with %pK: 0000000000000000
printed with %p: (null) # NOTE: with padding
malformed specifier (eg %i): (null)
For kpt_restrict==2
Valid pointer:
printed with %pK: 0000000000000000
All other output as for kptr_restrict==0
Why hash the addresses rather than simply printing "<obscured>" in their
place?
Consensus is that if we provide a unique identifier (the hashed address)
then this is useful for debugging (i.e differentiating between structs
when you have a list of them).
The first 32 bits (on 64 bit machines) were zeroed out because
1. they are unnecessary in achieving the aim.
2. it reduces noise.
3. makes explicit some funny business was going on.
And bonus points, hopefully we don't break userland tools that parse
addresses if the format is still the same.
This patch (of 5):
Current documentation indicates that %pK prints a leading '0x'. This is
not the case.
Correct documentation for printk specifier %pK.
Link: http://lkml.kernel.org/r/1511921105-3647-2-git-send-email-me@xxxxxxxx
Signed-off-by: Tobin C. Harding <me@xxxxxxxx>
Cc: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Cc: "Theodore Ts'o" <tytso@xxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Cc: Tycho Andersen <tycho@xxxxxxxx>
Cc: "Roberts, William C" <william.c.roberts@xxxxxxxxx>
Cc: Tejun Heo <tj@xxxxxxxxxx>
Cc: Jordan Glover <Golden_Miller83@xxxxxxxxxxxxx>
Cc: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Petr Mladek <pmladek@xxxxxxxx>
Cc: Joe Perches <joe@xxxxxxxxxxx>
Cc: Ian Campbell <ijc@xxxxxxxxxxxxxx>
Cc: Radim Krčmář <rkrcmar@xxxxxxxxxx>
Cc: Sergey Senozhatsky <sergey.senozhatsky@xxxxxxxxx>
Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: Chris Fries <cfries@xxxxxxxxxx>
Cc: Dave Weinstein <olorin@xxxxxxxxxx>
Cc: Daniel Micay <danielmicay@xxxxxxxxx>
Cc: Djalal Harouni <tixxdz@xxxxxxxxx>
Cc: Radim Kr\u010dm\u0159 <rkrcmar@xxxxxxxxxx>
Cc: David Miller <davem@xxxxxxxxxxxxx>
Cc: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Cc: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
Documentation/printk-formats.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff -puN Documentation/printk-formats.txt~docs-correct-documentation-for-%pk Documentation/printk-formats.txt
--- a/Documentation/printk-formats.txt~docs-correct-documentation-for-%pk
+++ a/Documentation/printk-formats.txt
@@ -85,13 +85,12 @@ Examples::
printk("Faulted at %pS\n", (void *)regs->ip);
printk(" %s%pB\n", (reliable ? "" : "? "), (void *)*stack);
-
Kernel Pointers
===============
::
- %pK 0x01234567 or 0x0123456789abcdef
+ %pK 01234567 or 0123456789abcdef
For printing kernel pointers which should be hidden from unprivileged
users. The behaviour of ``%pK`` depends on the ``kptr_restrict sysctl`` - see
_
Patches currently in -mm which might be from me@xxxxxxxx are
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
