|
Message-ID: <CAGXu5jKG7FD_wGbeGtATLA4h3eAwvV5P+74T=DKAN58XLqGhEw@mail.gmail.com> Date: Wed, 29 Nov 2017 15:56:16 -0800 From: Kees Cook <keescook@...omium.org> To: "Tobin C. Harding" <me@...in.cc> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, David Laight <David.Laight@...lab.com>, "Jason A. Donenfeld" <Jason@...c4.com>, "Theodore Ts'o" <tytso@....edu>, Paolo Bonzini <pbonzini@...hat.com>, Tycho Andersen <tycho@...ho.ws>, "Roberts, William C" <william.c.roberts@...el.com>, Tejun Heo <tj@...nel.org>, Jordan Glover <Golden_Miller83@...tonmail.ch>, Greg KH <gregkh@...uxfoundation.org>, Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>, Ian Campbell <ijc@...lion.org.uk>, Sergey Senozhatsky <sergey.senozhatsky@...il.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <wilal.deacon@....com>, Steven Rostedt <rostedt@...dmis.org>, Chris Fries <cfries@...gle.com>, Dave Weinstein <olorin@...gle.com>, Daniel Micay <danielmicay@...il.com>, Djalal Harouni <tixxdz@...il.com>, Radim Krcmár <rkrcmar@...hat.com>, David Miller <davem@...emloft.net>, Stephen Rothwell <sfr@...b.auug.org.au>, Andrey Ryabinin <aryabinin@...tuozzo.com>, Alexander Potapenko <glider@...gle.com>, Dmitry Vyukov <dvyukov@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, kernel-hardening@...ts.openwall.com, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Network Development <netdev@...r.kernel.org> Subject: Re: [PATCH 0/2] replace %pK with %p On Wed, Nov 29, 2017 at 3:38 PM, Tobin C. Harding <me@...in.cc> wrote: > We are now hashing addresses printed with %pK (when > kptr_restrict==0). Perhaps we can get rid of %pK (and kptr_restrict) > entirely. Instead of rushing ahead and doing so let's replace all printk > format strings that use %pK with %p. NAK. Real people use kptr_restrict -- removing %pK is a regression for them. Setting kptr_restrict should zero the values marked with %pK. There is still a risk of correlating information leaks to at least select a target. If we add a knob for the %p hashing to switch to zeroing, then we could drop %pK, IMO. -Kees > > It is a nice time to do this now while we are prepared for breakages > from applying the pointer hashing patch series. > > The patch to remove kptr_restrict entirely should then be a non-event. > > Second patch adds printk specifier %pz to display zeroed address. This > may be useful for fixing things that break during the fallout from > hashing and replacing %pK. We can always revert this patch if it turns > out to be worthless, right? > > Patch 1 was created using > > for file in $(git grep -l '%pK') > do > perl -pi -e 's/%pK/%p/g' $file > done > > thanks, > Tobin. > > Tobin C. Harding (2): > tree-wide: replace all users of %pK with %p > printk: add specifier %pz, for zeroed address > > Documentation/printk-formats.txt | 11 +++ > arch/arm/mm/physaddr.c | 2 +- > arch/arm64/mm/physaddr.c | 2 +- > arch/mips/kernel/relocate.c | 10 +-- > arch/mips/kvm/mips.c | 2 +- > arch/powerpc/perf/hv-24x7.c | 8 +-- > arch/s390/kvm/intercept.c | 2 +- > arch/s390/kvm/kvm-s390.c | 10 +-- > arch/s390/kvm/trace-s390.h | 4 +- > drivers/android/binder.c | 2 +- > drivers/android/binder_alloc.c | 28 ++++---- > drivers/gpu/drm/exynos/exynos_drm_dsi.c | 4 +- > drivers/gpu/drm/exynos/exynos_drm_fimc.c | 2 +- > drivers/gpu/drm/exynos/exynos_drm_gem.c | 2 +- > drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- > drivers/gpu/drm/exynos/exynos_drm_ipp.c | 22 +++--- > drivers/gpu/drm/exynos/exynos_drm_rotator.c | 2 +- > drivers/gpu/drm/i915/i915_debugfs.c | 2 +- > drivers/infiniband/hw/usnic/usnic_uiom.c | 2 +- > drivers/net/wireless/ath/ath10k/ahb.c | 2 +- > drivers/net/wireless/ath/ath10k/bmi.c | 4 +- > drivers/net/wireless/ath/ath10k/ce.c | 4 +- > drivers/net/wireless/ath/ath10k/core.c | 4 +- > drivers/net/wireless/ath/ath10k/htc.c | 6 +- > drivers/net/wireless/ath/ath10k/htt_rx.c | 2 +- > drivers/net/wireless/ath/ath10k/mac.c | 22 +++--- > drivers/net/wireless/ath/ath10k/pci.c | 2 +- > drivers/net/wireless/ath/ath10k/testmode.c | 4 +- > drivers/net/wireless/ath/ath10k/txrx.c | 2 +- > drivers/net/wireless/ath/ath10k/usb.c | 4 +- > drivers/net/wireless/ath/ath10k/wmi.c | 4 +- > drivers/spi/spi-loopback-test.c | 12 ++-- > drivers/staging/ccree/ssi_buffer_mgr.c | 54 +++++++------- > drivers/staging/ccree/ssi_cipher.c | 4 +- > drivers/staging/ccree/ssi_hash.c | 30 ++++---- > .../interface/vchiq_arm/vchiq_2835_arm.c | 6 +- > .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 16 ++--- > .../vc04_services/interface/vchiq_arm/vchiq_core.c | 84 +++++++++++----------- > .../interface/vchiq_arm/vchiq_kern_lib.c | 4 +- > drivers/usb/core/devio.c | 14 ++-- > drivers/usb/core/hcd.c | 4 +- > drivers/usb/core/urb.c | 2 +- > drivers/usb/dwc3/dwc3-st.c | 2 +- > drivers/usb/dwc3/gadget.c | 4 +- > include/linux/filter.h | 2 +- > kernel/cgroup/debug.c | 8 +-- > kernel/module.c | 2 +- > kernel/time/timer_list.c | 4 +- > lib/vsprintf.c | 26 +++++-- > mm/vmalloc.c | 4 +- > net/atm/proc.c | 4 +- > net/bluetooth/af_bluetooth.c | 2 +- > net/can/bcm.c | 6 +- > net/can/proc.c | 4 +- > net/ipv4/ping.c | 2 +- > net/ipv4/raw.c | 2 +- > net/ipv4/tcp_ipv4.c | 6 +- > net/ipv4/udp.c | 2 +- > net/ipv6/datagram.c | 2 +- > net/ipv6/tcp_ipv6.c | 6 +- > net/key/af_key.c | 2 +- > net/netlink/af_netlink.c | 2 +- > net/packet/af_packet.c | 2 +- > net/phonet/socket.c | 2 +- > net/unix/af_unix.c | 2 +- > sound/soc/bcm/cygnus-pcm.c | 2 +- > 66 files changed, 269 insertions(+), 240 deletions(-) > > -- > 2.7.4 > -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.