From: Joe Perches <joe@perches.com>
To: "Tobin C. Harding" <me@tobin.cc>
Cc: kernel-hardening@lists.openwall.com,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
linux-kernel@vger.kernel.org
Subject: [kernel-hardening] Re: [PATCH V8 1/2] printk: remove tabular output for NULL pointer
Date: Thu, 26 Oct 2017 07:47:19 -0700 [thread overview]
Message-ID: <1509029239.10651.51.camel@perches.com> (raw)
In-Reply-To: <20171026093728.GJ12341@eros>
On Thu, 2017-10-26 at 20:37 +1100, Tobin C. Harding wrote:
> On Thu, Oct 26, 2017 at 01:05:39AM -0700, Joe Perches wrote:
> > On Thu, 2017-10-26 at 17:27 +1100, Tobin C. Harding wrote:
> > > Hi Joe,
> > >
> > > thanks for your review.
> > >
> > > On Wed, Oct 25, 2017 at 09:57:23PM -0700, Joe Perches wrote:
> > > > On Thu, 2017-10-26 at 13:53 +1100, Tobin C. Harding wrote:
> > > > > Currently pointer() checks for a NULL pointer argument and then if so
> > > > > attempts to print "(null)" with _some_ standard width. This width cannot
> > > > > correctly be ascertained here because many of the printk specifiers
> > > > > print pointers of varying widths.
> > > >
> > > > I believe this is not a good change.
> > > > Only pointers without a <foo> extension call pointer()
> > >
> > > Sorry, I don't understand what you mean here. All the %p<foo> specifier code is
> > > handled by pointer()?
> >
> > Sorry, I was imprecise/wrong.
> >
> > None of the %p<foo> extensions except %pK and %p<invalid_foo>
> > actually use this bit of the pointer() call.
>
> if (!ptr && *fmt != 'K') {
> /*
> * Print (null) with the same width as a pointer so it makes
> * tabular output look nice.
> */
> if (spec.field_width == -1)
> spec.field_width = default_width;
> return string(buf, end, "(null)", spec);
> }
>
> Is there something I'm missing here? This code reads like its all %p<foo>
> (including %p and %p<invalid_foo>) except %pK that hit this block when
> a NULL pointer is passed in.
The idea for aligning is described in commit 5e0579812834a
$ git log --stat -p -1 --format=email 5e0579812834a
>From 5e0579812834ab7fa072db4a15ebdff68d62e2e7 Mon Sep 17 00:00:00 2001
From: Joe Perches <joe@perches.com>
Date: Tue, 26 Oct 2010 14:22:50 -0700
Subject: [PATCH] vsprintf.c: use default pointer field size for "(null)"
strings
It might be nicer to align the output.
For instance, ACPI messages sometimes have "(null)" pointers.
$ dmesg | grep "(null)" -A 1 -B 1
[ 0.198733] ACPI: Dynamic OEM Table Load:
[ 0.198745] ACPI: SSDT (null) 00239 (v02 PmRef Cpu0Ist 00003000 INTL 20051117)
[ 0.199294] ACPI: SSDT 7f596e10 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117)
[ 0.200708] ACPI: Dynamic OEM Table Load:
[ 0.200721] ACPI: SSDT (null) 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117)
[ 0.201950] ACPI: SSDT 7f597f10 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117)
[ 0.203386] ACPI: Dynamic OEM Table Load:
[ 0.203398] ACPI: SSDT (null) 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117)
[ 0.203871] ACPI: SSDT 7f595f10 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117)
[ 0.205301] ACPI: Dynamic OEM Table Load:
[ 0.205315] ACPI: SSDT (null) 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117)
> > All of the other valid %p<foo> extension uses do not end up
> > at this block being executed so it's effectively only regular
> > pointers being output by number()
Because passing NULL to any of the %p<foo> extensions
excluding %pK is probably a defect.
> > > > > Remove the attempt to print NULL pointers with a correct width.
> > > >
> > > > the correct width for a %p is the default width.
> > >
> > > It is the default width if we are printing addresses. Once we hash 64
> > > bit address to a 32 bit identifier then we don't have a default width.
> >
> > Perhaps that 32 bit identifier should use leading 0's for
> > the default width.
>
> That's a fair comment.
>
> > aside:
> >
> > Why hash 64 bits to 32?
> > Why shouldn't the hash width be 64 bits on 64 bit systems?
>
> Quoted from Linus in an earlier thread discussing this change
>
> Date: Thu, 12 Oct 2017 11:37:22 -0700 Linus Torvalds wrote:
>
> In fact, I'd prefer mapping the pointer to a 32-bit value, even on
> 64-bit architectures. When people use these things for debugging and
> for identifying which device node or socket or whatever they are
> tracking, we're generally talking a (small) handful of different
> devices or whatever.
I wonder about this and userland programs and API breakage.
I'd expect there could be cases of userland parsers that
expect a certain width for pointer fields.
$ git grep -E "\bseq_.*%p\W" | wc -l
112
WARNING: multiple messages have this Message-ID (diff)
From: Joe Perches <joe@perches.com>
To: "Tobin C. Harding" <me@tobin.cc>
Cc: kernel-hardening@lists.openwall.com,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
"Theodore Ts'o" <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V8 1/2] printk: remove tabular output for NULL pointer
Date: Thu, 26 Oct 2017 07:47:19 -0700 [thread overview]
Message-ID: <1509029239.10651.51.camel@perches.com> (raw)
In-Reply-To: <20171026093728.GJ12341@eros>
On Thu, 2017-10-26 at 20:37 +1100, Tobin C. Harding wrote:
> On Thu, Oct 26, 2017 at 01:05:39AM -0700, Joe Perches wrote:
> > On Thu, 2017-10-26 at 17:27 +1100, Tobin C. Harding wrote:
> > > Hi Joe,
> > >
> > > thanks for your review.
> > >
> > > On Wed, Oct 25, 2017 at 09:57:23PM -0700, Joe Perches wrote:
> > > > On Thu, 2017-10-26 at 13:53 +1100, Tobin C. Harding wrote:
> > > > > Currently pointer() checks for a NULL pointer argument and then if so
> > > > > attempts to print "(null)" with _some_ standard width. This width cannot
> > > > > correctly be ascertained here because many of the printk specifiers
> > > > > print pointers of varying widths.
> > > >
> > > > I believe this is not a good change.
> > > > Only pointers without a <foo> extension call pointer()
> > >
> > > Sorry, I don't understand what you mean here. All the %p<foo> specifier code is
> > > handled by pointer()?
> >
> > Sorry, I was imprecise/wrong.
> >
> > None of the %p<foo> extensions except %pK and %p<invalid_foo>
> > actually use this bit of the pointer() call.
>
> if (!ptr && *fmt != 'K') {
> /*
> * Print (null) with the same width as a pointer so it makes
> * tabular output look nice.
> */
> if (spec.field_width == -1)
> spec.field_width = default_width;
> return string(buf, end, "(null)", spec);
> }
>
> Is there something I'm missing here? This code reads like its all %p<foo>
> (including %p and %p<invalid_foo>) except %pK that hit this block when
> a NULL pointer is passed in.
The idea for aligning is described in commit 5e0579812834a
$ git log --stat -p -1 --format=email 5e0579812834a
>From 5e0579812834ab7fa072db4a15ebdff68d62e2e7 Mon Sep 17 00:00:00 2001
From: Joe Perches <joe@perches.com>
Date: Tue, 26 Oct 2010 14:22:50 -0700
Subject: [PATCH] vsprintf.c: use default pointer field size for "(null)"
strings
It might be nicer to align the output.
For instance, ACPI messages sometimes have "(null)" pointers.
$ dmesg | grep "(null)" -A 1 -B 1
[ 0.198733] ACPI: Dynamic OEM Table Load:
[ 0.198745] ACPI: SSDT (null) 00239 (v02 PmRef Cpu0Ist 00003000 INTL 20051117)
[ 0.199294] ACPI: SSDT 7f596e10 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117)
[ 0.200708] ACPI: Dynamic OEM Table Load:
[ 0.200721] ACPI: SSDT (null) 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117)
[ 0.201950] ACPI: SSDT 7f597f10 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117)
[ 0.203386] ACPI: Dynamic OEM Table Load:
[ 0.203398] ACPI: SSDT (null) 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117)
[ 0.203871] ACPI: SSDT 7f595f10 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117)
[ 0.205301] ACPI: Dynamic OEM Table Load:
[ 0.205315] ACPI: SSDT (null) 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117)
> > All of the other valid %p<foo> extension uses do not end up
> > at this block being executed so it's effectively only regular
> > pointers being output by number()
Because passing NULL to any of the %p<foo> extensions
excluding %pK is probably a defect.
> > > > > Remove the attempt to print NULL pointers with a correct width.
> > > >
> > > > the correct width for a %p is the default width.
> > >
> > > It is the default width if we are printing addresses. Once we hash 64
> > > bit address to a 32 bit identifier then we don't have a default width.
> >
> > Perhaps that 32 bit identifier should use leading 0's for
> > the default width.
>
> That's a fair comment.
>
> > aside:
> >
> > Why hash 64 bits to 32?
> > Why shouldn't the hash width be 64 bits on 64 bit systems?
>
> Quoted from Linus in an earlier thread discussing this change
>
> Date: Thu, 12 Oct 2017 11:37:22 -0700 Linus Torvalds wrote:
>
> In fact, I'd prefer mapping the pointer to a 32-bit value, even on
> 64-bit architectures. When people use these things for debugging and
> for identifying which device node or socket or whatever they are
> tracking, we're generally talking a (small) handful of different
> devices or whatever.
I wonder about this and userland programs and API breakage.
I'd expect there could be cases of userland parsers that
expect a certain width for pointer fields.
$ git grep -E "\bseq_.*%p\W" | wc -l
112
next prev parent reply other threads:[~2017-10-26 14:47 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-26 2:53 [kernel-hardening] [PATCH V8 0/2] printk: hash addresses printed with %p Tobin C. Harding
2017-10-26 2:53 ` Tobin C. Harding
2017-10-26 2:53 ` [kernel-hardening] [PATCH V8 1/2] printk: remove tabular output for NULL pointer Tobin C. Harding
2017-10-26 2:53 ` Tobin C. Harding
2017-10-26 4:57 ` [kernel-hardening] " Joe Perches
2017-10-26 4:57 ` Joe Perches
2017-10-26 6:27 ` [kernel-hardening] " Tobin C. Harding
2017-10-26 6:27 ` Tobin C. Harding
2017-10-26 8:05 ` [kernel-hardening] " Joe Perches
2017-10-26 8:05 ` Joe Perches
2017-10-26 9:37 ` [kernel-hardening] " Tobin C. Harding
2017-10-26 9:37 ` Tobin C. Harding
2017-10-26 14:47 ` Joe Perches [this message]
2017-10-26 14:47 ` Joe Perches
2017-10-26 23:57 ` [kernel-hardening] " Tobin C. Harding
2017-10-26 23:57 ` Tobin C. Harding
2017-10-27 0:11 ` [kernel-hardening] " Joe Perches
2017-10-27 0:11 ` Joe Perches
2017-10-26 2:53 ` [kernel-hardening] [PATCH V8 2/2] printk: hash addresses printed with %p Tobin C. Harding
2017-10-26 2:53 ` Tobin C. Harding
2017-10-26 2:58 ` [kernel-hardening] " Tobin C. Harding
2017-10-26 2:58 ` Tobin C. Harding
2017-10-30 21:33 ` [kernel-hardening] " Steven Rostedt
2017-10-30 21:33 ` Steven Rostedt
2017-10-30 22:41 ` [kernel-hardening] " Tobin C. Harding
2017-10-30 22:41 ` Tobin C. Harding
2017-10-31 0:00 ` [kernel-hardening] " Steven Rostedt
2017-10-31 0:00 ` Steven Rostedt
2017-10-31 2:00 ` [kernel-hardening] " Tobin C. Harding
2017-10-31 2:00 ` Tobin C. Harding
2017-10-26 3:11 ` [kernel-hardening] " Jason A. Donenfeld
2017-10-26 3:11 ` Jason A. Donenfeld
2017-10-27 13:33 ` [kernel-hardening] Re: [PATCH V8 0/2] " Sergey Senozhatsky
2017-10-27 13:33 ` Sergey Senozhatsky
2017-10-31 23:35 ` [kernel-hardening] " Tobin C. Harding
2017-10-31 23:35 ` Tobin C. Harding
2017-11-02 8:23 ` [kernel-hardening] " Sergey Senozhatsky
2017-11-02 8:23 ` Sergey Senozhatsky
2017-11-02 10:14 ` [kernel-hardening] " Tobin C. Harding
2017-11-02 10:14 ` Tobin C. Harding
2017-11-02 13:43 ` [kernel-hardening] " Roberts, William C
2017-11-02 13:43 ` Roberts, William C
2017-11-02 16:04 ` [kernel-hardening] " Sergey Senozhatsky
2017-11-02 16:04 ` Sergey Senozhatsky
2017-11-02 18:11 ` [kernel-hardening] " Petr Nejedlý
2017-10-30 22:03 ` Kees Cook
2017-10-30 22:03 ` Kees Cook
2017-10-30 22:33 ` [kernel-hardening] " Tobin C. Harding
2017-10-30 22:33 ` Tobin C. Harding
2017-10-31 2:08 ` [kernel-hardening] " Joe Perches
2017-10-31 2:08 ` Joe Perches
2017-10-31 23:16 ` [kernel-hardening] " Tobin C. Harding
2017-10-31 23:16 ` Tobin C. Harding
2017-10-31 23:33 ` [kernel-hardening] " Joe Perches
2017-10-31 23:33 ` Joe Perches
2017-11-03 5:13 ` [kernel-hardening] " Vinod Koul
2017-11-03 5:13 ` Vinod Koul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1509029239.10651.51.camel@perches.com \
--to=joe@perches.com \
--cc=Golden_Miller83@protonmail.ch \
--cc=Jason@zx2c4.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=danielmicay@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=ijc@hellion.org.uk \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=me@tobin.cc \
--cc=olorin@google.com \
--cc=pbonzini@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tixxdz@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@docker.com \
--cc=tytso@mit.edu \
--cc=wilal.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.