From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <1509029239.10651.51.camel@perches.com> From: Joe Perches Date: Thu, 26 Oct 2017 07:47:19 -0700 In-Reply-To: <20171026093728.GJ12341@eros> References: <1508986436-31966-1-git-send-email-me@tobin.cc> <1508986436-31966-2-git-send-email-me@tobin.cc> <1508993843.10651.22.camel@perches.com> <20171026062734.GH12341@eros> <1509005139.10651.39.camel@perches.com> <20171026093728.GJ12341@eros> Content-Type: text/plain; charset="ISO-8859-1" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [kernel-hardening] Re: [PATCH V8 1/2] printk: remove tabular output for NULL pointer To: "Tobin C. Harding" Cc: kernel-hardening@lists.openwall.com, "Jason A. Donenfeld" , Theodore Ts'o , Linus Torvalds , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , linux-kernel@vger.kernel.org List-ID: On Thu, 2017-10-26 at 20:37 +1100, Tobin C. Harding wrote: > On Thu, Oct 26, 2017 at 01:05:39AM -0700, Joe Perches wrote: > > On Thu, 2017-10-26 at 17:27 +1100, Tobin C. Harding wrote: > > > Hi Joe, > > > > > > thanks for your review. > > > > > > On Wed, Oct 25, 2017 at 09:57:23PM -0700, Joe Perches wrote: > > > > On Thu, 2017-10-26 at 13:53 +1100, Tobin C. Harding wrote: > > > > > Currently pointer() checks for a NULL pointer argument and then if so > > > > > attempts to print "(null)" with _some_ standard width. This width cannot > > > > > correctly be ascertained here because many of the printk specifiers > > > > > print pointers of varying widths. > > > > > > > > I believe this is not a good change. > > > > Only pointers without a extension call pointer() > > > > > > Sorry, I don't understand what you mean here. All the %p specifier code is > > > handled by pointer()? > > > > Sorry, I was imprecise/wrong. > > > > None of the %p extensions except %pK and %p > > actually use this bit of the pointer() call. > > if (!ptr && *fmt != 'K') { > /* > * Print (null) with the same width as a pointer so it makes > * tabular output look nice. > */ > if (spec.field_width == -1) > spec.field_width = default_width; > return string(buf, end, "(null)", spec); > } > > Is there something I'm missing here? This code reads like its all %p > (including %p and %p) except %pK that hit this block when > a NULL pointer is passed in. The idea for aligning is described in commit 5e0579812834a $ git log --stat -p -1 --format=email 5e0579812834a >>From 5e0579812834ab7fa072db4a15ebdff68d62e2e7 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Tue, 26 Oct 2010 14:22:50 -0700 Subject: [PATCH] vsprintf.c: use default pointer field size for "(null)" strings It might be nicer to align the output. For instance, ACPI messages sometimes have "(null)" pointers. $ dmesg | grep "(null)" -A 1 -B 1 [ 0.198733] ACPI: Dynamic OEM Table Load: [ 0.198745] ACPI: SSDT (null) 00239 (v02 PmRef Cpu0Ist 00003000 INTL 20051117) [ 0.199294] ACPI: SSDT 7f596e10 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117) [ 0.200708] ACPI: Dynamic OEM Table Load: [ 0.200721] ACPI: SSDT (null) 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117) [ 0.201950] ACPI: SSDT 7f597f10 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117) [ 0.203386] ACPI: Dynamic OEM Table Load: [ 0.203398] ACPI: SSDT (null) 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117) [ 0.203871] ACPI: SSDT 7f595f10 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117) [ 0.205301] ACPI: Dynamic OEM Table Load: [ 0.205315] ACPI: SSDT (null) 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117) > > All of the other valid %p extension uses do not end up > > at this block being executed so it's effectively only regular > > pointers being output by number() Because passing NULL to any of the %p extensions excluding %pK is probably a defect. > > > > > Remove the attempt to print NULL pointers with a correct width. > > > > > > > > the correct width for a %p is the default width. > > > > > > It is the default width if we are printing addresses. Once we hash 64 > > > bit address to a 32 bit identifier then we don't have a default width. > > > > Perhaps that 32 bit identifier should use leading 0's for > > the default width. > > That's a fair comment. > > > aside: > > > > Why hash 64 bits to 32? > > Why shouldn't the hash width be 64 bits on 64 bit systems? > > Quoted from Linus in an earlier thread discussing this change > > Date: Thu, 12 Oct 2017 11:37:22 -0700 Linus Torvalds wrote: > > In fact, I'd prefer mapping the pointer to a 32-bit value, even on > 64-bit architectures. When people use these things for debugging and > for identifying which device node or socket or whatever they are > tracking, we're generally talking a (small) handful of different > devices or whatever. I wonder about this and userland programs and API breakage. I'd expect there could be cases of userland parsers that expect a certain width for pointer fields. $ git grep -E "\bseq_.*%p\W" | wc -l 112 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932412AbdJZOr1 (ORCPT ); Thu, 26 Oct 2017 10:47:27 -0400 Received: from smtprelay0181.hostedemail.com ([216.40.44.181]:52329 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932246AbdJZOrZ (ORCPT ); Thu, 26 Oct 2017 10:47:25 -0400 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::::::::::::::::::::::::::::::::::::,RULES_HIT:41:355:379:541:599:800:960:968:973:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1461:1515:1516:1518:1535:1544:1593:1594:1605:1711:1730:1747:1777:1792:2393:2553:2559:2562:2689:2691:2692:2828:2911:3138:3139:3140:3141:3142:3622:3653:3865:3866:3867:3868:3870:3871:3872:3873:3874:4117:4250:4321:4425:5007:6117:6119:6238:6691:6742:6743:7576:7903:8603:8660:8957:9545:10004:10848:10967:11232:11658:11914:12043:12262:12438:12555:12663:12679:12740:12760:12895:12986:13138:13148:13161:13229:13230:13231:13439:14180:14181:14659:14721:21060:21080:21433:21451:21611:21627:30003:30012:30022:30034:30054:30070:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:2,LUA_SUMMARY:none X-HE-Tag: push86_2309e4ef49842 X-Filterd-Recvd-Size: 6032 Message-ID: <1509029239.10651.51.camel@perches.com> Subject: Re: [PATCH V8 1/2] printk: remove tabular output for NULL pointer From: Joe Perches To: "Tobin C. Harding" Cc: kernel-hardening@lists.openwall.com, "Jason A. Donenfeld" , "Theodore Ts'o" , Linus Torvalds , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , linux-kernel@vger.kernel.org Date: Thu, 26 Oct 2017 07:47:19 -0700 In-Reply-To: <20171026093728.GJ12341@eros> References: <1508986436-31966-1-git-send-email-me@tobin.cc> <1508986436-31966-2-git-send-email-me@tobin.cc> <1508993843.10651.22.camel@perches.com> <20171026062734.GH12341@eros> <1509005139.10651.39.camel@perches.com> <20171026093728.GJ12341@eros> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.26.1-1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2017-10-26 at 20:37 +1100, Tobin C. Harding wrote: > On Thu, Oct 26, 2017 at 01:05:39AM -0700, Joe Perches wrote: > > On Thu, 2017-10-26 at 17:27 +1100, Tobin C. Harding wrote: > > > Hi Joe, > > > > > > thanks for your review. > > > > > > On Wed, Oct 25, 2017 at 09:57:23PM -0700, Joe Perches wrote: > > > > On Thu, 2017-10-26 at 13:53 +1100, Tobin C. Harding wrote: > > > > > Currently pointer() checks for a NULL pointer argument and then if so > > > > > attempts to print "(null)" with _some_ standard width. This width cannot > > > > > correctly be ascertained here because many of the printk specifiers > > > > > print pointers of varying widths. > > > > > > > > I believe this is not a good change. > > > > Only pointers without a extension call pointer() > > > > > > Sorry, I don't understand what you mean here. All the %p specifier code is > > > handled by pointer()? > > > > Sorry, I was imprecise/wrong. > > > > None of the %p extensions except %pK and %p > > actually use this bit of the pointer() call. > > if (!ptr && *fmt != 'K') { > /* > * Print (null) with the same width as a pointer so it makes > * tabular output look nice. > */ > if (spec.field_width == -1) > spec.field_width = default_width; > return string(buf, end, "(null)", spec); > } > > Is there something I'm missing here? This code reads like its all %p > (including %p and %p) except %pK that hit this block when > a NULL pointer is passed in. The idea for aligning is described in commit 5e0579812834a $ git log --stat -p -1 --format=email 5e0579812834a >>From 5e0579812834ab7fa072db4a15ebdff68d62e2e7 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Tue, 26 Oct 2010 14:22:50 -0700 Subject: [PATCH] vsprintf.c: use default pointer field size for "(null)" strings It might be nicer to align the output. For instance, ACPI messages sometimes have "(null)" pointers. $ dmesg | grep "(null)" -A 1 -B 1 [ 0.198733] ACPI: Dynamic OEM Table Load: [ 0.198745] ACPI: SSDT (null) 00239 (v02 PmRef Cpu0Ist 00003000 INTL 20051117) [ 0.199294] ACPI: SSDT 7f596e10 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117) [ 0.200708] ACPI: Dynamic OEM Table Load: [ 0.200721] ACPI: SSDT (null) 001C7 (v02 PmRef Cpu0Cst 00003001 INTL 20051117) [ 0.201950] ACPI: SSDT 7f597f10 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117) [ 0.203386] ACPI: Dynamic OEM Table Load: [ 0.203398] ACPI: SSDT (null) 000D0 (v02 PmRef Cpu1Ist 00003000 INTL 20051117) [ 0.203871] ACPI: SSDT 7f595f10 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117) [ 0.205301] ACPI: Dynamic OEM Table Load: [ 0.205315] ACPI: SSDT (null) 00083 (v02 PmRef Cpu1Cst 00003000 INTL 20051117) > > All of the other valid %p extension uses do not end up > > at this block being executed so it's effectively only regular > > pointers being output by number() Because passing NULL to any of the %p extensions excluding %pK is probably a defect. > > > > > Remove the attempt to print NULL pointers with a correct width. > > > > > > > > the correct width for a %p is the default width. > > > > > > It is the default width if we are printing addresses. Once we hash 64 > > > bit address to a 32 bit identifier then we don't have a default width. > > > > Perhaps that 32 bit identifier should use leading 0's for > > the default width. > > That's a fair comment. > > > aside: > > > > Why hash 64 bits to 32? > > Why shouldn't the hash width be 64 bits on 64 bit systems? > > Quoted from Linus in an earlier thread discussing this change > > Date: Thu, 12 Oct 2017 11:37:22 -0700 Linus Torvalds wrote: > > In fact, I'd prefer mapping the pointer to a 32-bit value, even on > 64-bit architectures. When people use these things for debugging and > for identifying which device node or socket or whatever they are > tracking, we're generally talking a (small) handful of different > devices or whatever. I wonder about this and userland programs and API breakage. I'd expect there could be cases of userland parsers that expect a certain width for pointer fields. $ git grep -E "\bseq_.*%p\W" | wc -l 112