From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Thomas Weißschuh" <thomas.weissschuh@linutronix.de>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>,
Thinh Nguyen <Thinh.Nguyen@synopsys.com>,
linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 1/2] usb: core: Don't use %pK through printk
Date: Tue, 18 Feb 2025 09:10:49 +0100 [thread overview]
Message-ID: <2025021822-plausible-poem-eb90@gregkh> (raw)
In-Reply-To: <20250217153444-4e1fd8ec-7f0e-4f40-8fc1-e323e4622284@linutronix.de>
On Mon, Feb 17, 2025 at 03:50:54PM +0100, Thomas Weißschuh wrote:
> On Mon, Feb 17, 2025 at 02:52:05PM +0100, Greg Kroah-Hartman wrote:
> > On Mon, Feb 17, 2025 at 02:20:51PM +0100, Thomas Weißschuh wrote:
> > > Restricted pointers ("%pK") are not meant to be used through printk().
> > > It can unintentionally expose security sensitive, raw pointer values.
> > >
> > > Use regular pointer formatting instead.
> > >
> > > Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c7070468023@linutronix.de/
> > > Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
> >
> > So really this is just a revert of 2f964780c03b ("USB: core: replace %p
> > with %pK"), right?
>
> In this case, yes.
Great! Mark it as such then please :)
> > Why not express it that way, and explain _why_ it's somehow now ok to
> > use %p when previously it wasn't?
>
> The full background is in the email linked from the commit message.
That's not obvious at all when reviewing patches. Please provide enough
information in the text itself to understand what is going on. We
don't always have access to external links so we can't require them for
context.
> %p is more secure than %pK since
> commit ad67b74d2469 ("printk: hash addresses printed with %p").
> %pK was never intended to be used through printk() in the first place.
Great, say that then please.
> I'm doing the these changes for various subsystems using a common
> commit message. The changes are not reverts for all of them and
> digging out the specific history for each single line is a bunch
> of extra work.
Writing a good changelog is hard. Trying to automate it like this is
going to be harder. Just take the time to either do a revert (and
explain why), or do the change (and explain why). Either way you have
to explain it properly, no shortcuts there.
> If you want more historical context, I'll resend the series, though.
As you are reverting a commit that was stated to be "for security", yes,
it better be redone, otherwise this is going to seem like a regression.
thanks,
greg k-h
next prev parent reply other threads:[~2025-02-18 8:10 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-17 13:20 [PATCH 0/2] usb: Don't use %pK through printk Thomas Weißschuh
2025-02-17 13:20 ` [PATCH 1/2] usb: core: " Thomas Weißschuh
2025-02-17 13:52 ` Greg Kroah-Hartman
2025-02-17 14:50 ` Thomas Weißschuh
2025-02-18 8:10 ` Greg Kroah-Hartman [this message]
2025-02-17 13:20 ` [PATCH 2/2] usb: dwc3: " Thomas Weißschuh
2025-02-19 22:43 ` Thinh Nguyen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2025021822-plausible-poem-eb90@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=Thinh.Nguyen@synopsys.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=patrice.chotard@foss.st.com \
--cc=thomas.weissschuh@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox