From: "Tobin C. Harding" <me@tobin.cc>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
kernel-hardening@lists.openwall.com,
"Theodore Ts'o" <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Joe Perches <joe@perches.com>,
Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wilal.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmail.com>,
Djalal Harouni <tixxdz@gmail.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v5] printk: hash addresses printed with %p
Date: Mon, 23 Oct 2017 10:32:16 +1100 [thread overview]
Message-ID: <20171022233216.GM29874@eros> (raw)
In-Reply-To: <CAHmME9qV-f1pvW0iC2cYU71PA+YUf0YpR=06T+FCFxywRhvjEw@mail.gmail.com>
On Thu, Oct 19, 2017 at 07:49:06AM +0200, Jason A. Donenfeld wrote:
> A small detail carried over from the other thread:
>
> >
> > but a bigger problem might the following thing:
> >
> > vscnprintf()
> > pointer()
> > ptr_to_id()
> > initialize_ptr_secret()
> > get_random_bytes()
> > _get_random_bytes()
> > extract_crng()
> > _extract_crng()
> > spin_lock_irqsave(&crng->lock, flags); <<<<<
> >
> >
> > this, once again, can deadlock. can it? just like before:
>
> So, actually, then, we need to do this as an initcall. Fortunately,
> that simplifies things greatly. Here's a rough sketch of what that
> looks like, which you'll probably need to debug and refine:
>
>
>
> static siphash_key_t ptr_secret __ro_after_init;
> static DEFINE_STATIC_KEY_TRUE(no_ptr_secret);
>
> static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec)
> {
> if (static_branch_unlikely(&no_ptr_secret))
> return "(pointer value)";
>
> hashval = ....
>
> }
>
> static void fill_random_ptr_key(struct random_ready_callback *rdy)
> {
> get_random_bytes(&ptr_secret, sizeof(ptr_secret));
> static_branch_disable(&no_ptr_secret);
> }
>
> static struct random_ready_callback random_ready = {
> .func = fill_random_ptr_key
> };
>
> static int __init initialize_ptr_random(void)
> {
> int ret = add_random_ready_callback(&random_ready);
>
> if (!ret)
> return 0;
> else if (ret == -EALREADY) {
> fill_random_ptr_key(&random_ready);
> return 0;
> }
>
> return ret;
> }
> early_initcall(initialize_ptr_random);
Thanks for this Jason. This is _conceptually_ what I wanted since before v1, I obviously did not ask
the right questions. Not to worry, we got there in the end. The process works, thanks to every
bodies patience :)
Implemented for v6 as suggested (including __read_mostly), you even got it fast for the usual
case. Thanks, I learned a whole bunch from this email.
Tobin.
prev parent reply other threads:[~2017-10-22 23:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 21:30 [PATCH v5] printk: hash addresses printed with %p Tobin C. Harding
2017-10-18 22:31 ` Kees Cook
2017-10-18 23:45 ` Tobin C. Harding
2017-10-19 1:03 ` Jason A. Donenfeld
2017-10-19 1:31 ` Sergey Senozhatsky
2017-10-19 1:36 ` Jason A. Donenfeld
2017-10-19 1:44 ` Tobin C. Harding
2017-10-19 5:49 ` Jason A. Donenfeld
2017-10-19 17:18 ` Kees Cook
2017-10-19 17:30 ` Jason A. Donenfeld
2017-10-19 20:45 ` [PATCH 1/2] random: always call random ready function Jason A. Donenfeld
2017-10-19 20:45 ` [PATCH 2/2] crypto/drbg: account for no longer returning -EALREADY Jason A. Donenfeld
2017-10-21 19:22 ` Stephan Mueller
2017-10-19 20:45 ` [PATCH 1/2] random: always call random ready function Jason A. Donenfeld
2017-10-19 20:58 ` Kees Cook
2017-10-19 21:12 ` Jason A. Donenfeld
2017-10-22 23:32 ` Tobin C. Harding [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171022233216.GM29874@eros \
--to=me@tobin.cc \
--cc=Golden_Miller83@protonmail.ch \
--cc=Jason@zx2c4.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=danielmicay@gmail.com \
--cc=gregkh@linuxfoundation.org \
--cc=ijc@hellion.org.uk \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olorin@google.com \
--cc=pbonzini@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tixxdz@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@docker.com \
--cc=tytso@mit.edu \
--cc=wilal.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox