From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753441AbdK2X0K (ORCPT ); Wed, 29 Nov 2017 18:26:10 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:42877 "EHLO out4-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752380AbdK2X0H (ORCPT ); Wed, 29 Nov 2017 18:26:07 -0500 X-ME-Sender: Date: Thu, 30 Nov 2017 10:26:03 +1100 From: "Tobin C. Harding" To: Andrew Morton Cc: kernel-hardening@lists.openwall.com, Linus Torvalds , "Jason A. Donenfeld" , "Theodore Ts'o" , Kees Cook , Paolo Bonzini , Tycho Andersen , "Roberts, William C" , Tejun Heo , Jordan Glover , Greg KH , Petr Mladek , Joe Perches , Ian Campbell , Sergey Senozhatsky , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein , Daniel Micay , Djalal Harouni , Radim =?utf-8?B?S3LEjW3DocWZ?= , linux-kernel@vger.kernel.org, Network Development , David Miller , Stephen Rothwell , Andrey Ryabinin , Alexander Potapenko , Dmitry Vyukov Subject: Re: [PATCH V11 4/5] vsprintf: add printk specifier %px Message-ID: <20171129232603.GO6217@eros> References: <1511921105-3647-1-git-send-email-me@tobin.cc> <1511921105-3647-5-git-send-email-me@tobin.cc> <20171129152058.389361d3576e784f47326cac@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171129152058.389361d3576e784f47326cac@linux-foundation.org> X-Mailer: Mutt 1.5.24 (2015-08-30) User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 29, 2017 at 03:20:58PM -0800, Andrew Morton wrote: > On Wed, 29 Nov 2017 13:05:04 +1100 "Tobin C. Harding" wrote: > > > printk specifier %p now hashes all addresses before printing. Sometimes > > we need to see the actual unmodified address. This can be achieved using > > %lx but then we face the risk that if in future we want to change the > > way the Kernel handles printing of pointers we will have to grep through > > the already existent 50 000 %lx call sites. Let's add specifier %px as a > > clear, opt-in, way to print a pointer and maintain some level of > > isolation from all the other hex integer output within the Kernel. > > > > Add printk specifier %px to print the actual unmodified address. > > > > ... > > > > +Unmodified Addresses > > +==================== > > + > > +:: > > + > > + %px 01234567 or 0123456789abcdef > > + > > +For printing pointers when you _really_ want to print the address. Please > > +consider whether or not you are leaking sensitive information about the > > +Kernel layout in memory before printing pointers with %px. %px is > > +functionally equivalent to %lx. %px is preferred to %lx because it is more > > +uniquely grep'able. If, in the future, we need to modify the way the Kernel > > +handles printing pointers it will be nice to be able to find the call > > +sites. > > + > > You might want to add a checkpatch rule which emits a stern > do-you-really-want-to-do-this warning when someone uses %px. > Oh, nice idea. It has to be a CHECK but right? By stern, you mean use stern language? thanks, Tobin.