* [PATCH] list_debug: Print unmangled addresses
@ 2018-04-01 22:32 Matthew Wilcox
2018-04-03 3:31 ` Tobin C. Harding
0 siblings, 1 reply; 2+ messages in thread
From: Matthew Wilcox @ 2018-04-01 22:32 UTC (permalink / raw)
To: Tobin C. Harding; +Cc: linux-kernel, Eric Biggers
From: Matthew Wilcox <mawilcox@microsoft.com>
The entire point of printing the pointers in list_debug is to see if
there's any useful information in them (eg poison values, ASCII, etc);
obscuring them to see if they compare equal makes them much less useful.
If an attacker can force this message to be printed, we've already lost.
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
diff --git a/lib/list_debug.c b/lib/list_debug.c
index a34db8d27667..5d5424b51b74 100644
--- a/lib/list_debug.c
+++ b/lib/list_debug.c
@@ -21,13 +21,13 @@ bool __list_add_valid(struct list_head *new, struct list_head *prev,
struct list_head *next)
{
if (CHECK_DATA_CORRUPTION(next->prev != prev,
- "list_add corruption. next->prev should be prev (%p), but was %p. (next=%p).\n",
+ "list_add corruption. next->prev should be prev (%px), but was %px. (next=%px).\n",
prev, next->prev, next) ||
CHECK_DATA_CORRUPTION(prev->next != next,
- "list_add corruption. prev->next should be next (%p), but was %p. (prev=%p).\n",
+ "list_add corruption. prev->next should be next (%px), but was %px. (prev=%px).\n",
next, prev->next, prev) ||
CHECK_DATA_CORRUPTION(new == prev || new == next,
- "list_add double add: new=%p, prev=%p, next=%p.\n",
+ "list_add double add: new=%px, prev=%px, next=%px.\n",
new, prev, next))
return false;
@@ -43,16 +43,16 @@ bool __list_del_entry_valid(struct list_head *entry)
next = entry->next;
if (CHECK_DATA_CORRUPTION(next == LIST_POISON1,
- "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
+ "list_del corruption, %px->next is LIST_POISON1 (%px)\n",
entry, LIST_POISON1) ||
CHECK_DATA_CORRUPTION(prev == LIST_POISON2,
- "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
+ "list_del corruption, %px->prev is LIST_POISON2 (%px)\n",
entry, LIST_POISON2) ||
CHECK_DATA_CORRUPTION(prev->next != entry,
- "list_del corruption. prev->next should be %p, but was %p\n",
+ "list_del corruption. prev->next should be %px, but was %px\n",
entry, prev->next) ||
CHECK_DATA_CORRUPTION(next->prev != entry,
- "list_del corruption. next->prev should be %p, but was %p\n",
+ "list_del corruption. next->prev should be %px, but was %px\n",
entry, next->prev))
return false;
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] list_debug: Print unmangled addresses
2018-04-01 22:32 [PATCH] list_debug: Print unmangled addresses Matthew Wilcox
@ 2018-04-03 3:31 ` Tobin C. Harding
0 siblings, 0 replies; 2+ messages in thread
From: Tobin C. Harding @ 2018-04-03 3:31 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: linux-kernel, Eric Biggers
On Sun, Apr 01, 2018 at 03:32:37PM -0700, Matthew Wilcox wrote:
> From: Matthew Wilcox <mawilcox@microsoft.com>
>
> The entire point of printing the pointers in list_debug is to see if
> there's any useful information in them (eg poison values, ASCII, etc);
> obscuring them to see if they compare equal makes them much less useful.
> If an attacker can force this message to be printed, we've already lost.
Is this because CONFIG_DEBUG_LIST should not be enabled on production
kernels so an attacker should never hit this?
I'm inclined to agree, if there is already a memory corruption bug,
causing this code to execute, the extra address is probably not making
the situation any worse.
(I am in no way a security expert.)
> Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Reviewed-by: Tobin C. Harding <me@tobin.cc>
> diff --git a/lib/list_debug.c b/lib/list_debug.c
> index a34db8d27667..5d5424b51b74 100644
> --- a/lib/list_debug.c
> +++ b/lib/list_debug.c
> @@ -21,13 +21,13 @@ bool __list_add_valid(struct list_head *new, struct list_head *prev,
> struct list_head *next)
> {
> if (CHECK_DATA_CORRUPTION(next->prev != prev,
> - "list_add corruption. next->prev should be prev (%p), but was %p. (next=%p).\n",
> + "list_add corruption. next->prev should be prev (%px), but was %px. (next=%px).\n",
> prev, next->prev, next) ||
> CHECK_DATA_CORRUPTION(prev->next != next,
> - "list_add corruption. prev->next should be next (%p), but was %p. (prev=%p).\n",
> + "list_add corruption. prev->next should be next (%px), but was %px. (prev=%px).\n",
> next, prev->next, prev) ||
> CHECK_DATA_CORRUPTION(new == prev || new == next,
> - "list_add double add: new=%p, prev=%p, next=%p.\n",
> + "list_add double add: new=%px, prev=%px, next=%px.\n",
> new, prev, next))
> return false;
>
> @@ -43,16 +43,16 @@ bool __list_del_entry_valid(struct list_head *entry)
> next = entry->next;
>
> if (CHECK_DATA_CORRUPTION(next == LIST_POISON1,
> - "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
> + "list_del corruption, %px->next is LIST_POISON1 (%px)\n",
> entry, LIST_POISON1) ||
> CHECK_DATA_CORRUPTION(prev == LIST_POISON2,
> - "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
> + "list_del corruption, %px->prev is LIST_POISON2 (%px)\n",
> entry, LIST_POISON2) ||
> CHECK_DATA_CORRUPTION(prev->next != entry,
> - "list_del corruption. prev->next should be %p, but was %p\n",
> + "list_del corruption. prev->next should be %px, but was %px\n",
> entry, prev->next) ||
> CHECK_DATA_CORRUPTION(next->prev != entry,
> - "list_del corruption. next->prev should be %p, but was %p\n",
> + "list_del corruption. next->prev should be %px, but was %px\n",
> entry, next->prev))
> return false;
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-03 3:31 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-01 22:32 [PATCH] list_debug: Print unmangled addresses Matthew Wilcox
2018-04-03 3:31 ` Tobin C. Harding
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.