linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Tobin C. Harding" <me@tobin.cc>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: kernel-hardening@lists.openwall.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v7] printk: hash addresses printed with %p
Date: Thu, 26 Oct 2017 09:14:11 +1100	[thread overview]
Message-ID: <20171025221411.GA12341@eros> (raw)
In-Reply-To: <CAKwiHFgUEfXJ3TRzwD4dm6TFVM6ffdzb-riMAhnobnZrjD0ySw@mail.gmail.com>

On Wed, Oct 25, 2017 at 09:02:34PM +0200, Rasmus Villemoes wrote:
> On 25 October 2017 at 01:57, Tobin C. Harding <me@tobin.cc> wrote:
> > On Tue, Oct 24, 2017 at 09:25:20PM +0200, Rasmus Villemoes wrote:
> >>
> >> I haven't followed the discussion too closely, but has it been
> >> considered to exempt NULL from hashing?
> >
> [snip]
> >
> > The code in question is;
> >
> > static noinline_for_stack
> > char *pointer(const char *fmt, char *buf, char *end, void *ptr,
> >               struct printf_spec spec)
> > {
> >         const int default_width = 2 * sizeof(void *);
> >
> >         if (!ptr && *fmt != 'K') {
> >                 /*
> >                  * Print (null) with the same width as a pointer so it makes
> >                  * tabular output look nice.
> >                  */
> >                 if (spec.field_width == -1)
> >                         spec.field_width = default_width;
> >                 return string(buf, end, "(null)", spec);
> >         }
> 
> Ah, yes, I should have re-read the current code before commenting. So
> we're effectively already exempting NULL due to this early handling.
> Good, let's leave that.
> 
> Regarding the tabular output: Ignore it, it's completely irrelevant to
> the hardening efforts (good work, btw), and probably completely
> irrelevant period. If anything I'd say the comment and the attempted
> alignment should just be killed.

Righto, I'm happy with that. Will add to next version.

> > This check and print "(null)" is at the wrong level of abstraction. If we want tabular output to be
> > correct for _all_ pointer specifiers then spec.field_width (for NULL) should be set to match whatever
> > field_width is used in the associated output function. Removing the NULL check above would require
> > NULL checks adding to at least;
> >
> > resource_string()
> > bitmap_list_string()
> > bitmap_string()
> > mac_address_string()
> > ip4_addr_string()
> > ip4_addr_string_sa()
> > ip6_addr_string_sa()
> > uuid_string()
> > netdev_bits()
> > address_val()
> > dentry_name()
> > bdev_name()
> > ptr_to_id()
> 
> No, please don't. The NULL check makes perfect sense early in
> pointer(), because many of these handlers would dereference the
> pointer, and while it's probably a bug to pass NULL to say %pD, it's
> obviously better to print (null) than crash. Adding NULL checks to
> each of these is error-prone and lots of bloat for no real value
> (consider that many of these can produce lots of variants of output,
> and e.g. dotted-decimal ip addresses don't even have a well-defined
> width at all).
> 
> > My question is [snip] is it too trivial to matter?
> 
> Yes.

thanks,
Tobin.

  reply	other threads:[~2017-10-25 22:14 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-23 22:33 [PATCH v7] printk: hash addresses printed with %p Tobin C. Harding
2017-10-23 23:00 ` Jason A. Donenfeld
2017-10-24  0:31   ` Tobin C. Harding
2017-10-24 11:25     ` Jason A. Donenfeld
2017-10-24 20:45       ` Tobin C. Harding
2017-10-25  3:49       ` Tobin C. Harding
2017-10-30 20:22         ` Steven Rostedt
2017-10-30 21:24           ` Tobin C. Harding
2017-10-31 14:22           ` Jason A. Donenfeld
2017-10-25 16:22 ` [lkp-robot] [printk] 7f7c60e066: BUG:KASAN:slab-out-of-bounds kernel test robot
2017-10-31  0:14   ` Kees Cook
2017-10-30  9:57     ` Ye Xiaolong
2017-10-31  2:39     ` Tobin C. Harding
2017-10-31  2:47       ` Kees Cook
     [not found] ` <87bmkw5owv.fsf@rasmusvillemoes.dk>
     [not found]   ` <20171024235755.GA15832@eros>
2017-10-25 19:02     ` [PATCH v7] printk: hash addresses printed with %p Rasmus Villemoes
2017-10-25 22:14       ` Tobin C. Harding [this message]
2017-10-25  4:00 Jason A. Donenfeld
2017-10-25 10:05 ` Tobin C. Harding
2017-10-25 22:27 ` Tobin C. Harding
2017-10-25 22:59   ` Jason A. Donenfeld
2017-10-25 23:11     ` Tobin C. Harding
2017-10-26  7:00     ` Greg KH
2017-10-26  9:10       ` Tobin C. Harding

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171025221411.GA12341@eros \
    --to=me@tobin.cc \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).