From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Jason Yan <yanaijie@huawei.com>
Cc: pmladek@suse.com, rostedt@goodmis.org,
sergey.senozhatsky@gmail.com, linux@rasmusvillemoes.dk,
linux-kernel@vger.kernel.org, Scott Wood <oss@buserror.net>,
Kees Cook <keescook@chromium.org>,
"Tobin C . Harding" <tobin@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Daniel Axtens <dja@axtens.net>
Subject: Re: [PATCH] vfsprintf: only hash addresses in security environment
Date: Wed, 4 Mar 2020 17:12:26 +0200 [thread overview]
Message-ID: <20200304151226.GE1224808@smile.fi.intel.com> (raw)
In-Reply-To: <20200304124707.22650-1-yanaijie@huawei.com>
On Wed, Mar 04, 2020 at 08:47:07PM +0800, Jason Yan wrote:
> When I am implementing KASLR for powerpc, Scott Wood argued that format
> specifier "%p" always hashes the addresses that people do not have a
> choice to shut it down: https://patchwork.kernel.org/cover/11367547/
>
> It's true that if in a debug environment or security is not concerned,
> such as KASLR is absent or kptr_restrict = 0, there is no way to shut
> the hashing down except changing the code and build the kernel again
> to use a different format specifier like "%px". And when we want to
> turn to security environment, the format specifier has to be changed
> back and rebuild the kernel.
>
> As KASLR is available on most popular platforms and enabled by default,
> print the raw value of address while KASLR is absent and kptr_restrict
> is zero. Those who concerns about security must have KASLR enabled or
> kptr_restrict set properly.
Even w/o KASLR the kernel address is sensitive material.
However, as a developer, I would like to have means to shut the hashing down.
Btw, when pass 'nokaslr' to the kernel it should turned off as well.
> + /*
> + * In security environment, while kaslr is enabled or kptr_restrict is
kaslr -> KASLR
> + * not zero, hash before printing so that addresses will not be
> + * leaked. And if not in a security environment, print the raw value
Missed period at the end of sentence.
> + */
> + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) || kptr_restrict)
> + return ptr_to_id(buf, end, ptr, spec);
> + else
> + return pointer_string(buf, end, ptr, spec);
> }
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2020-03-04 15:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-04 12:47 [PATCH] vfsprintf: only hash addresses in security environment Jason Yan
2020-03-04 15:12 ` Andy Shevchenko [this message]
2020-03-04 18:34 ` Kees Cook
2020-03-04 21:11 ` [PATCH v3 0/6] implement KASLR for powerpc/fsl_booke/64 Scott Wood
2020-03-04 22:36 ` Kees Cook
2020-03-05 18:51 ` Linus Torvalds
2020-03-06 18:33 ` Scott Wood
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200304151226.GE1224808@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=dja@axtens.net \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=oss@buserror.net \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tobin@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=yanaijie@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).