2018-06-05 23:42:01

by Daniel Rosenberg

[permalink] [raw]
Subject: [PATCH resend] drivers: dma-buf: Change %p to %pK in debug messages

The format specifier %p can leak kernel addresses
while not valuing the kptr_restrict system settings.
Use %pK instead of %p, which also evaluates whether
kptr_restrict is set.

Signed-off-by: Divya Ponnusamy <[email protected]>
Signed-off-by: Daniel Rosenberg <[email protected]>
Cc: stable <[email protected]>
---
drivers/dma-buf/sync_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/dma-buf/sync_debug.c b/drivers/dma-buf/sync_debug.c
index c4c8ecb24aa9..d8d340542a79 100644
--- a/drivers/dma-buf/sync_debug.c
+++ b/drivers/dma-buf/sync_debug.c
@@ -133,7 +133,7 @@ static void sync_print_sync_file(struct seq_file *s,
char buf[128];
int i;

- seq_printf(s, "[%p] %s: %s\n", sync_file,
+ seq_printf(s, "[%pK] %s: %s\n", sync_file,
sync_file_get_name(sync_file, buf, sizeof(buf)),
sync_status_str(dma_fence_get_status(sync_file->fence)));

--
2.17.0.441.gb46fe60e1d-goog



2018-06-05 23:52:04

by Chris Wilson

[permalink] [raw]
Subject: Re: [Linaro-mm-sig] [PATCH resend] drivers: dma-buf: Change %p to %pK in debug messages

Quoting Daniel Rosenberg (2018-06-06 00:40:41)
> The format specifier %p can leak kernel addresses
> while not valuing the kptr_restrict system settings.
> Use %pK instead of %p, which also evaluates whether
> kptr_restrict is set.

This is backwards though. You never care about the actual value here and
the hashed pointer (%p) is always enough to provide an identifying token.
-Chris

2018-06-06 09:09:03

by Greg Kroah-Hartman

[permalink] [raw]
Subject: Re: [PATCH resend] drivers: dma-buf: Change %p to %pK in debug messages

On Tue, Jun 05, 2018 at 04:40:41PM -0700, Daniel Rosenberg wrote:
> The format specifier %p can leak kernel addresses
> while not valuing the kptr_restrict system settings.
> Use %pK instead of %p, which also evaluates whether
> kptr_restrict is set.
>
> Signed-off-by: Divya Ponnusamy <[email protected]>
> Signed-off-by: Daniel Rosenberg <[email protected]>
> Cc: stable <[email protected]>
> ---
> drivers/dma-buf/sync_debug.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/dma-buf/sync_debug.c b/drivers/dma-buf/sync_debug.c
> index c4c8ecb24aa9..d8d340542a79 100644
> --- a/drivers/dma-buf/sync_debug.c
> +++ b/drivers/dma-buf/sync_debug.c
> @@ -133,7 +133,7 @@ static void sync_print_sync_file(struct seq_file *s,
> char buf[128];
> int i;
>
> - seq_printf(s, "[%p] %s: %s\n", sync_file,
> + seq_printf(s, "[%pK] %s: %s\n", sync_file,

This is a root-only file, right? So it's not that bad of a problem.
Also, by default, all %p pointers are now hashed so what really is
leaking here?

And finally, why even print out a pointer at all? Why not just stick
with the name and not worry about the pointer?

thanks,

greg k-h