> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On Behalf Of Kees
> Cook
> Sent: Wednesday, November 29, 2017 2:28 PM
> To: David Laight <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Tobin C. Harding
> <[email protected]>; [email protected]; Jason A. Donenfeld
> <[email protected]>; Theodore Ts'o <[email protected]>; Paolo Bonzini
> <[email protected]>; Tycho Andersen <[email protected]>; Roberts, William C
> <[email protected]>; Tejun Heo <[email protected]>; Jordan Glover
> <[email protected]>; Greg KH <[email protected]>;
> Petr Mladek <[email protected]>; Joe Perches <[email protected]>; Ian
> Campbell <[email protected]>; Sergey Senozhatsky
> <[email protected]>; Catalin Marinas <[email protected]>;
> Will Deacon <[email protected]>; Steven Rostedt <[email protected]>;
> Chris Fries <[email protected]>; Dave Weinstein <[email protected]>; Daniel
> Micay <[email protected]>; Djalal Harouni <[email protected]>; Radim
> Krcmár <[email protected]>; Linux Kernel Mailing List <linux-
> [email protected]>; Network Development <[email protected]>;
> David Miller <[email protected]>; Stephen Rothwell
> <[email protected]>; Andrey Ryabinin <[email protected]>;
> Alexander Potapenko <[email protected]>; Dmitry Vyukov
> <[email protected]>; Andrew Morton <[email protected]>
> Subject: Re: [PATCH V11 4/5] vsprintf: add printk specifier %px
>
> On Wed, Nov 29, 2017 at 2:07 AM, David Laight <[email protected]>
> wrote:
> > From: Linus Torvalds
> >> Sent: 29 November 2017 02:29
> >>
> >> On Tue, Nov 28, 2017 at 6:05 PM, Tobin C. Harding <[email protected]> wrote:
> >> >
> >> > Let's add specifier %px as a
> >> > clear, opt-in, way to print a pointer and maintain some level of
> >> > isolation from all the other hex integer output within the Kernel.
> >>
> >> Yes, I like this model. It's easy and it's obvious ("'x' for hex"),
> >> and it gives people a good way to say "yes, I really want the actual
> >> address as hex" for if/when the hashed pointer doesn't work for some
> >> reason.
> >
> > Remind me to change every %p to %px on kernels that support it.
> >
> > Although the absolute values of pointers may not be useful, knowing
> > that two pointer differ by a small amount is useful.
> > It is also useful to know whether pointers are to stack, code, static
> > data or heap.
> >
> > This change to %p is going to make debugging a nightmare.
>
> In the future, maybe we could have a knob: unhashed, hashed (default), or
> zeroed.
Isn't that just kptr_restrict and get us right back to the simpler patches I proposed?
>
> -Kees
>
> --
> Kees Cook
> Pixel Security