Hi.
I've suddenly realised that my kernel dmesg logs contain lines like:
[ 0.000000] found SMP MP-table at [mem 0x000f5c20-0x000f5c2f]
mapped at [(____ptrval____)]
[ 0.000000] Base memory trampoline at [(____ptrval____)] 98000 size 24576
and
[ 0.000000] percpu: Embedded 41 pages/cpu @(____ptrval____) s129112
r8192 d30632 u262144
This seems to have started ~ Linux 4.15.x, and it does look like it
might be a macro expansion problem.
This is also happening for me on a different machine which uses the
radeon.ko driver (vs the amdgpu.ko driver):
drivers/gpu/drm/radeon/radeon_fence.c:862
dev_info(rdev->dev, "fence driver on ring %d use gpu addr
0x%016llx and cpu addr 0x%p\n"
Does the kernel have a problem expanding "%p"?
Cheers,
Chris
This is not a bug, rather, this is a security feature that fixes
the original behavior, which is now considered an infoleak vul-
nerability.
Currently, the address of internal data structures are protected
by Kernel Address Space Layout Randomization (KASLR), it forces
attackers to bruteforce the location they need to overwrite, thus
together with W^X mappings, increases the difficulty of exploiting
the kernel. However, showing values of raw pointers will reveal an
address of a known internal data structure, allowing an attacker to
calculate the location of critical data structure within the kernel,
therefore completely defeating the protection by ASLR. This is why
disallowing normal users to "dmesg" used to considered a way to
improve system security.
As a security measure, the value of "%p" is now hidden by default.
Happy Hacking,
Tom Li