Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp4476485ybf; Wed, 4 Mar 2020 04:49:33 -0800 (PST) X-Google-Smtp-Source: ADFU+vssNdh5RJE0sK00fjBHT7gj28Y1LYEZhZbauIBlTXyHdBxCFs7RGwXvVywEBttI/Szp1WnP X-Received: by 2002:a9d:ec7:: with SMTP id 65mr2252279otj.309.1583326173281; Wed, 04 Mar 2020 04:49:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583326173; cv=none; d=google.com; s=arc-20160816; b=MJt6TwqmByyz5VmpSxp0mQh89SZA6Tl0EE8uf8nn590L5Gcc9CywKKyGxKWadW5Wpv mydwkfMCcH4b6bjyxo4AHcQqv0rONhIcZtMigdTaZrw3idsovzJ62jEVJksU87oA6R2p 6fX2V4WCiUG27o8sfCKOKtx+cwIpF9jaKfcV9OGN5WiNoB2mcf7x5pc3xGbZI5brnsHu iEk6H88RMTA3gQlQnzD4wNtUb/XVb1/IPh28TySwiR6Ocyqd/qqOm5iLzu/gBD9ZiLUK KRR8RkcsKCRf1RuJIdVwEll4J+re1KRy+7uhzPIWpfqlCEPv23hX1y9WLgjce8zMQiLm F0Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=8ybzKUoeqA/V8IBfC8jZCJ+Q0L4OESMFVo7CUCzE6xk=; b=WuS7Kanw79mtxfJqYHWKYWpoAJGb3lN7MtltGmX2glSSJQ1qmNomuAH195GjQrtu17 NJAebUH06qaS4ImkX4sDxldv+csiDn1wJkMWi5XZPmYr9fXU9xv0haay4Yg9tbCw4GZM UJGFLb0CAEYRysT7/Aw+bfZwyx//tliKrjK2km91BIk8odPXdJ9xy0rrXD4z7hm1VRZu 4hug6Y4fPJAsbaMNK6WdL3/4KDmlCEr5o//G7NECiCpnCP3IpnspS+6UD+uMXDHExz6U s1CjKimuqJRiErkb2YYfJZ80AqXJ9/GkXRUwpi6gGaIDmHHpYU18eC4kWhNN3t8TJyJb 40zg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t5si1061318otr.30.2020.03.04.04.49.16; Wed, 04 Mar 2020 04:49:33 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729389AbgCDMsp (ORCPT + 99 others); Wed, 4 Mar 2020 07:48:45 -0500 Received: from szxga05-in.huawei.com ([45.249.212.191]:10724 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728953AbgCDMso (ORCPT ); Wed, 4 Mar 2020 07:48:44 -0500 Received: from DGGEMS413-HUB.china.huawei.com (unknown [172.30.72.60]) by Forcepoint Email with ESMTP id C18B397235A83F66C401; Wed, 4 Mar 2020 20:48:33 +0800 (CST) Received: from huawei.com (10.175.124.28) by DGGEMS413-HUB.china.huawei.com (10.3.19.213) with Microsoft SMTP Server id 14.3.439.0; Wed, 4 Mar 2020 20:48:25 +0800 From: Jason Yan To: , , , , CC: , Jason Yan , "Scott Wood" , Kees Cook , "Tobin C . Harding" , Linus Torvalds , Daniel Axtens Subject: [PATCH] vfsprintf: only hash addresses in security environment Date: Wed, 4 Mar 2020 20:47:07 +0800 Message-ID: <20200304124707.22650-1-yanaijie@huawei.com> X-Mailer: git-send-email 2.17.2 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When I am implementing KASLR for powerpc, Scott Wood argued that format specifier "%p" always hashes the addresses that people do not have a choice to shut it down: https://patchwork.kernel.org/cover/11367547/ It's true that if in a debug environment or security is not concerned, such as KASLR is absent or kptr_restrict = 0, there is no way to shut the hashing down except changing the code and build the kernel again to use a different format specifier like "%px". And when we want to turn to security environment, the format specifier has to be changed back and rebuild the kernel. As KASLR is available on most popular platforms and enabled by default, print the raw value of address while KASLR is absent and kptr_restrict is zero. Those who concerns about security must have KASLR enabled or kptr_restrict set properly. Cc: Scott Wood Cc: Kees Cook Cc: "Tobin C . Harding" Cc: Linus Torvalds Cc: Daniel Axtens Signed-off-by: Jason Yan --- lib/vsprintf.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 7c488a1ce318..f74131b152a1 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2253,8 +2253,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, return err_ptr(buf, end, ptr, spec); } - /* default is to _not_ leak addresses, hash before printing */ - return ptr_to_id(buf, end, ptr, spec); + /* + * In security environment, while kaslr is enabled or kptr_restrict is + * not zero, hash before printing so that addresses will not be + * leaked. And if not in a security environment, print the raw value + */ + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) || kptr_restrict) + return ptr_to_id(buf, end, ptr, spec); + else + return pointer_string(buf, end, ptr, spec); } /* -- 2.17.2