Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp4607176ybf; Wed, 4 Mar 2020 07:13:19 -0800 (PST) X-Google-Smtp-Source: ADFU+vsHFLDbcTbGey+BjecAWzHKDOeE0h+7GTEAmQrH2tIlEg2cboq365IaMjbphcEZV78wa3sS X-Received: by 2002:a9d:7d91:: with SMTP id j17mr2774388otn.218.1583334799418; Wed, 04 Mar 2020 07:13:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583334799; cv=none; d=google.com; s=arc-20160816; b=Amh29o/um0Z+wdPCFEYQM37sa5kAk+ovO4FN4vS8ogP5ti/nnR2mX6cthkKDH/2EZA JLsFp9sQo/9FufQ9M9xlRI1823CU5LeB6xxOns1axndliyp2fQvQcY+cApQqQJPlMJQW KrJ/VPKQx1G5ldlOs99kGgTCGZ9sgjCyPh0fYUFb25zBuWF74o1x/+MSowFDxaGZqER7 l55ijRbADpfZlfz3ofPk9Au8wzbeZ04WJvYPV+APr1sHpZuixThI2jaQoWimqdlLbm1s DPvYmqf9m5gdIlMqkTP/8K+hBAAxiOZ5kqNbqzPlH0usp+YBzwri1fiyUvePtMmEUSjm dnvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=BxUWJ1y20yO+3Nt4Ewq/pTm6H36TeriD+0S/G5w1/5s=; b=e0gQ+zlAwbXkuXvgNe+hz+Mtad0+ZQfYUK6xcUzs7FFGLBC99aLMuXkOmaUUD0zdhi bdxRomnLNUD4bEITYXJjiII7S75vagxPAYCyaNrPmVMsvHQ3GbVug5xYdOqt5P8vaEGN TiijiFJkNcJd9W17vvwCJdzd69cFO4bLYuKsrOBs+38Pwj0QQjZRc675nODA2BDEOi2q x6E++Qplyr7f5H17Jm7p8zqqtSH3yyMo3g0FqLQM1e+YajDVtKt70nBizJMjurddpwEd 9bWH5+t0UkKB+psmGYYJ8y7aJjkUdjoB1vSyzj7s31HDb3dKrSfMLo8e+XazO3Y+nC+M HYTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l9si1358141otr.27.2020.03.04.07.12.56; Wed, 04 Mar 2020 07:13:19 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728926AbgCDPM3 (ORCPT + 99 others); Wed, 4 Mar 2020 10:12:29 -0500 Received: from mga17.intel.com ([192.55.52.151]:12633 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725795AbgCDPM3 (ORCPT ); Wed, 4 Mar 2020 10:12:29 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Mar 2020 07:12:28 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,514,1574150400"; d="scan'208";a="258787670" Received: from smile.fi.intel.com (HELO smile) ([10.237.68.40]) by orsmga002.jf.intel.com with ESMTP; 04 Mar 2020 07:12:25 -0800 Received: from andy by smile with local (Exim 4.93) (envelope-from ) id 1j9VhC-006s8I-RJ; Wed, 04 Mar 2020 17:12:26 +0200 Date: Wed, 4 Mar 2020 17:12:26 +0200 From: Andy Shevchenko To: Jason Yan Cc: pmladek@suse.com, rostedt@goodmis.org, sergey.senozhatsky@gmail.com, linux@rasmusvillemoes.dk, linux-kernel@vger.kernel.org, Scott Wood , Kees Cook , "Tobin C . Harding" , Linus Torvalds , Daniel Axtens Subject: Re: [PATCH] vfsprintf: only hash addresses in security environment Message-ID: <20200304151226.GE1224808@smile.fi.intel.com> References: <20200304124707.22650-1-yanaijie@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200304124707.22650-1-yanaijie@huawei.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 04, 2020 at 08:47:07PM +0800, Jason Yan wrote: > When I am implementing KASLR for powerpc, Scott Wood argued that format > specifier "%p" always hashes the addresses that people do not have a > choice to shut it down: https://patchwork.kernel.org/cover/11367547/ > > It's true that if in a debug environment or security is not concerned, > such as KASLR is absent or kptr_restrict = 0, there is no way to shut > the hashing down except changing the code and build the kernel again > to use a different format specifier like "%px". And when we want to > turn to security environment, the format specifier has to be changed > back and rebuild the kernel. > > As KASLR is available on most popular platforms and enabled by default, > print the raw value of address while KASLR is absent and kptr_restrict > is zero. Those who concerns about security must have KASLR enabled or > kptr_restrict set properly. Even w/o KASLR the kernel address is sensitive material. However, as a developer, I would like to have means to shut the hashing down. Btw, when pass 'nokaslr' to the kernel it should turned off as well. > + /* > + * In security environment, while kaslr is enabled or kptr_restrict is kaslr -> KASLR > + * not zero, hash before printing so that addresses will not be > + * leaked. And if not in a security environment, print the raw value Missed period at the end of sentence. > + */ > + if (IS_ENABLED(CONFIG_RANDOMIZE_BASE) || kptr_restrict) > + return ptr_to_id(buf, end, ptr, spec); > + else > + return pointer_string(buf, end, ptr, spec); > } -- With Best Regards, Andy Shevchenko