The handler for "%pN" falls back to printing the raw pointer value when
using a different format than the (sole supported) special format
"%pNF", potentially leaking sensitive information regarding the kernel
layout in memory.
Avoid this leak by printing the hashed address instead.
Note that there are no in-tree users of the fallback.
Fixes: ad67b74d2469d9b8 ("printk: hash addresses printed with %p")
Signed-off-by: Geert Uytterhoeven <geert+rene...@glider.be>
---
lib/vsprintf.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 1fb36260a44289e8..a3dc15c89c217b79 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -1424,7 +1424,8 @@ char *restricted_pointer(char *buf, char *end, const void
*ptr,
}
static noinline_for_stack
-char *netdev_bits(char *buf, char *end, const void *addr, const char *fmt)
+char *netdev_bits(char *buf, char *end, const void *addr,
+ struct printf_spec spec, const char *fmt)
{
unsigned long long num;
int size;
@@ -1435,9 +1436,7 @@ char *netdev_bits(char *buf, char *end, const void *addr,
const char *fmt)
size = sizeof(netdev_features_t);
break;
default:
- num = (unsigned long)addr;
- size = sizeof(unsigned long);
- break;
+ return ptr_to_id(buf, end, addr, spec);
}
return special_hex_number(buf, end, num, size);
@@ -1952,7 +1951,7 @@ char *pointer(const char *fmt, char *buf, char *end, void
*ptr,
break;
return restricted_pointer(buf, end, ptr, spec);
case 'N':
- return netdev_bits(buf, end, ptr, fmt);
+ return netdev_bits(buf, end, ptr, spec, fmt);
case 'a':
return address_val(buf, end, ptr, fmt);
case 'd':
--
2.17.1
