On (10/26/17 13:53), Tobin C. Harding wrote:
> Currently there are many places in the kernel where addresses are being
> printed using an unadorned %p. Kernel pointers should be printed using
> %pK allowing some control via the kptr_restrict sysctl. Exposing
> addresses gives attackers sensitive information about the kernel layout
> in memory.
>
> We can reduce the attack surface by hashing all addresses printed with
> %p. This will of course break some users, forcing code printing needed
> addresses to be updated.
>
> With this version we include hashing of malformed specifiers also.
> Malformed specifiers include incomplete (e.g %pi) and also non-existent
> specifiers. checkpatch should warn for non-existent specifiers but
> AFAICT won't warn for incomplete specifiers.
>
> Here is the behaviour that this set implements.
>
> For kpt_restrict==0
>
> Randomness not ready:
> printed with %p: (pointer) # NOTE: with padding
> Valid pointer:
> printed with %pK: deadbeefdeadbeef
> printed with %p: 0xdeadbeef
> malformed specifier (eg %i): 0xdeadbeef
> NULL pointer:
> printed with %pK: 0000000000000000
> printed with %p: (null) # NOTE: no padding
> malformed specifier (eg %i): (null)
a quick question:
do we care about cases when kernel pointers are printed with %x/%X and
not with %p?
-ss
