On Mon, Dec 11, 2017 at 11:59:30AM -0800, Kees Cook wrote:
> On Sun, Dec 10, 2017 at 1:47 PM, Paul E. McKenney
> <paul...@linux.vnet.ibm.com> wrote:
> > On Sun, Dec 10, 2017 at 12:39:11PM -0800, Linus Torvalds wrote:
> >> I'd rather make %pK act more like %p than have gratuitous differences.
>
> The feature that paranoid folks currently depend on is getting a value
> entirely zeroed out with %pK (which is the least possible info leak
> risk). The hashed %p is almost just as good except that identical
> hashes are still usable to confirm matching values (but the cases
> where this would be useful to an attacker are hopefully approaching
> zero).
>
> > So it looks like I should drop the three patches in my tree that convert
> > %p to %pK.
> >
> > Any objections?
>
> Sounds good. If they're still useful when hashed, keep the %p. If you
> want to remove them because they're sensitive, just remove them
> instead of adding new %pK users.
OK, I have dropped those three patches.
Thanx, Paul
