From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.6 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC560C433EF for ; Sat, 11 Sep 2021 02:26:02 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 10CCE61206 for ; Sat, 11 Sep 2021 02:26:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 10CCE61206 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id 2EA09900002; Fri, 10 Sep 2021 22:26:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 299456B0072; Fri, 10 Sep 2021 22:26:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1130D900002; Fri, 10 Sep 2021 22:26:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0197.hostedemail.com [216.40.44.197]) by kanga.kvack.org (Postfix) with ESMTP id F02F26B0071 for ; Fri, 10 Sep 2021 22:26:00 -0400 (EDT) Received: from smtpin35.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 8EEB528498 for ; Sat, 11 Sep 2021 02:26:00 +0000 (UTC) X-FDA: 78573702480.35.0BB1058 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf27.hostedemail.com (Postfix) with ESMTP id 5AFA47000081 for ; Sat, 11 Sep 2021 02:25:59 +0000 (UTC) Received: from dggemv704-chm.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4H5xM04fSPz8yM8; Sat, 11 Sep 2021 10:21:32 +0800 (CST) Received: from dggema774-chm.china.huawei.com (10.1.198.216) by dggemv704-chm.china.huawei.com (10.3.19.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2308.8; Sat, 11 Sep 2021 10:25:55 +0800 Received: from [10.67.102.197] (10.67.102.197) by dggema774-chm.china.huawei.com (10.1.198.216) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2308.8; Sat, 11 Sep 2021 10:25:54 +0800 Subject: Re: [PATCH 3/3] [v4] lib/vsprintf: no_hash_pointers prints all addresses as unhashed To: Timur Tabi , Petr Mladek , "Steven Rostedt" , Sergey Senozhatsky , Vlastimil Babka , "Andy Shevchenko" , Matthew Wilcox , , Linus Torvalds , , Kees Cook , John Ogness , , , Andrey Konovalov , Marco Elver , Rasmus Villemoes , Pavel Machek , Tetsuo Handa , , References: <20210214161348.369023-1-timur@kernel.org> <20210214161348.369023-4-timur@kernel.org> From: Xiaoming Ni Message-ID: <467a3c3c-8a52-9a74-c77f-bcb51b03d603@huawei.com> Date: Sat, 11 Sep 2021 10:25:54 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.0.1 MIME-Version: 1.0 In-Reply-To: <20210214161348.369023-4-timur@kernel.org> Content-Type: text/plain; charset="gbk"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.67.102.197] X-ClientProxiedBy: dggems701-chm.china.huawei.com (10.3.19.178) To dggema774-chm.china.huawei.com (10.1.198.216) X-CFilter-Loop: Reflected X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 5AFA47000081 X-Stat-Signature: tte937tkxri5opfuo7p8564uixpnch4b Authentication-Results: imf27.hostedemail.com; dkim=none; spf=pass (imf27.hostedemail.com: domain of nixiaoming@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=nixiaoming@huawei.com; dmarc=pass (policy=none) header.from=huawei.com X-HE-Tag: 1631327159-32095 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2021/2/15 0:13, Timur Tabi wrote: > If the no_hash_pointers command line parameter is set, then > printk("%p") will print pointers as unhashed, which is useful for > debugging purposes. This change applies to any function that uses > vsprintf, such as print_hex_dump() and seq_buf_printf(). > > A large warning message is displayed if this option is enabled. > Unhashed pointers expose kernel addresses, which can be a security > risk. > > Also update test_printf to skip the hashed pointer tests if the > command-line option is set. > > Signed-off-by: Timur Tabi > Acked-by: Petr Mladek > Acked-by: Randy Dunlap > Acked-by: Sergey Senozhatsky > Acked-by: Vlastimil Babka > Acked-by: Marco Elver > --- > .../admin-guide/kernel-parameters.txt | 15 ++++++++ > lib/test_printf.c | 8 +++++ > lib/vsprintf.c | 36 +++++++++++++++++-- > 3 files changed, 57 insertions(+), 2 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index a10b545c2070..c8993a296e71 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -3281,6 +3281,21 @@ > in certain environments such as networked servers or > real-time systems. > > + no_hash_pointers > + Force pointers printed to the console or buffers to be > + unhashed. By default, when a pointer is printed via %p > + format string, that pointer is "hashed", i.e. obscured > + by hashing the pointer value. This is a security feature > + that hides actual kernel addresses from unprivileged > + users, but it also makes debugging the kernel more > + difficult since unequal pointers can no longer be > + compared. However, if this command-line option is > + specified, then all normal pointers will have their true > + value printed. Pointers printed via %pK may still be > + hashed. This option should only be specified when > + debugging the kernel. Please do not use on production > + kernels. > + > nohibernate [HIBERNATION] Disable hibernation and resume. > > nohz= [KNL] Boottime enable/disable dynamic ticks > diff --git a/lib/test_printf.c b/lib/test_printf.c > index ad2bcfa8caa1..a6755798e9e6 100644 > --- a/lib/test_printf.c > +++ b/lib/test_printf.c > @@ -35,6 +35,8 @@ KSTM_MODULE_GLOBALS(); > static char *test_buffer __initdata; > static char *alloced_buffer __initdata; > > +extern bool no_hash_pointers; > + > static int __printf(4, 0) __init > do_test(int bufsize, const char *expect, int elen, > const char *fmt, va_list ap) > @@ -301,6 +303,12 @@ plain(void) > { > int err; > > + if (no_hash_pointers) { > + pr_warn("skipping plain 'p' tests"); > + skipped_tests += 2; > + return; > + } > + > err = plain_hash(); > if (err) { > pr_warn("plain 'p' does not appear to be hashed\n"); > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 3b53c73580c5..41ddc353ebb8 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -2090,6 +2090,32 @@ char *fwnode_string(char *buf, char *end, struct fwnode_handle *fwnode, > return widen_string(buf, buf - buf_start, end, spec); > } > > +/* Disable pointer hashing if requested */ > +bool no_hash_pointers __ro_after_init; > +EXPORT_SYMBOL_GPL(no_hash_pointers); Why do we need to export the no_hash_pointers variable and not declare it in any header file? Thanks. Xiaoming Ni > + > +static int __init no_hash_pointers_enable(char *str) > +{ > + no_hash_pointers = true; > + > + pr_warn("**********************************************************\n"); > + pr_warn("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **\n"); > + pr_warn("** **\n"); > + pr_warn("** This system shows unhashed kernel memory addresses **\n"); > + pr_warn("** via the console, logs, and other interfaces. This **\n"); > + pr_warn("** might reduce the security of your system. **\n"); > + pr_warn("** **\n"); > + pr_warn("** If you see this message and you are not debugging **\n"); > + pr_warn("** the kernel, report this immediately to your system **\n"); > + pr_warn("** administrator! **\n"); > + pr_warn("** **\n"); > + pr_warn("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **\n"); > + pr_warn("**********************************************************\n"); > + > + return 0; > +} > +early_param("no_hash_pointers", no_hash_pointers_enable); > + > /* > * Show a '%p' thing. A kernel extension is that the '%p' is followed > * by an extra set of alphanumeric characters that are extended format > @@ -2297,8 +2323,14 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, > } > } > > - /* default is to _not_ leak addresses, hash before printing */ > - return ptr_to_id(buf, end, ptr, spec); > + /* > + * default is to _not_ leak addresses, so hash before printing, > + * unless no_hash_pointers is specified on the command line. > + */ > + if (unlikely(no_hash_pointers)) > + return pointer_string(buf, end, ptr, spec); > + else > + return ptr_to_id(buf, end, ptr, spec); > } > > /* >