diff options
author | Tobin C. Harding <me@tobin.cc> | 2017-11-01 15:32:23 +1100 |
---|---|---|
committer | Tobin C. Harding <me@tobin.cc> | 2017-11-29 12:09:02 +1100 |
commit | ad67b74d2469d9b82aaa572d76474c95bc484d57 (patch) | |
tree | fb0ce583607629e6b5da2842f98febf831ab4c87 /Documentation/printk-formats.txt | |
parent | 57e734423adda83f3b05505875343284efe3b39c (diff) | |
download | linux-ad67b74d2469d9b82aaa572d76474c95bc484d57.tar.gz linux-ad67b74d2469d9b82aaa572d76474c95bc484d57.tar.bz2 linux-ad67b74d2469d9b82aaa572d76474c95bc484d57.zip |
printk: hash addresses printed with %p
Currently there exist approximately 14 000 places in the kernel where
addresses are being printed using an unadorned %p. This potentially
leaks sensitive information regarding the Kernel layout in memory. Many
of these calls are stale, instead of fixing every call lets hash the
address by default before printing. This will of course break some
users, forcing code printing needed addresses to be updated.
Code that _really_ needs the address will soon be able to use the new
printk specifier %px to print the address.
For what it's worth, usage of unadorned %p can be broken down as
follows (thanks to Joe Perches).
$ git grep -E '%p[^A-Za-z0-9]' | cut -f1 -d"/" | sort | uniq -c
1084 arch
20 block
10 crypto
32 Documentation
8121 drivers
1221 fs
143 include
101 kernel
69 lib
100 mm
1510 net
40 samples
7 scripts
11 security
166 sound
152 tools
2 virt
Add function ptr_to_id() to map an address to a 32 bit unique
identifier. Hash any unadorned usage of specifier %p and any malformed
specifiers.
Signed-off-by: Tobin C. Harding <me@tobin.cc>
Diffstat (limited to 'Documentation/printk-formats.txt')
-rw-r--r-- | Documentation/printk-formats.txt | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Documentation/printk-formats.txt b/Documentation/printk-formats.txt index 71b62db7eca2..b4e668ac4fe3 100644 --- a/Documentation/printk-formats.txt +++ b/Documentation/printk-formats.txt @@ -5,7 +5,6 @@ How to get printk format specifiers right :Author: Randy Dunlap <rdunlap@infradead.org> :Author: Andrew Murray <amurray@mpc-data.co.uk> - Integer types ============= @@ -45,6 +44,17 @@ return from vsnprintf. Raw pointer value SHOULD be printed with %p. The kernel supports the following extended format specifiers for pointer types: +Pointer Types +============= + +Pointers printed without a specifier extension (i.e unadorned %p) are +hashed to give a unique identifier without leaking kernel addresses to user +space. On 64 bit machines the first 32 bits are zeroed. + +:: + + %p abcdef12 or 00000000abcdef12 + Symbols/Function Pointers ========================= |