Commit 7b1924a1 authored by Tobin C. Harding's avatar Tobin C. Harding

vsprintf: add printk specifier %px

printk specifier %p now hashes all addresses before printing. Sometimes
we need to see the actual unmodified address. This can be achieved using
%lx but then we face the risk that if in future we want to change the
way the Kernel handles printing of pointers we will have to grep through
the already existent 50 000 %lx call sites. Let's add specifier %px as a
clear, opt-in, way to print a pointer and maintain some level of
isolation from all the other hex integer output within the Kernel.

Add printk specifier %px to print the actual unmodified address.
Signed-off-by: default avatarTobin C. Harding <me@tobin.cc>
parent ad67b74d
...@@ -49,7 +49,8 @@ Pointer Types ...@@ -49,7 +49,8 @@ Pointer Types
Pointers printed without a specifier extension (i.e unadorned %p) are Pointers printed without a specifier extension (i.e unadorned %p) are
hashed to give a unique identifier without leaking kernel addresses to user hashed to give a unique identifier without leaking kernel addresses to user
space. On 64 bit machines the first 32 bits are zeroed. space. On 64 bit machines the first 32 bits are zeroed. If you _really_
want the address see %px below.
:: ::
...@@ -106,6 +107,21 @@ For printing kernel pointers which should be hidden from unprivileged ...@@ -106,6 +107,21 @@ For printing kernel pointers which should be hidden from unprivileged
users. The behaviour of ``%pK`` depends on the ``kptr_restrict sysctl`` - see users. The behaviour of ``%pK`` depends on the ``kptr_restrict sysctl`` - see
Documentation/sysctl/kernel.txt for more details. Documentation/sysctl/kernel.txt for more details.
Unmodified Addresses
====================
::
%px 01234567 or 0123456789abcdef
For printing pointers when you _really_ want to print the address. Please
consider whether or not you are leaking sensitive information about the
Kernel layout in memory before printing pointers with %px. %px is
functionally equivalent to %lx. %px is preferred to %lx because it is more
uniquely grep'able. If, in the future, we need to modify the way the Kernel
handles printing pointers it will be nice to be able to find the call
sites.
Struct Resources Struct Resources
================ ================
......
...@@ -1646,6 +1646,20 @@ char *device_node_string(char *buf, char *end, struct device_node *dn, ...@@ -1646,6 +1646,20 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
return widen_string(buf, buf - buf_start, end, spec); return widen_string(buf, buf - buf_start, end, spec);
} }
static noinline_for_stack
char *pointer_string(char *buf, char *end, const void *ptr,
struct printf_spec spec)
{
spec.base = 16;
spec.flags |= SMALL;
if (spec.field_width == -1) {
spec.field_width = 2 * sizeof(ptr);
spec.flags |= ZEROPAD;
}
return number(buf, end, (unsigned long int)ptr, spec);
}
static bool have_filled_random_ptr_key __read_mostly; static bool have_filled_random_ptr_key __read_mostly;
static siphash_key_t ptr_key __read_mostly; static siphash_key_t ptr_key __read_mostly;
...@@ -1818,6 +1832,8 @@ static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec) ...@@ -1818,6 +1832,8 @@ static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec)
* c major compatible string * c major compatible string
* C full compatible string * C full compatible string
* *
* - 'x' For printing the address. Equivalent to "%lx".
*
* ** Please update also Documentation/printk-formats.txt when making changes ** * ** Please update also Documentation/printk-formats.txt when making changes **
* *
* Note: The difference between 'S' and 'F' is that on ia64 and ppc64 * Note: The difference between 'S' and 'F' is that on ia64 and ppc64
...@@ -1940,6 +1956,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, ...@@ -1940,6 +1956,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
case 'F': case 'F':
return device_node_string(buf, end, ptr, spec, fmt + 1); return device_node_string(buf, end, ptr, spec, fmt + 1);
} }
case 'x':
return pointer_string(buf, end, ptr, spec);
} }
/* default is to _not_ leak addresses, hash before printing */ /* default is to _not_ leak addresses, hash before printing */
......
...@@ -5753,7 +5753,7 @@ sub process { ...@@ -5753,7 +5753,7 @@ sub process {
for (my $count = $linenr; $count <= $lc; $count++) { for (my $count = $linenr; $count <= $lc; $count++) {
my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0)); my $fmt = get_quoted_string($lines[$count - 1], raw_line($count, 0));
$fmt =~ s/%%//g; $fmt =~ s/%%//g;
if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGNO]).)/) { if ($fmt =~ /(\%[\*\d\.]*p(?![\WFfSsBKRraEhMmIiUDdgVCbGNOx]).)/) {
$bad_extension = $1; $bad_extension = $1;
last; last;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment