lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 26 Jan 2018 10:43:16 +0100
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc:     Yang Shunyong <shunyong.yang@...-semitech.com>, me@...in.cc,
        akpm@...ux-foundation.org, joe@...ches.com,
        pantelis.antoniou@...sulko.com, mchehab@...nel.org,
        adobriyan@...il.com, linux-kernel@...r.kernel.org,
        yu.zheng@...-semitech.com
Subject: Re: [RFC PATCH] vsprintf: add flag ZEROPAD handling before crng is ready

On 26 January 2018 at 10:17, Andy Shevchenko
<andriy.shevchenko@...ux.intel.com> wrote:
> +Rasmus

Thanks.

> On Fri, 2018-01-26 at 15:39 +0800, Yang Shunyong wrote:
>> Before crng is ready, output of "%p" composes of "(ptrval)" and
>> left padding spaces for alignment as no random address can be
>> generated. This seems a little strange sometimes.
>> For example, when irq domain names are built with "%p", the nodes
>> under /sys/kernel/debug/irq/domains like this,
>>
>> [root@y irq]# ls domains/
>> default                   irqchip@        (ptrval)-2
>> irqchip@        (ptrval)-4  \_SB_.TCS0.QIC1  \_SB_.TCS0.QIC3
>> irqchip@        (ptrval)  irqchip@        (ptrval)-3
>> \_SB_.TCS0.QIC0             \_SB_.TCS0.QIC2
>>
>> The name "irqchip@        (ptrval)-2" is not so readable in console
>> output.
>
> Yes, this is not best output.
>
>> This patch adds ZEROPAD handling in widen_string() and move_right().
>> When ZEROPAD is set in spec, it will use '0' for padding. If not
>> set, it will use ' '.
>> This patch also sets ZEROPAD in ptr_to_id() before crgn is ready.

Yew.

> Have you added specific test cases to see what's going on for patterns
> like
>
> printf("%0s\n", "    (my string)");

[That's not really relevant, since we'll never have those (gcc says
"warning: '0' flag used with ā€˜%sā€™").]

>> @@ -1702,6 +1709,8 @@ static char *ptr_to_id(char *buf, char *end,
>> void *ptr, struct printf_spec spec)
>>
>>       if (unlikely(!have_filled_random_ptr_key)) {
>>               spec.field_width = default_width;
>> +             spec.flags |= ZEROPAD;
>> +
>>               /* string length must be less than default_width */
>>               return string(buf, end, "(ptrval)", spec);
>>       }

So why not just use a string literal with the right width to begin
with, e.g. =====(ptrval)===== or whatever manual padding left or right
seems appropriate. Space-padding is not nice, but 0-padding isn't much
better. That way you only affect the uncommon case of %p before
have_filled_random_ptr_key instead of adding a few instructions to all
%s users.

While at it, it may be worth looking into whether the irqdomain output
actually needs the @%p thing or if one could improve that instead.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ