lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1511826058-2563-1-git-send-email-me@tobin.cc>
Date:   Tue, 28 Nov 2017 10:40:53 +1100
From:   "Tobin C. Harding" <me@...in.cc>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     "Tobin C. Harding" <me@...in.cc>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Theodore Ts'o <tytso@....edu>,
        Kees Cook <keescook@...omium.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Tycho Andersen <tycho@...ho.ws>,
        "Roberts, William C" <william.c.roberts@...el.com>,
        Tejun Heo <tj@...nel.org>,
        Jordan Glover <Golden_Miller83@...tonmail.ch>,
        Greg KH <gregkh@...uxfoundation.org>,
        Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>,
        Ian Campbell <ijc@...lion.org.uk>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <wilal.deacon@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Chris Fries <cfries@...gle.com>,
        Dave Weinstein <olorin@...gle.com>,
        Daniel Micay <danielmicay@...il.com>,
        Djalal Harouni <tixxdz@...il.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
        kernel-hardening@...ts.openwall.com
Subject: [PATCH 0/5] add printk specifier %px, unique identifier

Linus,

I know you are bored of this patch set already and this pits your vast
experience against my eight months kernel dev experience ;)

I humbly maintain that hashing %p and suggesting people use %x
_correctly_ isn't a WIN solution.

Please don't go easy on me because I'm new, if I'm out of line - say
so.

This set is based on the following assumptions.

1. We now have leaking_addresses.pl illuminating leaking addresses.
2. We have no _clear_ strategy for fixing leaks once found.
3. We do not have a proposed non opt-in solution.
4. There is a distinct use case for this specifier.

Patch 1: Corrects the docs for %pK.

Patch 2: Refactors %pK code out of pointer() into helper function.

Patch 3: Adds specifier %px, small 'x' was chosen because the hashed hex
         value is printed in lower case.

Patch 4/5: Provides example usage of new specifier.

The hashing code is based on the work done hashing %p during 4.14 dev
cycle.

Finally, with this patch set in place, we have the added benefit that
newbies (me) can quietly go around the kernel 'sweeping up' after
leaking addresses. This as apposed to using a hammer and hashing all
%p. And if this is deemed too little and too slow we can always search
and replace '%p' with '%px'.

thanks,
Tobin.

Tobin C. Harding (5):
  docs: correct documentation for %pK
  vsprintf: refactor pK code out of pointer()
  vsprintf: add specifier %px, unique identifier
  KVM: use %px to print token identifier
  vfio_pci: use %px to print token identifier

 Documentation/printk-formats.txt  |   2 +-
 drivers/vfio/pci/vfio_pci_intrs.c |   2 +-
 lib/test_printf.c                 |  74 +++++++++++++++++
 lib/vsprintf.c                    | 166 ++++++++++++++++++++++++++++----------
 scripts/checkpatch.pl             |   2 +-
 virt/kvm/eventfd.c                |   2 +-
 6 files changed, 202 insertions(+), 46 deletions(-)

-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ