| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180207150328.nuk7f76nutq2trcg@pathway.suse.cz>
Date: Wed, 7 Feb 2018 16:03:28 +0100
From: Petr Mladek <pmladek@...e.com>
To: Adam Borowski <kilobyte@...band.pl>
Cc: Kees Cook <keescook@...omium.org>,
"Tobin C. Harding" <me@...in.cc>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Joe Perches <joe@...ches.com>,
"Roberts, William C" <william.c.roberts@...el.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
David Laight <David.Laight@...lab.com>,
Randy Dunlap <rdunlap@...radead.org>,
Geert Uytterhoeven <geert@...ux-m68k.org>
Subject: Re: [PATCH] vsprintf: avoid misleading "(null)" for %px
On Mon 2018-02-05 21:58:17, Adam Borowski wrote:
> On Tue, Feb 06, 2018 at 07:32:32AM +1100, Kees Cook wrote:
> > On Tue, Feb 6, 2018 at 7:15 AM, Tobin C. Harding <me@...in.cc> wrote:
> > > On Tue, Feb 06, 2018 at 05:57:17AM +1100, Kees Cook wrote:
> > >> On Mon, Feb 5, 2018 at 8:44 PM, Petr Mladek <pmladek@...e.com> wrote:
> > >> > On Sun 2018-02-04 18:45:21, Adam Borowski wrote:
> > >> >> Like %pK already does, print "00000000" instead.
> > >> >>
> > >> >> This confused people -- the convention is that "(null)" means you tried to
> > >> >> dereference a null pointer as opposed to printing the address.
> > >
> > > Leaving aside what is converting to %px. If we consider that using %px
> > > is meant to convey to us that we _really_ want the address, in hex hence
> > > the 'x', then it is not surprising that we will get "00000000"'s for a
> > > null pointer, right? Yes it is different to before but since we are
> > > changing the specifier does this not imply that there may be some
> > > change?
> >
> > I personally prefer 0000s, but if we're going to change this, we need
> > to be aware of the difference.
>
> It's easy to paint this bikeshed any color you guys want to: there's an "if"
> already. My preference is also 0000; NULL would be good, too -- I just
> don't want (null) as that has a special meaning in usual userspace
> implementations; (null) also fits well most other modes of %p as they show
> some object the argument points to. Confusion = wasted debugging time.
> Let's recap:
>
> Currently:
> not-null null
> %pponies object's description (null)
> %px address (null)
> %pK hash hash
>
> I'd propose:
> not-null null
> %pponies object's description (null)
> %px address 00000000
> %pK hash 00000000
It makes sense to me[*], so
Reviewed-by: Petr Mladek <pmladek@...e.com>
It seems that all people agree with this change. But there was also some
confusion. I am going to give it few more days before I push it to
Linus. It means waiting for 4.16-rc3 because I will be without
reliable internet next week. Anyone, feel free to push it faster.
[*] I made some archaeology:
The "(null)" string was added by the commit d97106ab53f812910
("Make %p print '(null)' for NULL pointers").
It was a generic solution to prevent eventual crashes, see
https://lkml.kernel.org/r/1230979341-23029-1-git-send-email-xyzzy@speakeasy.org
>From this point, printing 00000000 for %px looks perfectly fine because
it does not crash.
In fact, it would have made perfect sense to print 00000000 for pure
%p because it did not crash. But nobody has cared about the eventual
confusion yet.
I am not sure if it makes sense to change the pure %p handling
now. Note that printing "(null)" has the advantage that we
get this string instead of the hash ;-)
Best Regards,
Petr
Powered by blists - more mailing lists