lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180531224659.GA1682@eros>
Date:   Fri, 1 Jun 2018 08:46:59 +1000
From:   "Tobin C. Harding" <me@...in.cc>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Randy Dunlap <rdunlap@...radead.org>,
        Kees Cook <keescook@...omium.org>,
        Anna-Maria Gleixner <anna-maria@...utronix.de>,
        Theodore Ts'o <tytso@....edu>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Arnd Bergmann <arnd@...db.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 4/4] vsprintf: Add command line option
 debug_boot_weak_hash

On Thu, May 31, 2018 at 05:35:15PM -0400, Steven Rostedt wrote:
> On Mon, 28 May 2018 11:46:42 +1000
> "Tobin C. Harding" <me@...in.cc> wrote:
> 
> > Currently printing [hashed] pointers requires enough entropy to be
> > available.  Early in the boot sequence this may not be the case
> > resulting in a dummy string '(____ptrval____)' being printed.  This
> > makes debugging the early boot sequence difficult.  We can relax the
> > requirement to use cryptographically secure hashing during debugging.
> > This enables debugging while keeping development/production kernel
> > behaviour the same.
> > 
> > If new command line option debug_boot_weak_hash is enabled use
> > cryptographically insecure hashing and hash pointer value immediately.
> > 
> 
> I was able to play with this. It did start showing real pointers after
> the early parameters are parsed. Hopefully we don't need anything
> before that. But that is still much earlier than what we had before.

Cool, thanks for testing.

> > Cc: Anna-Maria Gleixner <anna-maria@...utronix.de>
> > Cc: Steven Rostedt <rostedt@...dmis.org>
> > Cc: Randy Dunlap <rdunlap@...radead.org>
> > Signed-off-by: Tobin C. Harding <me@...in.cc>
> > ---
> >  Documentation/admin-guide/kernel-parameters.txt |  9 +++++++++
> >  lib/vsprintf.c                                  | 20 ++++++++++++++++++++
> >  2 files changed, 29 insertions(+)
> > 
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index f2040d46f095..8a86d895343e 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -753,6 +753,15 @@
> >  
> >  	debug		[KNL] Enable kernel debugging (events log level).
> >  
> > +	debug_boot_weak_hash
> > +			[KNL] Enable printing pointers early in the boot
> > +			sequence.  If enabled, we use a weak hash instead of
> > +			siphash to hash pointers.  Use this option if you need
> > +			to see pointer values during early boot (i.e you are
> > +			seeing instances of '(___ptrval___)').
> > +			Cryptographically insecure, please do not use on
> > +			production kernels.
> > +
> >  	debug_locks_verbose=
> >  			[KNL] verbose self-tests
> >  			Format=<0|1>
> > diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> > index 1545a8aa26a9..369623205e2c 100644
> > --- a/lib/vsprintf.c
> > +++ b/lib/vsprintf.c
> > @@ -1670,6 +1670,20 @@ char *pointer_string(char *buf, char *end, const void *ptr,
> >  }
> >  
> >  static DEFINE_STATIC_KEY_TRUE(not_filled_random_ptr_key);
> > +
> > +/* Make pointers available for printing early in the boot sequence. */
> > +static int debug_boot_weak_hash __ro_after_init;
> > +EXPORT_SYMBOL(debug_boot_weak_hash);
> > +
> > +static int __init debug_boot_weak_hash_enable(char *str)
> > +{
> > +	debug_boot_weak_hash = 1;
> > +	pr_info("debug_boot_weak_hash enabled\n");
> > +	return 0;
> > +}
> > +early_param("debug_boot_weak_hash", debug_boot_weak_hash_enable);
> > +
> > +static bool have_filled_random_ptr_key __read_mostly;
> >  static siphash_key_t ptr_key __read_mostly;
> >  
> >  static void enable_ptr_key_workfn(struct work_struct *work)
> > @@ -1721,6 +1735,12 @@ static char *ptr_to_id(char *buf, char *end, void *ptr, struct printf_spec spec)
> >  	unsigned long hashval;
> >  	const int default_width = 2 * sizeof(ptr);
> >  
> > +	/* When debugging early boot use non-cryptographically secure hash */
> > +	if (unlikely(debug_boot_weak_hash)) {
> 
> Perhaps we should make the debug_boot_weak_hash into a static key too.
> That way, it's constant jump instead of a compare.

Happy to do it but isn't that a bit of an over optimization, is printing
ever that performance critical?

Of course, if on second thoughts you still think it's worth doing I'll
code it up.

thanks,
Tobin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ