lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAMuHMdXJzEYL48qwHAxrRsurQLBipZsQpv+w8i=+B2XCM_CZng@mail.gmail.com>
Date:   Mon, 6 May 2019 18:46:57 +0200
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Eugeniu Rosca <erosca@...adit-jv.com>
Cc:     Simon Horman <horms@...ge.net.au>,
        Eugeniu Rosca <roscaeugeniu@...il.com>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Chris Brandt <chris.brandt@...esas.com>,
        Wolfram Sang <wsa+renesas@...g-engineering.com>,
        Ulrich Hecht <ulrich.hecht+renesas@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "George G . Davis" <george_davis@...tor.com>,
        Andy Lowe <andy_lowe@...tor.com>,
        Linux-Renesas <linux-renesas-soc@...r.kernel.org>,
        "open list:OPEN FIRMWARE AND FLATTENED DEVICE TREE BINDINGS" 
        <devicetree@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Magnus Damm <magnus.damm@...il.com>,
        Rob Herring <robh+dt@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Christophe Leroy <christophe.leroy@....fr>,
        Helge Deller <deller@....de>,
        Michael Neuling <mikey@...ling.org>,
        Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>,
        Philip Yang <Philip.Yang@....com>,
        Matthew Wilcox <mawilcox@...rosoft.com>,
        Borislav Petkov <bp@...e.de>,
        "Darrick J. Wong" <darrick.wong@...cle.com>
Subject: Re: [PATCH 1/6] serial: sh-sci: Reveal ptrval in dev_dbg

Hi Eugeniu,

On Mon, May 6, 2019 at 5:24 PM Eugeniu Rosca <erosca@...adit-jv.com> wrote:
> On Mon, May 06, 2019 at 03:47:05PM +0200, Simon Horman wrote:
> > On Sat, May 04, 2019 at 02:42:53AM +0200, Eugeniu Rosca wrote:
> > > Starting with v4.15-rc2 commit ad67b74d2469d9 ("printk: hash addresses
> > > printed with %p"), enabling debug prints in sh-sci.c would generate
> > > output like below confusing the users who try to sneak into the
> > > internals of the driver:
> > >
> > > sh-sci e6e88000.serial: sci_request_dma: TX: got channel (____ptrval____)
> > > sh-sci e6e88000.serial: sci_request_dma: mapped 4096@(____ptrval____) to 0x00000006798bf000
> > > sh-sci e6e88000.serial: sci_request_dma: RX: got channel (____ptrval____)
> > > sh-sci e6e88000.serial: sci_dma_tx_work_fn: (____ptrval____): 0...2, cookie 2
> > >
> > > There are two possible fixes for that:
> > >  - get rid of '%p' prints if they don't reveal any useful information
> > >  - s/%p/%px/, since it is unlikely we have any concerns leaking the
> > >    pointer values when running a debug/non-production kernel
> >
> > I am concerned that this may expose information in circumstances
> > where it is undesirable. Is it generally accepted practice to
> > use %px in conjunction with dev_dbg() ?
> >
> > ...
>
> Below commits performed a similar s/%p/%px/ update in debug context:
>
> Authors (CC-ed)   Commit         Subject
> ----------------------------------------
> Christophe Leroy  b18f0ae92b0a1d ("powerpc/prom: fix early DEBUG messages")
> Helge Deller      3847dab7742186 ("parisc: Add alternative coding infrastructure")
> Michael Neuling   51c3c62b58b357 ("powerpc: Avoid code patching freed init sections")
> Kuninori Morimoto dabdbe3ae0cb9a ("ASoC: rsnd: don't use %p for dev_dbg()")
> Philip Yang       fa7e65147e5dca ("drm/amdkfd: use %px to print user space address instead of %p")
> Matthew Wilcox    68c1f08203f2b0 ("lib/list_debug.c: print unmangled addresses")
> Borislav Petkov   0e6c16c652cada ("x86/alternative: Print unadorned pointers")
> Darrick J. Wong   c96900435fa9fd ("xfs: use %px for data pointers when debugging")
> Helge Deller      04903c06b4854d ("parisc: Show unhashed HPA of Dino chip")
>
> To quote Matthew, with respect to any debug prints:
> If an attacker can force this message to be printed, we've already lost.

I think the issue with using %px in debug code is that a distro may enable
CONFIG_DYNAMIC_DEBUG (it is enabled in several defconfigs), after which
an attacker just has to convince/trick the system into enabling debug for that
particular driver.

> In any case, I won't be affected much if the change is not accepted,
> since it doesn't resolve any major issue on my end. Thanks!

OK.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ