lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACT4Y+YQf-aje4jqSMop24af_GO8G_oPMfrJ9B7oo5_EudwHow@mail.gmail.com>
Date:   Tue, 22 Oct 2019 04:27:08 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Lyude Paul <lyude@...hat.com>
Cc:     Linux-MM <linux-mm@...ck.org>,
        kasan-dev <kasan-dev@...glegroups.com>,
        Sean Paul <sean@...rly.run>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Andrey Ryabinin <aryabinin@...tuozzo.com>,
        Alexander Potapenko <glider@...gle.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC] kasan: include the hashed pointer for an object's location

On Tue, Oct 22, 2019 at 4:19 AM Lyude Paul <lyude@...hat.com> wrote:
>
> The vast majority of the kernel that needs to print out pointers as a
> way to keep track of a specific object in the kernel for debugging
> purposes does so using hashed pointers, since these are "good enough".
> Ironically, the one place we don't do this is within kasan. While
> simply printing a hashed version of where an out of bounds memory access
> occurred isn't too useful, printing out the hashed address of the object
> in question usually is since that's the format most of the kernel is
> likely to be using in debugging output.
>
> Of course this isn't perfect though-having the object's originating
> address doesn't help users at all that need to do things like printing
> the address of a struct which is embedded within another struct, but
> it's certainly better then not printing any hashed addresses. And users
> which need to handle less trivial cases like that can simply fall back
> to careful usage of %px.
>
> Signed-off-by: Lyude Paul <lyude@...hat.com>
> Cc: Sean Paul <sean@...rly.run>
> Cc: Daniel Vetter <daniel.vetter@...ll.ch>
> Cc: Andrey Ryabinin <aryabinin@...tuozzo.com>
> Cc: Alexander Potapenko <glider@...gle.com>
> Cc: Dmitry Vyukov <dvyukov@...gle.com>
> Cc: kasan-dev@...glegroups.com
> ---
>  mm/kasan/report.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/mm/kasan/report.c b/mm/kasan/report.c
> index 621782100eaa..0a5663fee1f7 100644
> --- a/mm/kasan/report.c
> +++ b/mm/kasan/report.c
> @@ -128,8 +128,9 @@ static void describe_object_addr(struct kmem_cache *cache, void *object,
>         int rel_bytes;
>
>         pr_err("The buggy address belongs to the object at %px\n"
> -              " which belongs to the cache %s of size %d\n",
> -               object, cache->name, cache->object_size);
> +              " (aka %p) which belongs to the cache\n"
> +              " %s of size %d\n",
> +              object, object, cache->name, cache->object_size);

Hi Lyude,

This only prints hashed address for heap objects, but
print_address_description() has 4 different code paths for different
types of addresses (heap, global, stack, page). Plus there is a case
for address without shadow.
Should we print the hashed address at least for all cases in
print_address_description()?


>         if (!addr)
>                 return;
> --
> 2.21.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ