lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 26 Sep 2020 14:46:26 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
Cc:     Jeffrey Hugo <jhugo@...eaurora.org>, hemantk@...eaurora.org,
        bbhatt@...eaurora.org, linux-arm-msm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] bus: mhi: core: debugfs: Use correct format specifiers
 for addresses

On Sat, Sep 26, 2020 at 12:46:04PM +0530, Manivannan Sadhasivam wrote:
> On Sat, Sep 26, 2020 at 07:39:14AM +0200, Greg KH wrote:
> > On Sat, Sep 26, 2020 at 10:57:42AM +0530, Manivannan Sadhasivam wrote:
> > > On Fri, Sep 25, 2020 at 12:01:54PM -0600, Jeffrey Hugo wrote:
> > > > On 9/25/2020 11:16 AM, Manivannan Sadhasivam wrote:
> > > > > For exposing the addresses of read/write pointers and doorbell register,
> > > > > let's use the correct format specifiers. This fixes the following issues
> > > > > generated using W=1 build in ARM32 and reported by Kbuild bot:
> > > > > 
> > > > > All warnings (new ones prefixed by >>):
> > > > > 
> > > > > > > drivers/bus/mhi/core/debugfs.c:75:7: warning: format specifies type 'unsigned long long' but the argument has type 'dma_addr_t' (aka 'unsigned int') [-Wformat]
> > > > >                                mhi_event->db_cfg.db_val);
> > > > >                                ^~~~~~~~~~~~~~~~~~~~~~~~
> > > > >     drivers/bus/mhi/core/debugfs.c:123:7: warning: format specifies type 'unsigned long long' but the argument has type 'dma_addr_t' (aka 'unsigned int') [-Wformat]
> > > > >                                mhi_chan->db_cfg.db_val);
> > > > >                                ^~~~~~~~~~~~~~~~~~~~~~~
> > > > >     2 warnings generated.
> > > > > 
> > > > > drivers/bus/mhi/core/debugfs.c: In function ‘mhi_debugfs_events_show’:
> > > > > drivers/bus/mhi/core/debugfs.c:74:51: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> > > > >     seq_printf(m, " local rp: 0x%llx db: 0x%pad\n", (u64)ring->rp,
> > > > >                                                     ^
> > > > > drivers/bus/mhi/core/debugfs.c: In function ‘mhi_debugfs_channels_show’:
> > > > > drivers/bus/mhi/core/debugfs.c:122:7: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> > > > >         (u64)ring->rp, (u64)ring->wp,
> > > > >         ^
> > > > > drivers/bus/mhi/core/debugfs.c:122:22: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
> > > > >         (u64)ring->rp, (u64)ring->wp,
> > > > >                        ^
> > > > > drivers/bus/mhi/core/debugfs.c:121:62: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 5 has type ‘dma_addr_t {aka unsigned int}’ [-Wformat=]
> > > > >     seq_printf(m, " local rp: 0x%llx local wp: 0x%llx db: 0x%llx\n",
> > > > >                                                             ~~~^
> > > > >                                                             %x
> > > > > drivers/bus/mhi/core/debugfs.c:123:7:
> > > > >         mhi_chan->db_cfg.db_val);
> > > > > 
> > > > > Reported-by: kernel test robot <lkp@...el.com>
> > > > > Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@...aro.org>
> > > > > ---
> > > > > 
> > > > > Greg: This fixes the issue seen while testing the char-misc/char-misc-testing
> > > > > branch.
> > > > > 
> > > > >   drivers/bus/mhi/core/debugfs.c | 10 +++++-----
> > > > >   1 file changed, 5 insertions(+), 5 deletions(-)
> > > > > 
> > > > > diff --git a/drivers/bus/mhi/core/debugfs.c b/drivers/bus/mhi/core/debugfs.c
> > > > > index 53d05a8e168d..2536ff92b76f 100644
> > > > > --- a/drivers/bus/mhi/core/debugfs.c
> > > > > +++ b/drivers/bus/mhi/core/debugfs.c
> > > > > @@ -71,8 +71,8 @@ static int mhi_debugfs_events_show(struct seq_file *m, void *d)
> > > > >   		seq_printf(m, " rp: 0x%llx wp: 0x%llx", er_ctxt->rp,
> > > > >   			   er_ctxt->wp);
> > > > > -		seq_printf(m, " local rp: 0x%llx db: 0x%llx\n", (u64)ring->rp,
> > > > > -			   mhi_event->db_cfg.db_val);
> > > > > +		seq_printf(m, " local rp: 0x%px db: 0x%pad\n", ring->rp,
> > > > > +			   &mhi_event->db_cfg.db_val);
> > > > >   	}
> > > > >   	return 0;
> > > > > @@ -118,9 +118,9 @@ static int mhi_debugfs_channels_show(struct seq_file *m, void *d)
> > > > >   		seq_printf(m, " base: 0x%llx len: 0x%llx wp: 0x%llx",
> > > > >   			   chan_ctxt->rbase, chan_ctxt->rlen, chan_ctxt->wp);
> > > > > -		seq_printf(m, " local rp: 0x%llx local wp: 0x%llx db: 0x%llx\n",
> > > > > -			   (u64)ring->rp, (u64)ring->wp,
> > > > > -			   mhi_chan->db_cfg.db_val);
> > > > > +		seq_printf(m, " local rp: 0x%px local wp: 0x%px db: 0x%pad\n",
> > > > > +			   ring->rp, ring->wp,
> > > > > +			   &mhi_chan->db_cfg.db_val);
> > > > >   	}
> > > > >   	return 0;
> > > > > 
> > > > 
> > > > Documentation/printk-formats.txt seems to point out that %px is "insecure"
> > > > and thus perhaps not preferred.  Are we assuming that debugfs is only
> > > > accessible by root, and thus the %px usage here is effectively the same as
> > > > %pK?
> > > > 
> > > 
> > > No, this debugfs entry can be read by non-root users also.
> > 
> > How, the mount point of debugfs is restricted to root only :)
> > 
> 
> Sigh... I just went with the file permission of 444 :/
> 
> > > But the idea here
> > > is to effectively show the addresses to everyone so I don't think we need to
> > > hide it. The term "insecure" applies to kernel log where exposing the address
> > > doesn't make much sense (except for few obvious reasons).
> > 
> > Why does normal users need to see a kernel address?  What can they do
> > with this?  Why can't we use the "normal" hashed way of showing a kernel
> > address instead?
> > 
> 
> It was the original implementation and as you brushed my memory, only root can
> mount and read the content, so why we should hide?

Why shouldn't you?  It's good to have defense in depth, userspace should
not care about a real kernel pointer value, right?  THat's why we have
the hashed number instead, please use that.

thanks,

greg k-h

Powered by blists - more mailing lists