| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAL+tcoBwQ2tijfzwOO6zb2MobCL27PcyN3foRcAw91MpyWg_VA@mail.gmail.com>
Date: Sat, 7 May 2022 09:26:07 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: Peilin Ye <yepeilin.cs@...il.com>
Cc: davem@...emloft.net, yoshfuji@...ux-ipv6.org, dsahern@...nel.org,
kuba@...nel.org, pabeni@...hat.com, ast@...nel.org,
daniel@...earbox.net, andrii@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, john.fastabend@...il.com,
kpsingh@...nel.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
Jason Xing <xingwanli@...ishou.com>
Subject: Re: [PATCH net-next] net: use the %px format to display sock
On Sat, May 7, 2022 at 2:56 AM Peilin Ye <yepeilin.cs@...il.com> wrote:
>
> Hi Jason,
>
> On Thu, May 05, 2022 at 09:08:26PM +0800, kerneljasonxing@...il.com wrote:
> > - pr_err("Attempt to release TCP socket in state %d %p\n",
> > + pr_err("Attempt to release TCP socket in state %d %px\n",
>
> I think we cannot use %px here for security reasons? checkpatch is also
> warning about it:
>
I noticed this warning before submitting. Since the %p format doesn't
print the real address, printing the address here will be helpless and
we cannot trace what exactly the bad socket is.
What do you suggest?
Thanks,
Jason
> WARNING: Using vsprintf specifier '%px' potentially exposes the kernel memory layout, if you don't really need the address please consider using '%p'.
> #21: FILE: net/ipv4/af_inet.c:142:
> + pr_err("Attempt to release TCP socket in state %d %px\n",
> sk->sk_state, sk);
>
> Thanks,
> Peilin Ye
>
Powered by blists - more mailing lists