diff mbox series

ARM: mm: Don't use %pK through printk

Message ID 20250217-restricted-pointers-arm-v1-1-aaa0fb22e18c@linutronix.de (mailing list archive)
State New
Headers show
Series ARM: mm: Don't use %pK through printk | expand

Commit Message

Thomas Weißschuh Feb. 17, 2025, 7:38 a.m. UTC
Restricted pointers ("%pK") are not meant to be used through printk().
It can unintentionally expose security sensitive, raw pointer values.

Use regular pointer formatting instead.

Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c7070468023@linutronix.de/
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 arch/arm/mm/physaddr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


---
base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319
change-id: 20250217-restricted-pointers-arm-07493b11c0fc

Best regards,

Comments

Russell King (Oracle) Feb. 18, 2025, 10:27 a.m. UTC | #1
On Mon, Feb 17, 2025 at 08:38:37AM +0100, Thomas Weißschuh wrote:
> Restricted pointers ("%pK") are not meant to be used through printk().
> It can unintentionally expose security sensitive, raw pointer values.
> 
> Use regular pointer formatting instead.

... which means that the warning is pointless because no one can debug
it when someone reports that this has fired.

While I get the security issue, changing this is severely harmful to
fixing problems should this warning fire.
Thomas Weißschuh Feb. 18, 2025, 10:41 a.m. UTC | #2
On Tue, Feb 18, 2025 at 10:27:49AM +0000, Russell King (Oracle) wrote:
> On Mon, Feb 17, 2025 at 08:38:37AM +0100, Thomas Weißschuh wrote:
> > Restricted pointers ("%pK") are not meant to be used through printk().
> > It can unintentionally expose security sensitive, raw pointer values.
> > 
> > Use regular pointer formatting instead.
> 
> ... which means that the warning is pointless because no one can debug
> it when someone reports that this has fired.

For the most common setups which using the default kptr_restrict=0,
%pK is already the same as %p.

> While I get the security issue, changing this is severely harmful to
> fixing problems should this warning fire.

My next goal is to get rid of the easy to misuse %pK.
If the address is really always important then %px can be used.


Thomas
diff mbox series

Patch

diff --git a/arch/arm/mm/physaddr.c b/arch/arm/mm/physaddr.c
index 3f263c840ebc462e13c34d33be0161e7a473173d..1176c75ebf74f9b948041d3356c411e0693d7873 100644
--- a/arch/arm/mm/physaddr.c
+++ b/arch/arm/mm/physaddr.c
@@ -38,7 +38,7 @@  static inline bool __virt_addr_valid(unsigned long x)
 phys_addr_t __virt_to_phys(unsigned long x)
 {
 	WARN(!__virt_addr_valid(x),
-	     "virt_to_phys used for non-linear address: %pK (%pS)\n",
+	     "virt_to_phys used for non-linear address: %p (%pS)\n",
 	     (void *)x, (void *)x);
 
 	return __virt_to_phys_nodebug(x);