Message ID | 20250217-restricted-pointers-arm-v1-1-aaa0fb22e18c@linutronix.de (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | ARM: mm: Don't use %pK through printk | expand |
On Mon, Feb 17, 2025 at 08:38:37AM +0100, Thomas Weißschuh wrote: > Restricted pointers ("%pK") are not meant to be used through printk(). > It can unintentionally expose security sensitive, raw pointer values. > > Use regular pointer formatting instead. ... which means that the warning is pointless because no one can debug it when someone reports that this has fired. While I get the security issue, changing this is severely harmful to fixing problems should this warning fire.
On Tue, Feb 18, 2025 at 10:27:49AM +0000, Russell King (Oracle) wrote: > On Mon, Feb 17, 2025 at 08:38:37AM +0100, Thomas Weißschuh wrote: > > Restricted pointers ("%pK") are not meant to be used through printk(). > > It can unintentionally expose security sensitive, raw pointer values. > > > > Use regular pointer formatting instead. > > ... which means that the warning is pointless because no one can debug > it when someone reports that this has fired. For the most common setups which using the default kptr_restrict=0, %pK is already the same as %p. > While I get the security issue, changing this is severely harmful to > fixing problems should this warning fire. My next goal is to get rid of the easy to misuse %pK. If the address is really always important then %px can be used. Thomas
diff --git a/arch/arm/mm/physaddr.c b/arch/arm/mm/physaddr.c index 3f263c840ebc462e13c34d33be0161e7a473173d..1176c75ebf74f9b948041d3356c411e0693d7873 100644 --- a/arch/arm/mm/physaddr.c +++ b/arch/arm/mm/physaddr.c @@ -38,7 +38,7 @@ static inline bool __virt_addr_valid(unsigned long x) phys_addr_t __virt_to_phys(unsigned long x) { WARN(!__virt_addr_valid(x), - "virt_to_phys used for non-linear address: %pK (%pS)\n", + "virt_to_phys used for non-linear address: %p (%pS)\n", (void *)x, (void *)x); return __virt_to_phys_nodebug(x);
Restricted pointers ("%pK") are not meant to be used through printk(). It can unintentionally expose security sensitive, raw pointer values. Use regular pointer formatting instead. Link: https://lore.kernel.org/lkml/20250113171731-dc10e3c1-da64-4af0-b767-7c7070468023@linutronix.de/ Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> --- arch/arm/mm/physaddr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- base-commit: 0ad2507d5d93f39619fc42372c347d6006b64319 change-id: 20250217-restricted-pointers-arm-07493b11c0fc Best regards,