ARM: traps: print un-hashed user pc on undefined instruction

Commit Message

Baruch Siach July 27, 2022, 4:18 p.m. UTC

When user undefined instruction debug is enabled pc value is hashed like
kernel pointers for security reason. But the security benefit of this
hash is very limited because the code goes on to call __show_regs() that
prints the plain pointer value. pc is a user pointer anyway, so the
kernel does not leak anything. The only result is confusion about the
difference between the pc value on the first printed line, and the value
that __show_regs() prints.

Always print the plain value of pc.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 arch/arm/kernel/traps.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Russell King (Oracle) July 28, 2022, 3:23 p.m. UTC | #1

On Wed, Jul 27, 2022 at 07:18:01PM +0300, Baruch Siach wrote:
> When user undefined instruction debug is enabled pc value is hashed like
> kernel pointers for security reason. But the security benefit of this
> hash is very limited because the code goes on to call __show_regs() that
> prints the plain pointer value. pc is a user pointer anyway, so the
> kernel does not leak anything. The only result is confusion about the
> difference between the pc value on the first printed line, and the value
> that __show_regs() prints.
> 
> Always print the plain value of pc.
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Looks sensible to me. Please drop it in the patch system, thanks.

Patch

diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index 9283dc65be31..82fde11d6b8d 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -487,7 +487,7 @@  asmlinkage void do_undefinstr(struct pt_regs *regs)
 die_sig:
 #ifdef CONFIG_DEBUG_USER
 	if (user_debug & UDBG_UNDEFINED) {
-		pr_info("%s (%d): undefined instruction: pc=%p\n",
+		pr_info("%s (%d): undefined instruction: pc=%px\n",
 			current->comm, task_pid_nr(current), pc);
 		__show_regs(regs);
 		dump_instr(KERN_INFO, regs);