Re: [PATCH] arm64: dump: hide kernel pointers

From: Mark Rutland
Date: Tue Feb 28 2017 - 05:29:21 EST

Next message: Michael Ellerman: "Re: [PATCH] kbuild: avoid unrecognized option error for external DTC"
Previous message: David Howells: "Re: [PATCH 0/2] key payload access with just rcu_read_lock()"
In reply to: Ard Biesheuvel: "Re: [PATCH] arm64: dump: hide kernel pointers"
Next in thread: Will Deacon: "Re: [PATCH] arm64: dump: hide kernel pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
> (+ Mark)

(+ Laura)

> On 28 February 2017 at 07:05, Miles Chen <miles.chen@xxxxxxxxxxxx> wrote:
> > Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> > /proc/vmallocinfo does.
> >
> > With sysctl kernel.kptr_restrict=0 or 1:
> > cat /sys/kernel/debug/kernel_page_tables
>
> I wonder if this file should be accessible at all if kptr_restrict > 0

I don't have strong feelings either way.

This isn't typically enabled, and it's under debugfs, so this shouldn't
be accessible by a typical user anyhow.

That said, there are very few of us who need to take a look at this
file. I'm happy to deal with attacking kptr_restrict when required.

Thanks,
Mark.

> > ---[ Modules start ]---
> > ---[ Modules end ]---
> > ---[ vmalloc() Area ]---
> > ffffff8008000000-ffffff8008010000 64K PTE RW NX SHD AF...
> > ffffff8008015000-ffffff8008016000 4K PTE RW NX SHD AF...
> > ffffff8008020000-ffffff8008030000 64K PTE RW NX SHD AF...
> > ffffff8008031000-ffffff8008071000 256K PTE RW NX SHD AF...
> > ffffff8008080000-ffffff8008200000 1536K PTE ro x SHD AF...
> > ffffff8008200000-ffffff8008400000 2M PMD ro x SHD AF...
> > ffffff8008400000-ffffff8008540000 1280K PTE ro x SHD AF...
> > ffffff8008540000-ffffff8008690000 1344K PTE ro NX SHD AF...
> > ffffff8008940000-ffffff8008a10000 832K PTE RW NX SHD AF...
> > ffffff8008aca000-ffffff8008acd000 12K PTE RW NX SHD AF...
> > ffffffbebffd8000-ffffffbebffdb000 12K PTE RW NX SHD AF...
> > ---[ vmalloc() End ]---
> > ---[ Fixmap start ]---
> > ffffffbefe800000-ffffffbefea00000 2M PMD ro NX SHD AF...
> > ---[ Fixmap end ]---
> > ---[ PCI I/O start ]---
> > ---[ PCI I/O end ]---
> > ---[ Linear Mapping ]---
> > ffffffc000000000-ffffffc000080000 512K PTE RW NX SHD AF...
> > ffffffc000080000-ffffffc000200000 1536K PTE ro NX SHD AF...
> > ffffffc000200000-ffffffc000600000 4M PMD ro NX SHD AF...
> > ffffffc000600000-ffffffc000690000 576K PTE ro NX SHD AF...
> > ffffffc000690000-ffffffc000800000 1472K PTE RW NX SHD AF...
> > ffffffc000800000-ffffffc002000000 24M PMD RW NX SHD AF...
> > ffffffc002000000-ffffffc040000000 992M PMD RW NX SHD AF...
> > ffffffc040000000-ffffffc080000000 1G PGD RW NX SHD AF...
> >
> > With sysctl kernel.kptr_restrict=2:
> > cat /sys/kernel/debug/kernel_page_tables
> > ---[ Modules start ]---
> > ---[ Modules end ]---
> > ---[ vmalloc() Area ]---
> > 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 4K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 256K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 1536K PTE ro x SHD AF...
> > 0000000000000000-0000000000000000 2M PMD ro x SHD AF...
> > 0000000000000000-0000000000000000 1280K PTE ro x SHD AF...
> > 0000000000000000-0000000000000000 1344K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 832K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> > ---[ vmalloc() End ]---
> > ---[ Fixmap start ]---
> > 0000000000000000-0000000000000000 2M PMD ro NX SHD AF...
> > ---[ Fixmap end ]---
> > ---[ PCI I/O start ]---
> > ---[ PCI I/O end ]---
> > ---[ Linear Mapping ]---
> > 0000000000000000-0000000000000000 512K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 1536K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 4M PMD ro NX SHD AF...
> > 0000000000000000-0000000000000000 576K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 1472K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 24M PMD RW NX SHD AF...
> > 0000000000000000-0000000000000000 992M PMD RW NX SHD AF...
> > 0000000000000000-0000000000000000 1G PGD RW NX SHD AF...
> >
> > Signed-off-by: Miles Chen <miles.chen@xxxxxxxxxxxx>
> > ---
> > arch/arm64/mm/dump.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
> > index ca74a2a..e055ecf 100644
> > --- a/arch/arm64/mm/dump.c
> > +++ b/arch/arm64/mm/dump.c
> > @@ -253,8 +253,8 @@ static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
> > if (st->current_prot) {
> > note_prot_uxn(st, addr);
> > note_prot_wx(st, addr);
> > - pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
> > - st->start_address, addr);
> > + pt_dump_seq_printf(st->seq, "%pK-%pK ",
> > + (void *)st->start_address, (void *)addr);
> >
> > delta = (addr - st->start_address) >> 10;
> > while (!(delta & 1023) && unit[1]) {
> > --
> > 1.9.1
> >
> >
> > _______________________________________________
> > linux-arm-kernel mailing list
> > linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

Next message: Michael Ellerman: "Re: [PATCH] kbuild: avoid unrecognized option error for external DTC"
Previous message: David Howells: "Re: [PATCH 0/2] key payload access with just rcu_read_lock()"
In reply to: Ard Biesheuvel: "Re: [PATCH] arm64: dump: hide kernel pointers"
Next in thread: Will Deacon: "Re: [PATCH] arm64: dump: hide kernel pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]