Re: [kernel-hardening] [RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options

From: Ian Campbell
Date: Sat May 06 2017 - 06:49:08 EST

Next message: Dinesh K B: "[PATCH for stable branch 3.16.y] block: fix wrong error return in elevator_init()"
Previous message: Vincent Legoll: "Re: [PATCH] Make PPS into a menuconfig to ease disabling"
In reply to: Greg KH: "[RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options"
Next in thread: Greg KH: "[RFC 2/6] lib: vsprintf: whitelist stack traces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2017-05-05 at 21:07 -0700, Greg KH wrote:
> From: Dave Weinstein <olorin@xxxxxxxxxx>
>
> Add the kptr_restrict setting of 4 which results in %pa and
> %p[rR] values being replaced by zeros.

Given that '%pa' is:
* - 'a[pd]' For address types [p] phys_addr_t, [d] dma_addr_t and derivatives
* (default assumed to be phys_addr_t, passed by reference)

what is the thread model which hiding physical addresses from attackers
protects against? I can see why virtual addresses would be obviously
dangerous but physical addresses seem less obvious and I didn't see it
spelled out in any of the commit messages or added comments in the
thread.

I think a comment somewhere would be useful for people who are trying
to decide if they should use %pa vs %paP etc.

Ian.

Next message: Dinesh K B: "[PATCH for stable branch 3.16.y] block: fix wrong error return in elevator_init()"
Previous message: Vincent Legoll: "Re: [PATCH] Make PPS into a menuconfig to ease disabling"
In reply to: Greg KH: "[RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options"
Next in thread: Greg KH: "[RFC 2/6] lib: vsprintf: whitelist stack traces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]