Re: [kernel-hardening] [RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options

From: Ian Campbell
Date: Sat May 06 2017 - 06:49:08 EST

On Fri, 2017-05-05 at 21:07 -0700, Greg KH wrote:
> From: Dave Weinstein <olorin@xxxxxxxxxx>
> Add the kptr_restrict setting of 4 which results in %pa and
> %p[rR] values being replaced by zeros.

Given that '%pa' is:
 * - 'a[pd]' For address types [p] phys_addr_t, [d] dma_addr_t and derivatives
 *           (default assumed to be phys_addr_t, passed by reference)

what is the thread model which hiding physical addresses from attackers
protects against? I can see why virtual addresses would be obviously
dangerous but physical addresses seem less obvious and I didn't see it
spelled out in any of the commit messages or added comments in the

I think a comment somewhere would be useful for people who are trying
to decide if they should use %pa vs %paP etc.