RE: [RFC 00/06] printk: add more new kernel pointer filter options.
From: Roberts, William C
Date: Fri May 19 2017 - 16:25:22 EST
> -----Original Message-----
> From: Greg KH [mailto:gregkh@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, May 18, 2017 7:13 AM
> To: Roberts, William C <william.c.roberts@xxxxxxxxx>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx>; kernel-
> hardening@xxxxxxxxxxxxxxxxxx; Petr Mladek <pmladek@xxxxxxxx>; Sergey
> Senozhatsky <sergey.senozhatsky@xxxxxxxxx>; linux-kernel@xxxxxxxxxxxxxxx;
> Catalin Marinas <catalin.marinas@xxxxxxx>; Will Deacon
> <will.deacon@xxxxxxx>; Steven Rostedt <rostedt@xxxxxxxxxxx>; Chris Fries
> <cfries@xxxxxxxxxx>; Dave Weinstein <olorin@xxxxxxxxxx>
> Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
>
> On Tue, May 16, 2017 at 09:36:37PM +0000, Roberts, William C wrote:
> >
> >
> > > -----Original Message-----
> > > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@xxxxxxxxx]
> > > Sent: Wednesday, May 10, 2017 6:38 PM
> > > To: Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx>
> > > Cc: kernel-hardening@xxxxxxxxxxxxxxxxxx; Petr Mladek
> > > <pmladek@xxxxxxxx>; Sergey Senozhatsky
> > > <sergey.senozhatsky@xxxxxxxxx>; linux- kernel@xxxxxxxxxxxxxxx;
> > > Catalin Marinas <catalin.marinas@xxxxxxx>; Will Deacon
> > > <will.deacon@xxxxxxx>; Steven Rostedt <rostedt@xxxxxxxxxxx>;
> > > Roberts, William C <william.c.roberts@xxxxxxxxx>; Chris Fries
> > > <cfries@xxxxxxxxxx>; Dave Weinstein <olorin@xxxxxxxxxx>
> > > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
> > >
> > > Hello Greg,
> > >
> > > On (05/05/17 21:06), Greg KH wrote:
> > > > Here's a short patch series from Chris Fries and Dave Weinstein
> > > > that implement some new restrictions when printing out kernel
> > > > pointers, as well as the ability to whitelist kernel pointers where needed.
> > > >
> > > > These patches are based on work from William Roberts, and also is
> > > > inspired by grsecurity's %pP to specifically whitelist a kernel
> > > > pointer, where it is always needed, like the last patch in the
> > > > series shows, in the UIO drivers (UIO requires that you know the
> > > > address, it's a hardware address, nothing wrong with seeing
> > > > that...)
> > > >
> > > > I haven't done much to this patch series, only forward porting it
> > > > from an older kernel release (4.4) and a few minor tweaks. It
> > > > applies cleanly on top of 4.11 as well as Linus's current
> > > > development tree
> > > > (10502 patches into the 4.12-rc1 merge window). I'm posting it
> > > > now for comments if anyone sees anything wrong with this approach
> > >
> > > overall, I don't see anything wrong.
> > >
> > > > or thinks the things that are being whitelisted should not be?
> > >
> > > can't say for sure, sorry.
> > >
> > > -ss
> >
> > I almost missed this, none of the mail was delivered to my inbox...
>
> Why not? Did I get the address wrong?
I don't think so. I've had weird issues with my Intel email address and mailing
lists before. On the selinux mailing list they kept getting bounces when sending
Me email, but it's only that list. I'm just going to blame it on something within
our corporate network.
>
> > Anyways, I am glad to see this revived and I don't have any Comments
> > besides thanks.
>
> Acks for the patches are always appreciated :)
>
> I'll revise this in the next few weeks and send out a new series.
I see some comments on clarifying the docs that seem spot on.
I'll look at the next series and I will test them, if they look good
to me, I'll ack away :-)
>
> thanks,
>
> greg k-h