[PATCH v3 0/3] kallsyms: don't leak address

From: Tobin C. Harding
Date: Tue Dec 19 2017 - 16:39:51 EST


This set plugs a kernel address leak that occurs if kallsyms symbol
look up fails. This set was prompted by a leaking address found using
scripts/leaking_addresses.pl on a PowerPC machine in the wild.

$ perl scripts/leaking_addresses.pl [address sanitized]
...
/proc/8025/task/8025/stack: [<0000000000000000>] 0xc0000001XXXXXXXX

$ uname -r
4.4.0-79-powerpc64-smp


Patch set does not change behaviour when KALLSYMS is not defined
(suggested by Linus).

Comments on version 1 indicated that current behaviour may be useful for
debugging. This version adds a kernel command-line parameter in order to
be able to preserve current behaviour (print raw address if kallsyms
symbol look up fails). (Command-line parameter suggested by Steve.)

New command-line parameter is documented only in the kernel-doc for
kallsyms functions sprint_symbol() and sprint_symbol_no_offset(). Is
this sufficient? Perhaps an entry in printk-formats.txt also?

Patch 1 - return error code if symbol look up fails unless new
command-line parameter 'insecure_print_all_symbols' is enabled.
Patch 2 - print <symbol not found> to buffer if symbol look up returns
an error.
Patch 3 - maintain current behaviour in ftrace.

thanks,
Tobin.

v3:
- Remove const string and use ternary operator (suggested by Joe
Perches)

v2:
- Add kernel command-line parameter.
- Remove unnecessary function.
- Fix broken ftrace code (and actually build and test ftrace code).

All code tested.

Tobin C. Harding (3):
kallsyms: don't leak address when symbol not found
vsprintf: print <symbol not found> if symbol not found
trace: print address if symbol not found

kernel/kallsyms.c | 31 +++++++++++++++++++++++++------
kernel/trace/trace.h | 24 ++++++++++++++++++++++++
kernel/trace/trace_events_hist.c | 6 +++---
kernel/trace/trace_output.c | 2 +-
lib/vsprintf.c | 9 +++++----
5 files changed, 58 insertions(+), 14 deletions(-)

--
2.7.4