From: Serge Semin <fancer.lancer@gmail.com>
To: Matt Redfearn <matt.redfearn@mips.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>,
ralf@linux-mips.org, miodrag.dinic@mips.com, jhogan@kernel.org,
goran.ferenc@mips.com, david.daney@cavium.com,
paul.gortmaker@windriver.com, paul.burton@mips.com,
alex.belits@cavium.com, Steven.Hill@cavium.com,
alexander.sverdlin@nokia.com, kumba@gentoo.org,
marcin.nowakowski@mips.com, James.hogan@mips.com,
Peter.Wotton@mips.com, Sergey.Semin@t-platforms.ru,
linux-mips@linux-mips.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 11/14] MIPS: memblock: Print out kernel virtual mem layout
Date: Tue, 23 Jan 2018 22:10:51 +0300 [thread overview]
Message-ID: <20180123191051.GA28147@mobilestation> (raw)
In-Reply-To: <eef02082-c3b1-e42b-d5ff-1c0d5cb8d708@mips.com>
Hello Matt,
On Tue, Jan 23, 2018 at 03:35:14PM +0000, Matt Redfearn <matt.redfearn@mips.com> wrote:
> Hi Serge,
>
> On 19/01/18 14:27, Serge Semin wrote:
> >On Fri, Jan 19, 2018 at 07:59:43AM +0000, Matt Redfearn <matt.redfearn@mips.com> wrote:
> >
> >Hello Matt,
> >
> >>Hi Serge,
> >>
> >>
> >>
> >>On 18/01/18 20:18, Serge Semin wrote:
> >>>On Thu, Jan 18, 2018 at 12:03:03PM -0800, Florian Fainelli <f.fainelli@gmail.com> wrote:
> >>>>On 01/17/2018 02:23 PM, Serge Semin wrote:
> >>>>>It is useful to have the kernel virtual memory layout printed
> >>>>>at boot time so to have the full information about the booted
> >>>>>kernel. In some cases it might be unsafe to have virtual
> >>>>>addresses freely visible in logs, so the %pK format is used if
> >>>>>one want to hide them.
> >>>>>
> >>>>>Signed-off-by: Serge Semin <fancer.lancer@gmail.com>
> >>>>
> >>>>I personally like having that information because that helps debug and
> >>>>have a quick reference, but there appears to be a trend to remove this
> >>>>in the name of security:
> >>>>
> >>>>https://patchwork.kernel.org/patch/10124007/
> >>>>
> >>>>maybe hide this behind a configuration option?
> >>>
> >>>Yeah, arm code was the place I picked the function up.) But in my case
> >>>I've used %pK so the pointers would disappear from logging when
> >>>kptr_restrict sysctl is 1 or 2.
> >>>I agree, that we might need to make the printouts optional. If there is
> >>>any kernel config, which for instance increases the kernel security we
> >>>could also use it or anything else to discard the printouts at compile
> >>>time.
> >>
> >>
> >>Certainly, when KASLR is active it would be preferable to hide this
> >>information, so you could use CONFIG_RELOCATABLE. The existing KASLR stuff
> >>additionally hides this kind of information behind CONFIG_DEBUG_KERNEL, so
> >>that only people actively debugging the kernel see it:
> >>
> >>http://elixir.free-electrons.com/linux/v4.15-rc8/source/arch/mips/kernel/setup.c#L604
> >
> >Ok. I'll hide the printouts behind both of that config macros in the next patchset
> >version.
>
>
> Another thing to note - since ad67b74d2469d ("printk: hash addresses printed
> with %p") %pK at this time in the boot process is useless since the RNG is
> not sufficiently initialised and all prints end up being "(ptrval)". Hence
> after v4.15-rc2 we end up with output like:
>
> [ 0.000000] Kernel virtual memory layout:
> [ 0.000000] lowmem : 0x(ptrval) - 0x(ptrval) ( 256 MB)
> [ 0.000000] .text : 0x(ptrval) - 0x(ptrval) (7374 kB)
> [ 0.000000] .data : 0x(ptrval) - 0x(ptrval) (1901 kB)
> [ 0.000000] .init : 0x(ptrval) - 0x(ptrval) (1600 kB)
> [ 0.000000] .bss : 0x(ptrval) - 0x(ptrval) ( 415 kB)
> [ 0.000000] vmalloc : 0x(ptrval) - 0x(ptrval) (1023 MB)
> [ 0.000000] fixmap : 0x(ptrval) - 0x(ptrval) ( 68 kB)
>
It must be some bug in the algo. What point in the %pK then? According to
the documentation the only way to see the pointers is when (kptr_restrict == 0).
But if it is we don't get into the restricted_pointer() method at all:
http://elixir.free-electrons.com/linux/v4.15-rc9/source/lib/vsprintf.c#L1934
In this case the vsprintf() executes the method ptr_to_id(), which of course
default to _not_ leak addresses, and hash it before printing.
Really %pK isn't supposed to be dependent from RNG at all since kptr_restrict
doesn't do any value randomization.
>
> The %px format specifier was added for cases such as this, where we really
> want to print the unmodified address. And as long as this function is
> suitably guarded to only do this when KASLR is deactivated /
> CONFIG_DEBUG_KERNEL is activated, etc, then we are not unwittingly leaking
> information - we are deliberately making it available.
>
If %pK would work as it's stated by the kernel documentation:
https://www.kernel.org/doc/Documentation/printk-formats.txt
then the only change I'd suggest to have here is to close the kernel memory
layout printout method by the CONFIG_DEBUG_KERNEL ifdef-macro. The kptr_restrict
should default to 1/2 if the KASLR is activated:
https://lwn.net/Articles/444556/
Regards,
-Sergey
> Thanks,
> Matt
>
> >
> >Regards,
> >-Sergey
> >
> >>
> >>Thanks,
> >>Matt
> >>
> >>>
> >>>>--
> >>>>Florian
next prev parent reply other threads:[~2018-01-23 19:10 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-17 22:22 [PATCH 00/14] MIPS: memblock: Switch arch code to NO_BOOTMEM Serge Semin
2018-01-17 22:22 ` [PATCH 01/14] MIPS: memblock: Add RESERVED_NOMAP memory flag Serge Semin
2018-01-17 22:23 ` [PATCH 02/14] MIPS: memblock: Surely map BSS kernel memory section Serge Semin
2018-01-22 16:35 ` Matt Redfearn
2018-01-22 16:35 ` Matt Redfearn
2018-01-22 21:47 ` Serge Semin
2018-01-23 11:03 ` Matt Redfearn
2018-01-23 11:03 ` Matt Redfearn
2018-01-23 19:27 ` Serge Semin
2018-01-24 9:49 ` Matt Redfearn
2018-01-24 9:49 ` Matt Redfearn
2018-01-24 10:03 ` Serge Semin
2018-01-17 22:23 ` [PATCH 03/14] MIPS: memblock: Reserve initrd memory in memblock Serge Semin
2018-01-17 22:23 ` [PATCH 04/14] MIPS: memblock: Discard bootmem initialization Serge Semin
2018-01-17 22:23 ` [PATCH 05/14] MIPS: memblock: Add reserved memory regions to memblock Serge Semin
2018-01-17 22:23 ` [PATCH 06/14] MIPS: memblock: Reserve kdump/crash regions in memblock Serge Semin
2018-01-17 22:23 ` [PATCH 07/14] MIPS: memblock: Mark present sparsemem sections Serge Semin
2018-01-24 6:13 ` Marcin Nowakowski
2018-01-24 6:13 ` Marcin Nowakowski
2018-01-24 7:27 ` Serge Semin
2018-01-17 22:23 ` [PATCH 08/14] MIPS: memblock: Simplify DMA contiguous reservation Serge Semin
2018-01-17 22:23 ` [PATCH 09/14] MIPS: memblock: Allow memblock regions resize Serge Semin
2018-01-17 22:23 ` [PATCH 10/14] MIPS: memblock: Perform early low memory test Serge Semin
2018-01-17 22:23 ` [PATCH 11/14] MIPS: memblock: Print out kernel virtual mem layout Serge Semin
2018-01-18 20:03 ` Florian Fainelli
2018-01-18 20:18 ` Serge Semin
2018-01-19 7:59 ` Matt Redfearn
2018-01-19 7:59 ` Matt Redfearn
2018-01-19 14:27 ` Serge Semin
2018-01-23 15:35 ` Matt Redfearn
2018-01-23 15:35 ` Matt Redfearn
2018-01-23 19:10 ` Serge Semin [this message]
2018-01-24 9:46 ` Matt Redfearn
2018-01-24 9:46 ` Matt Redfearn
2018-01-24 10:08 ` Serge Semin
2018-01-17 22:23 ` [PATCH 12/14] MIPS: memblock: Discard bootmem from Loongson3 code Serge Semin
2018-01-23 22:28 ` Jiaxun Yang
2018-01-23 19:36 ` Serge Semin
2018-01-17 22:23 ` [PATCH 13/14] MIPS: memblock: Discard bootmem from SGI IP27 code Serge Semin
2018-01-17 22:23 ` [PATCH 14/14] MIPS: memblock: Deactivate bootmem allocator Serge Semin
2018-01-23 23:59 ` James Hogan
2018-01-24 8:28 ` Serge Semin
2018-01-22 16:33 ` [PATCH] MIPS: KASLR: Drop relocatable fixup from reservation_init Matt Redfearn
2018-01-22 16:33 ` Matt Redfearn
2018-01-22 21:54 ` Serge Semin
2018-01-22 16:36 ` [PATCH 00/14] MIPS: memblock: Switch arch code to NO_BOOTMEM Matt Redfearn
2018-01-22 16:36 ` Matt Redfearn
2018-01-22 21:33 ` Serge Semin
2018-01-23 11:29 ` Mathieu Malaterre
2018-01-23 14:01 ` Matt Redfearn
2018-01-23 14:01 ` Matt Redfearn
2018-01-25 17:58 ` Alexander Sverdlin
2018-01-25 17:58 ` Alexander Sverdlin
2018-01-25 20:17 ` Serge Semin
2018-01-31 0:21 ` Serge Semin
2018-02-02 3:54 ` [PATCH v2 00/15] " Serge Semin
2018-02-02 3:54 ` [PATCH v2 01/15] MIPS: memblock: Add RESERVED_NOMAP memory flag Serge Semin
2018-02-13 11:21 ` Matt Redfearn
2018-02-13 11:21 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 02/15] MIPS: memblock: Surely map BSS kernel memory section Serge Semin
2018-02-13 11:22 ` Matt Redfearn
2018-02-13 11:22 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 03/15] MIPS: memblock: Reserve initrd memory in memblock Serge Semin
2018-02-13 11:22 ` Matt Redfearn
2018-02-13 11:22 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 04/15] MIPS: memblock: Discard bootmem initialization Serge Semin
2018-02-13 11:28 ` Matt Redfearn
2018-02-13 11:28 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 05/15] MIPS: KASLR: Drop relocatable fixup from reservation_init Serge Semin
2018-02-13 11:30 ` Matt Redfearn
2018-02-13 11:30 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 06/15] MIPS: memblock: Add reserved memory regions to memblock Serge Semin
2018-02-13 13:44 ` Matt Redfearn
2018-02-13 13:44 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 07/15] MIPS: memblock: Reserve kdump/crash regions in memblock Serge Semin
2018-02-13 13:45 ` Matt Redfearn
2018-02-13 13:45 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 08/15] MIPS: memblock: Mark present sparsemem sections Serge Semin
2018-02-13 13:50 ` Matt Redfearn
2018-02-13 13:50 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 09/15] MIPS: memblock: Simplify DMA contiguous reservation Serge Semin
2018-02-13 13:51 ` Matt Redfearn
2018-02-13 13:51 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 10/15] MIPS: memblock: Allow memblock regions resize Serge Semin
2018-02-13 13:55 ` Matt Redfearn
2018-02-13 13:55 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 11/15] MIPS: memblock: Perform early low memory test Serge Semin
2018-02-13 14:01 ` Matt Redfearn
2018-02-13 14:01 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 12/15] MIPS: memblock: Print out kernel virtual mem layout Serge Semin
2018-02-13 14:05 ` Matt Redfearn
2018-02-13 14:05 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 13/15] MIPS: memblock: Discard bootmem from Loongson3 code Serge Semin
2018-02-13 14:09 ` Matt Redfearn
2018-02-13 14:09 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 14/15] MIPS: memblock: Discard bootmem from SGI IP27 code Serge Semin
2018-02-13 14:17 ` Matt Redfearn
2018-02-13 14:17 ` Matt Redfearn
2018-02-02 3:54 ` [PATCH v2 15/15] MIPS: memblock: Deactivate bootmem allocator Serge Semin
2018-02-13 14:18 ` Matt Redfearn
2018-02-13 14:18 ` Matt Redfearn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180123191051.GA28147@mobilestation \
--to=fancer.lancer@gmail.com \
--cc=James.hogan@mips.com \
--cc=Peter.Wotton@mips.com \
--cc=Sergey.Semin@t-platforms.ru \
--cc=Steven.Hill@cavium.com \
--cc=alex.belits@cavium.com \
--cc=alexander.sverdlin@nokia.com \
--cc=david.daney@cavium.com \
--cc=f.fainelli@gmail.com \
--cc=goran.ferenc@mips.com \
--cc=jhogan@kernel.org \
--cc=kumba@gentoo.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=marcin.nowakowski@mips.com \
--cc=matt.redfearn@mips.com \
--cc=miodrag.dinic@mips.com \
--cc=paul.burton@mips.com \
--cc=paul.gortmaker@windriver.com \
--cc=ralf@linux-mips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.