From: Arjan van de Ven <arjan@linux.intel.com>
To: Kees Cook <keescook@chromium.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH] x86, kernel: make dump_pagetables a tristate
Date: Mon, 01 Jul 2013 09:35:20 -0700 [thread overview]
Message-ID: <51D1AFC8.80803@linux.intel.com> (raw)
In-Reply-To: <CAGXu5jJw==6ypJVa3YQu27xBidfbgg4tO6AkJia34CwHF=OOfg@mail.gmail.com>
On 7/1/2013 8:55 AM, Kees Cook wrote:
> On Mon, Jul 1, 2013 at 6:58 AM, Arjan van de Ven <arjan@linux.intel.com> wrote:
>> On 6/29/2013 9:05 PM, Kees Cook wrote:
>>>
>>> Being able to examine page tables is handy, so make this a module that
>>> can be loaded as needed.
>>
>> I personally don't think this is a good idea due to the various
>> security/etc implications of this feature... should really just
>> be off for non-debug kernels, not "off unless you load the module"
>
> I struggled with this too, but I couldn't come up with any reason that
> made sense. If a system is running without modules_disabled, this code
> is still loadable:
> https://www.outflux.net/blog/archives/2011/04/27/non-executable-kernel-memory-progress/
>
> The root user just needs to look at /proc/kallsyms before passing an
> argument. So having it NOT a tristate doesn't actually change anything
> except make it awkward to get it done.
>
> If a system is running with verified modules, then just not
> signing/including ptdump makes it unavailable. And running with
> modules_disabled, obviously, blocks it.
>
>>> +#ifdef CONFIG_X86_64
>>> +EXPORT_SYMBOL_GPL(init_level4_pgt);
>>> +#else
>>> +EXPORT_SYMBOL_GPL(swapper_pg_dir);
>>> +#endif
>>
>> like these really have no business in any module
>
> Well, that's why I took me 2 years to send this patch. Those symbols
> shouldn't be used outside of page table debugging, so it didn't really
> seem upstreamable. However, now that I need to do regular examination
> of the page tables, I wanted to do it without the hacky thing above. I
> want to do at will on our test images (we use the same kernel for
> production and test, but production images leave out the test modules,
> etc).
the code is small...
how about making it a command line option to enable?
rather than making something like this a module
next prev parent reply other threads:[~2013-07-01 16:35 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-30 4:05 [PATCH] x86, kernel: make dump_pagetables a tristate Kees Cook
2013-07-01 13:58 ` Arjan van de Ven
2013-07-01 15:55 ` Kees Cook
2013-07-01 16:35 ` Arjan van de Ven [this message]
2013-07-01 16:56 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51D1AFC8.80803@linux.intel.com \
--to=arjan@linux.intel.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.