[PATCH] arm64: dump: hide kernel pointers

linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed

From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH] arm64: dump: hide kernel pointers
Date: Wed, 1 Mar 2017 03:52:15 +0000	[thread overview]
Message-ID: <20170301035214.GA12637@arm.com> (raw)
In-Reply-To: <ae6f608f-6c84-b999-d238-a74f6f42d2e5@redhat.com>

On Tue, Feb 28, 2017 at 02:55:51PM -0800, Laura Abbott wrote:
> On 02/28/2017 02:04 AM, Mark Rutland wrote:
> > On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
> >> On 28 February 2017 at 07:05, Miles Chen <miles.chen@mediatek.com> wrote:
> >>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> >>> /proc/vmallocinfo does.
> >>>
> >>> With sysctl kernel.kptr_restrict=0 or 1:
> >>> cat /sys/kernel/debug/kernel_page_tables
> >>
> >> I wonder if this file should be accessible at all if kptr_restrict > 0
> > 
> > I don't have strong feelings either way.
> > 
> > This isn't typically enabled, and it's under debugfs, so this shouldn't
> > be accessible by a typical user anyhow.
> > 
> > That said, there are very few of us who need to take a look at this
> > file. I'm happy to deal with attacking kptr_restrict when required.
> > 
> 
> In the interest of security it's probably for the best to switch to the
> restricted pointer. Who knows what might get enabled or forgotten about.
> I don't like the idea of tying enablement of the file to kptr_restrict
> though.

... but it's also pretty weird to show the sizes, mapping type and
permissions yet hide the virtual addresses. If you want to keep the file
in spite of kptr_restrict, which bits are actually useful once the
addresses are nobbled?

Will

next prev parent reply	other threads:[~2017-03-01  3:52 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-28  7:05 [PATCH] arm64: dump: hide kernel pointers Miles Chen
2017-02-28  8:42 ` Ard Biesheuvel
2017-02-28 10:04   ` Mark Rutland
2017-02-28 22:55     ` Laura Abbott
2017-03-01  3:52       ` Will Deacon [this message]
2017-03-01 15:18         ` Laura Abbott

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170301035214.GA12637@arm.com \
    --to=will.deacon@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).