* [PATCH] arm64: dump: hide kernel pointers
@ 2017-02-28 7:05 Miles Chen
2017-02-28 8:42 ` Ard Biesheuvel
0 siblings, 1 reply; 6+ messages in thread
From: Miles Chen @ 2017-02-28 7:05 UTC (permalink / raw)
To: Catalin Marinas, Will Deacon
Cc: Miles Chen, linux-mediatek, linux-kernel, linux-arm-kernel,
wsd_upstream
Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
/proc/vmallocinfo does.
With sysctl kernel.kptr_restrict=0 or 1:
cat /sys/kernel/debug/kernel_page_tables
---[ Modules start ]---
---[ Modules end ]---
---[ vmalloc() Area ]---
ffffff8008000000-ffffff8008010000 64K PTE RW NX SHD AF...
ffffff8008015000-ffffff8008016000 4K PTE RW NX SHD AF...
ffffff8008020000-ffffff8008030000 64K PTE RW NX SHD AF...
ffffff8008031000-ffffff8008071000 256K PTE RW NX SHD AF...
ffffff8008080000-ffffff8008200000 1536K PTE ro x SHD AF...
ffffff8008200000-ffffff8008400000 2M PMD ro x SHD AF...
ffffff8008400000-ffffff8008540000 1280K PTE ro x SHD AF...
ffffff8008540000-ffffff8008690000 1344K PTE ro NX SHD AF...
ffffff8008940000-ffffff8008a10000 832K PTE RW NX SHD AF...
ffffff8008aca000-ffffff8008acd000 12K PTE RW NX SHD AF...
ffffffbebffd8000-ffffffbebffdb000 12K PTE RW NX SHD AF...
---[ vmalloc() End ]---
---[ Fixmap start ]---
ffffffbefe800000-ffffffbefea00000 2M PMD ro NX SHD AF...
---[ Fixmap end ]---
---[ PCI I/O start ]---
---[ PCI I/O end ]---
---[ Linear Mapping ]---
ffffffc000000000-ffffffc000080000 512K PTE RW NX SHD AF...
ffffffc000080000-ffffffc000200000 1536K PTE ro NX SHD AF...
ffffffc000200000-ffffffc000600000 4M PMD ro NX SHD AF...
ffffffc000600000-ffffffc000690000 576K PTE ro NX SHD AF...
ffffffc000690000-ffffffc000800000 1472K PTE RW NX SHD AF...
ffffffc000800000-ffffffc002000000 24M PMD RW NX SHD AF...
ffffffc002000000-ffffffc040000000 992M PMD RW NX SHD AF...
ffffffc040000000-ffffffc080000000 1G PGD RW NX SHD AF...
With sysctl kernel.kptr_restrict=2:
cat /sys/kernel/debug/kernel_page_tables
---[ Modules start ]---
---[ Modules end ]---
---[ vmalloc() Area ]---
0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
0000000000000000-0000000000000000 4K PTE RW NX SHD AF...
0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
0000000000000000-0000000000000000 256K PTE RW NX SHD AF...
0000000000000000-0000000000000000 1536K PTE ro x SHD AF...
0000000000000000-0000000000000000 2M PMD ro x SHD AF...
0000000000000000-0000000000000000 1280K PTE ro x SHD AF...
0000000000000000-0000000000000000 1344K PTE ro NX SHD AF...
0000000000000000-0000000000000000 832K PTE RW NX SHD AF...
0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
---[ vmalloc() End ]---
---[ Fixmap start ]---
0000000000000000-0000000000000000 2M PMD ro NX SHD AF...
---[ Fixmap end ]---
---[ PCI I/O start ]---
---[ PCI I/O end ]---
---[ Linear Mapping ]---
0000000000000000-0000000000000000 512K PTE RW NX SHD AF...
0000000000000000-0000000000000000 1536K PTE ro NX SHD AF...
0000000000000000-0000000000000000 4M PMD ro NX SHD AF...
0000000000000000-0000000000000000 576K PTE ro NX SHD AF...
0000000000000000-0000000000000000 1472K PTE RW NX SHD AF...
0000000000000000-0000000000000000 24M PMD RW NX SHD AF...
0000000000000000-0000000000000000 992M PMD RW NX SHD AF...
0000000000000000-0000000000000000 1G PGD RW NX SHD AF...
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
---
arch/arm64/mm/dump.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
index ca74a2a..e055ecf 100644
--- a/arch/arm64/mm/dump.c
+++ b/arch/arm64/mm/dump.c
@@ -253,8 +253,8 @@ static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
if (st->current_prot) {
note_prot_uxn(st, addr);
note_prot_wx(st, addr);
- pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
- st->start_address, addr);
+ pt_dump_seq_printf(st->seq, "%pK-%pK ",
+ (void *)st->start_address, (void *)addr);
delta = (addr - st->start_address) >> 10;
while (!(delta & 1023) && unit[1]) {
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH] arm64: dump: hide kernel pointers
2017-02-28 7:05 [PATCH] arm64: dump: hide kernel pointers Miles Chen
@ 2017-02-28 8:42 ` Ard Biesheuvel
2017-02-28 10:04 ` Mark Rutland
0 siblings, 1 reply; 6+ messages in thread
From: Ard Biesheuvel @ 2017-02-28 8:42 UTC (permalink / raw)
To: Miles Chen, Mark Rutland
Cc: wsd_upstream, Catalin Marinas, Will Deacon,
linux-kernel@vger.kernel.org, linux-mediatek,
linux-arm-kernel@lists.infradead.org
(+ Mark)
On 28 February 2017 at 07:05, Miles Chen <miles.chen@mediatek.com> wrote:
> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> /proc/vmallocinfo does.
>
> With sysctl kernel.kptr_restrict=0 or 1:
> cat /sys/kernel/debug/kernel_page_tables
I wonder if this file should be accessible at all if kptr_restrict > 0
> ---[ Modules start ]---
> ---[ Modules end ]---
> ---[ vmalloc() Area ]---
> ffffff8008000000-ffffff8008010000 64K PTE RW NX SHD AF...
> ffffff8008015000-ffffff8008016000 4K PTE RW NX SHD AF...
> ffffff8008020000-ffffff8008030000 64K PTE RW NX SHD AF...
> ffffff8008031000-ffffff8008071000 256K PTE RW NX SHD AF...
> ffffff8008080000-ffffff8008200000 1536K PTE ro x SHD AF...
> ffffff8008200000-ffffff8008400000 2M PMD ro x SHD AF...
> ffffff8008400000-ffffff8008540000 1280K PTE ro x SHD AF...
> ffffff8008540000-ffffff8008690000 1344K PTE ro NX SHD AF...
> ffffff8008940000-ffffff8008a10000 832K PTE RW NX SHD AF...
> ffffff8008aca000-ffffff8008acd000 12K PTE RW NX SHD AF...
> ffffffbebffd8000-ffffffbebffdb000 12K PTE RW NX SHD AF...
> ---[ vmalloc() End ]---
> ---[ Fixmap start ]---
> ffffffbefe800000-ffffffbefea00000 2M PMD ro NX SHD AF...
> ---[ Fixmap end ]---
> ---[ PCI I/O start ]---
> ---[ PCI I/O end ]---
> ---[ Linear Mapping ]---
> ffffffc000000000-ffffffc000080000 512K PTE RW NX SHD AF...
> ffffffc000080000-ffffffc000200000 1536K PTE ro NX SHD AF...
> ffffffc000200000-ffffffc000600000 4M PMD ro NX SHD AF...
> ffffffc000600000-ffffffc000690000 576K PTE ro NX SHD AF...
> ffffffc000690000-ffffffc000800000 1472K PTE RW NX SHD AF...
> ffffffc000800000-ffffffc002000000 24M PMD RW NX SHD AF...
> ffffffc002000000-ffffffc040000000 992M PMD RW NX SHD AF...
> ffffffc040000000-ffffffc080000000 1G PGD RW NX SHD AF...
>
> With sysctl kernel.kptr_restrict=2:
> cat /sys/kernel/debug/kernel_page_tables
> ---[ Modules start ]---
> ---[ Modules end ]---
> ---[ vmalloc() Area ]---
> 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 4K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 256K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 1536K PTE ro x SHD AF...
> 0000000000000000-0000000000000000 2M PMD ro x SHD AF...
> 0000000000000000-0000000000000000 1280K PTE ro x SHD AF...
> 0000000000000000-0000000000000000 1344K PTE ro NX SHD AF...
> 0000000000000000-0000000000000000 832K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> ---[ vmalloc() End ]---
> ---[ Fixmap start ]---
> 0000000000000000-0000000000000000 2M PMD ro NX SHD AF...
> ---[ Fixmap end ]---
> ---[ PCI I/O start ]---
> ---[ PCI I/O end ]---
> ---[ Linear Mapping ]---
> 0000000000000000-0000000000000000 512K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 1536K PTE ro NX SHD AF...
> 0000000000000000-0000000000000000 4M PMD ro NX SHD AF...
> 0000000000000000-0000000000000000 576K PTE ro NX SHD AF...
> 0000000000000000-0000000000000000 1472K PTE RW NX SHD AF...
> 0000000000000000-0000000000000000 24M PMD RW NX SHD AF...
> 0000000000000000-0000000000000000 992M PMD RW NX SHD AF...
> 0000000000000000-0000000000000000 1G PGD RW NX SHD AF...
>
> Signed-off-by: Miles Chen <miles.chen@mediatek.com>
> ---
> arch/arm64/mm/dump.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
> index ca74a2a..e055ecf 100644
> --- a/arch/arm64/mm/dump.c
> +++ b/arch/arm64/mm/dump.c
> @@ -253,8 +253,8 @@ static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
> if (st->current_prot) {
> note_prot_uxn(st, addr);
> note_prot_wx(st, addr);
> - pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
> - st->start_address, addr);
> + pt_dump_seq_printf(st->seq, "%pK-%pK ",
> + (void *)st->start_address, (void *)addr);
>
> delta = (addr - st->start_address) >> 10;
> while (!(delta & 1023) && unit[1]) {
> --
> 1.9.1
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] arm64: dump: hide kernel pointers
2017-02-28 8:42 ` Ard Biesheuvel
@ 2017-02-28 10:04 ` Mark Rutland
2017-02-28 22:55 ` Laura Abbott
0 siblings, 1 reply; 6+ messages in thread
From: Mark Rutland @ 2017-02-28 10:04 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: wsd_upstream, Catalin Marinas, Will Deacon,
linux-kernel@vger.kernel.org, Miles Chen, linux-mediatek, labbott,
linux-arm-kernel@lists.infradead.org
On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
> (+ Mark)
(+ Laura)
> On 28 February 2017 at 07:05, Miles Chen <miles.chen@mediatek.com> wrote:
> > Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> > /proc/vmallocinfo does.
> >
> > With sysctl kernel.kptr_restrict=0 or 1:
> > cat /sys/kernel/debug/kernel_page_tables
>
> I wonder if this file should be accessible at all if kptr_restrict > 0
I don't have strong feelings either way.
This isn't typically enabled, and it's under debugfs, so this shouldn't
be accessible by a typical user anyhow.
That said, there are very few of us who need to take a look at this
file. I'm happy to deal with attacking kptr_restrict when required.
Thanks,
Mark.
> > ---[ Modules start ]---
> > ---[ Modules end ]---
> > ---[ vmalloc() Area ]---
> > ffffff8008000000-ffffff8008010000 64K PTE RW NX SHD AF...
> > ffffff8008015000-ffffff8008016000 4K PTE RW NX SHD AF...
> > ffffff8008020000-ffffff8008030000 64K PTE RW NX SHD AF...
> > ffffff8008031000-ffffff8008071000 256K PTE RW NX SHD AF...
> > ffffff8008080000-ffffff8008200000 1536K PTE ro x SHD AF...
> > ffffff8008200000-ffffff8008400000 2M PMD ro x SHD AF...
> > ffffff8008400000-ffffff8008540000 1280K PTE ro x SHD AF...
> > ffffff8008540000-ffffff8008690000 1344K PTE ro NX SHD AF...
> > ffffff8008940000-ffffff8008a10000 832K PTE RW NX SHD AF...
> > ffffff8008aca000-ffffff8008acd000 12K PTE RW NX SHD AF...
> > ffffffbebffd8000-ffffffbebffdb000 12K PTE RW NX SHD AF...
> > ---[ vmalloc() End ]---
> > ---[ Fixmap start ]---
> > ffffffbefe800000-ffffffbefea00000 2M PMD ro NX SHD AF...
> > ---[ Fixmap end ]---
> > ---[ PCI I/O start ]---
> > ---[ PCI I/O end ]---
> > ---[ Linear Mapping ]---
> > ffffffc000000000-ffffffc000080000 512K PTE RW NX SHD AF...
> > ffffffc000080000-ffffffc000200000 1536K PTE ro NX SHD AF...
> > ffffffc000200000-ffffffc000600000 4M PMD ro NX SHD AF...
> > ffffffc000600000-ffffffc000690000 576K PTE ro NX SHD AF...
> > ffffffc000690000-ffffffc000800000 1472K PTE RW NX SHD AF...
> > ffffffc000800000-ffffffc002000000 24M PMD RW NX SHD AF...
> > ffffffc002000000-ffffffc040000000 992M PMD RW NX SHD AF...
> > ffffffc040000000-ffffffc080000000 1G PGD RW NX SHD AF...
> >
> > With sysctl kernel.kptr_restrict=2:
> > cat /sys/kernel/debug/kernel_page_tables
> > ---[ Modules start ]---
> > ---[ Modules end ]---
> > ---[ vmalloc() Area ]---
> > 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 4K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 256K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 1536K PTE ro x SHD AF...
> > 0000000000000000-0000000000000000 2M PMD ro x SHD AF...
> > 0000000000000000-0000000000000000 1280K PTE ro x SHD AF...
> > 0000000000000000-0000000000000000 1344K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 832K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
> > ---[ vmalloc() End ]---
> > ---[ Fixmap start ]---
> > 0000000000000000-0000000000000000 2M PMD ro NX SHD AF...
> > ---[ Fixmap end ]---
> > ---[ PCI I/O start ]---
> > ---[ PCI I/O end ]---
> > ---[ Linear Mapping ]---
> > 0000000000000000-0000000000000000 512K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 1536K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 4M PMD ro NX SHD AF...
> > 0000000000000000-0000000000000000 576K PTE ro NX SHD AF...
> > 0000000000000000-0000000000000000 1472K PTE RW NX SHD AF...
> > 0000000000000000-0000000000000000 24M PMD RW NX SHD AF...
> > 0000000000000000-0000000000000000 992M PMD RW NX SHD AF...
> > 0000000000000000-0000000000000000 1G PGD RW NX SHD AF...
> >
> > Signed-off-by: Miles Chen <miles.chen@mediatek.com>
> > ---
> > arch/arm64/mm/dump.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
> > index ca74a2a..e055ecf 100644
> > --- a/arch/arm64/mm/dump.c
> > +++ b/arch/arm64/mm/dump.c
> > @@ -253,8 +253,8 @@ static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
> > if (st->current_prot) {
> > note_prot_uxn(st, addr);
> > note_prot_wx(st, addr);
> > - pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
> > - st->start_address, addr);
> > + pt_dump_seq_printf(st->seq, "%pK-%pK ",
> > + (void *)st->start_address, (void *)addr);
> >
> > delta = (addr - st->start_address) >> 10;
> > while (!(delta & 1023) && unit[1]) {
> > --
> > 1.9.1
> >
> >
> > _______________________________________________
> > linux-arm-kernel mailing list
> > linux-arm-kernel@lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] arm64: dump: hide kernel pointers
2017-02-28 10:04 ` Mark Rutland
@ 2017-02-28 22:55 ` Laura Abbott
2017-03-01 3:52 ` Will Deacon
0 siblings, 1 reply; 6+ messages in thread
From: Laura Abbott @ 2017-02-28 22:55 UTC (permalink / raw)
To: Mark Rutland, Ard Biesheuvel
Cc: wsd_upstream-NuS5LvNUpcJWk0Htik3J/w, Catalin Marinas, Will Deacon,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Miles Chen,
linux-mediatek-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r,
linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org
On 02/28/2017 02:04 AM, Mark Rutland wrote:
> On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
>> (+ Mark)
>
> (+ Laura)
>
>> On 28 February 2017 at 07:05, Miles Chen <miles.chen-NuS5LvNUpcJWk0Htik3J/w@public.gmane.org> wrote:
>>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
>>> /proc/vmallocinfo does.
>>>
>>> With sysctl kernel.kptr_restrict=0 or 1:
>>> cat /sys/kernel/debug/kernel_page_tables
>>
>> I wonder if this file should be accessible at all if kptr_restrict > 0
>
> I don't have strong feelings either way.
>
> This isn't typically enabled, and it's under debugfs, so this shouldn't
> be accessible by a typical user anyhow.
>
> That said, there are very few of us who need to take a look at this
> file. I'm happy to deal with attacking kptr_restrict when required.
>
In the interest of security it's probably for the best to switch to the
restricted pointer. Who knows what might get enabled or forgotten about.
I don't like the idea of tying enablement of the file to kptr_restrict
though.
This should probably be fixed up on all arches that implement the
page table dump feature.
Laura
> Thanks,
> Mark.
>
>>> ---[ Modules start ]---
>>> ---[ Modules end ]---
>>> ---[ vmalloc() Area ]---
>>> ffffff8008000000-ffffff8008010000 64K PTE RW NX SHD AF...
>>> ffffff8008015000-ffffff8008016000 4K PTE RW NX SHD AF...
>>> ffffff8008020000-ffffff8008030000 64K PTE RW NX SHD AF...
>>> ffffff8008031000-ffffff8008071000 256K PTE RW NX SHD AF...
>>> ffffff8008080000-ffffff8008200000 1536K PTE ro x SHD AF...
>>> ffffff8008200000-ffffff8008400000 2M PMD ro x SHD AF...
>>> ffffff8008400000-ffffff8008540000 1280K PTE ro x SHD AF...
>>> ffffff8008540000-ffffff8008690000 1344K PTE ro NX SHD AF...
>>> ffffff8008940000-ffffff8008a10000 832K PTE RW NX SHD AF...
>>> ffffff8008aca000-ffffff8008acd000 12K PTE RW NX SHD AF...
>>> ffffffbebffd8000-ffffffbebffdb000 12K PTE RW NX SHD AF...
>>> ---[ vmalloc() End ]---
>>> ---[ Fixmap start ]---
>>> ffffffbefe800000-ffffffbefea00000 2M PMD ro NX SHD AF...
>>> ---[ Fixmap end ]---
>>> ---[ PCI I/O start ]---
>>> ---[ PCI I/O end ]---
>>> ---[ Linear Mapping ]---
>>> ffffffc000000000-ffffffc000080000 512K PTE RW NX SHD AF...
>>> ffffffc000080000-ffffffc000200000 1536K PTE ro NX SHD AF...
>>> ffffffc000200000-ffffffc000600000 4M PMD ro NX SHD AF...
>>> ffffffc000600000-ffffffc000690000 576K PTE ro NX SHD AF...
>>> ffffffc000690000-ffffffc000800000 1472K PTE RW NX SHD AF...
>>> ffffffc000800000-ffffffc002000000 24M PMD RW NX SHD AF...
>>> ffffffc002000000-ffffffc040000000 992M PMD RW NX SHD AF...
>>> ffffffc040000000-ffffffc080000000 1G PGD RW NX SHD AF...
>>>
>>> With sysctl kernel.kptr_restrict=2:
>>> cat /sys/kernel/debug/kernel_page_tables
>>> ---[ Modules start ]---
>>> ---[ Modules end ]---
>>> ---[ vmalloc() Area ]---
>>> 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 4K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 64K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 256K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 1536K PTE ro x SHD AF...
>>> 0000000000000000-0000000000000000 2M PMD ro x SHD AF...
>>> 0000000000000000-0000000000000000 1280K PTE ro x SHD AF...
>>> 0000000000000000-0000000000000000 1344K PTE ro NX SHD AF...
>>> 0000000000000000-0000000000000000 832K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 12K PTE RW NX SHD AF...
>>> ---[ vmalloc() End ]---
>>> ---[ Fixmap start ]---
>>> 0000000000000000-0000000000000000 2M PMD ro NX SHD AF...
>>> ---[ Fixmap end ]---
>>> ---[ PCI I/O start ]---
>>> ---[ PCI I/O end ]---
>>> ---[ Linear Mapping ]---
>>> 0000000000000000-0000000000000000 512K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 1536K PTE ro NX SHD AF...
>>> 0000000000000000-0000000000000000 4M PMD ro NX SHD AF...
>>> 0000000000000000-0000000000000000 576K PTE ro NX SHD AF...
>>> 0000000000000000-0000000000000000 1472K PTE RW NX SHD AF...
>>> 0000000000000000-0000000000000000 24M PMD RW NX SHD AF...
>>> 0000000000000000-0000000000000000 992M PMD RW NX SHD AF...
>>> 0000000000000000-0000000000000000 1G PGD RW NX SHD AF...
>>>
>>> Signed-off-by: Miles Chen <miles.chen-NuS5LvNUpcJWk0Htik3J/w@public.gmane.org>
>>> ---
>>> arch/arm64/mm/dump.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/arm64/mm/dump.c b/arch/arm64/mm/dump.c
>>> index ca74a2a..e055ecf 100644
>>> --- a/arch/arm64/mm/dump.c
>>> +++ b/arch/arm64/mm/dump.c
>>> @@ -253,8 +253,8 @@ static void note_page(struct pg_state *st, unsigned long addr, unsigned level,
>>> if (st->current_prot) {
>>> note_prot_uxn(st, addr);
>>> note_prot_wx(st, addr);
>>> - pt_dump_seq_printf(st->seq, "0x%016lx-0x%016lx ",
>>> - st->start_address, addr);
>>> + pt_dump_seq_printf(st->seq, "%pK-%pK ",
>>> + (void *)st->start_address, (void *)addr);
>>>
>>> delta = (addr - st->start_address) >> 10;
>>> while (!(delta & 1023) && unit[1]) {
>>> --
>>> 1.9.1
>>>
>>>
>>> _______________________________________________
>>> linux-arm-kernel mailing list
>>> linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org
>>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [PATCH] arm64: dump: hide kernel pointers
2017-02-28 22:55 ` Laura Abbott
@ 2017-03-01 3:52 ` Will Deacon
[not found] ` <20170301035214.GA12637-5wv7dgnIgG8@public.gmane.org>
0 siblings, 1 reply; 6+ messages in thread
From: Will Deacon @ 2017-03-01 3:52 UTC (permalink / raw)
To: Laura Abbott
Cc: Mark Rutland, wsd_upstream, Ard Biesheuvel, Catalin Marinas,
linux-kernel@vger.kernel.org, Miles Chen, linux-mediatek,
linux-arm-kernel@lists.infradead.org
On Tue, Feb 28, 2017 at 02:55:51PM -0800, Laura Abbott wrote:
> On 02/28/2017 02:04 AM, Mark Rutland wrote:
> > On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
> >> On 28 February 2017 at 07:05, Miles Chen <miles.chen@mediatek.com> wrote:
> >>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> >>> /proc/vmallocinfo does.
> >>>
> >>> With sysctl kernel.kptr_restrict=0 or 1:
> >>> cat /sys/kernel/debug/kernel_page_tables
> >>
> >> I wonder if this file should be accessible at all if kptr_restrict > 0
> >
> > I don't have strong feelings either way.
> >
> > This isn't typically enabled, and it's under debugfs, so this shouldn't
> > be accessible by a typical user anyhow.
> >
> > That said, there are very few of us who need to take a look at this
> > file. I'm happy to deal with attacking kptr_restrict when required.
> >
>
> In the interest of security it's probably for the best to switch to the
> restricted pointer. Who knows what might get enabled or forgotten about.
> I don't like the idea of tying enablement of the file to kptr_restrict
> though.
... but it's also pretty weird to show the sizes, mapping type and
permissions yet hide the virtual addresses. If you want to keep the file
in spite of kptr_restrict, which bits are actually useful once the
addresses are nobbled?
Will
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-03-01 15:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-02-28 7:05 [PATCH] arm64: dump: hide kernel pointers Miles Chen
2017-02-28 8:42 ` Ard Biesheuvel
2017-02-28 10:04 ` Mark Rutland
2017-02-28 22:55 ` Laura Abbott
2017-03-01 3:52 ` Will Deacon
[not found] ` <20170301035214.GA12637-5wv7dgnIgG8@public.gmane.org>
2017-03-01 15:18 ` Laura Abbott
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox