public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [PATCH] drm: do not leak kernel addresses via /proc/dri/*/vma
@ 2011-02-12  3:29 Kees Cook
  2011-02-12 18:13 ` Corbin Simpson
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2011-02-12  3:29 UTC (permalink / raw)
  To: linux-kernel; +Cc: David Airlie, dri-devel, Dan Rosenberg, Eugene Teo

In the continuing effort to avoid kernel addresses leaking to unprivileged
users, this patch switches to %pK for /proc/dri/*/vma.

Signed-off-by: Kees Cook <kees.cook@canonical.com>
---
 drivers/gpu/drm/drm_info.c |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/drm_info.c b/drivers/gpu/drm/drm_info.c
index 3cdbaf3..be9a9c0 100644
--- a/drivers/gpu/drm/drm_info.c
+++ b/drivers/gpu/drm/drm_info.c
@@ -283,17 +283,18 @@ int drm_vma_info(struct seq_file *m, void *data)
 #endif
 
 	mutex_lock(&dev->struct_mutex);
-	seq_printf(m, "vma use count: %d, high_memory = %p, 0x%08llx\n",
+	seq_printf(m, "vma use count: %d, high_memory = %pK, 0x%pK\n",
 		   atomic_read(&dev->vma_count),
-		   high_memory, (u64)virt_to_phys(high_memory));
+		   high_memory, (void *)virt_to_phys(high_memory));
 
 	list_for_each_entry(pt, &dev->vmalist, head) {
 		vma = pt->vma;
 		if (!vma)
 			continue;
 		seq_printf(m,
-			   "\n%5d 0x%08lx-0x%08lx %c%c%c%c%c%c 0x%08lx000",
-			   pt->pid, vma->vm_start, vma->vm_end,
+			   "\n%5d 0x%pK-0x%pK %c%c%c%c%c%c 0x%08lx000",
+			   pt->pid,
+			   (void *)vma->vm_start, (void *)vma->vm_end,
 			   vma->vm_flags & VM_READ ? 'r' : '-',
 			   vma->vm_flags & VM_WRITE ? 'w' : '-',
 			   vma->vm_flags & VM_EXEC ? 'x' : '-',
-- 
1.7.2.3

-- 
Kees Cook
Ubuntu Security Team

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] drm: do not leak kernel addresses via /proc/dri/*/vma
  2011-02-12  3:29 [PATCH] drm: do not leak kernel addresses via /proc/dri/*/vma Kees Cook
@ 2011-02-12 18:13 ` Corbin Simpson
  2011-02-12 22:08   ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Corbin Simpson @ 2011-02-12 18:13 UTC (permalink / raw)
  To: Kees Cook; +Cc: linux-kernel, Dan Rosenberg, Eugene Teo, dri-devel

On Fri, Feb 11, 2011 at 7:29 PM, Kees Cook <kees.cook@canonical.com> wrote:
> In the continuing effort to avoid kernel addresses leaking to unprivileged
> users, this patch switches to %pK for /proc/dri/*/vma.
>
> Signed-off-by: Kees Cook <kees.cook@canonical.com>
> ---
>  drivers/gpu/drm/drm_info.c |    9 +++++----
>  1 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_info.c b/drivers/gpu/drm/drm_info.c
> index 3cdbaf3..be9a9c0 100644
> --- a/drivers/gpu/drm/drm_info.c
> +++ b/drivers/gpu/drm/drm_info.c
> @@ -283,17 +283,18 @@ int drm_vma_info(struct seq_file *m, void *data)
>  #endif
>
>        mutex_lock(&dev->struct_mutex);
> -       seq_printf(m, "vma use count: %d, high_memory = %p, 0x%08llx\n",
> +       seq_printf(m, "vma use count: %d, high_memory = %pK, 0x%pK\n",
>                   atomic_read(&dev->vma_count),
> -                  high_memory, (u64)virt_to_phys(high_memory));
> +                  high_memory, (void *)virt_to_phys(high_memory));
>
>        list_for_each_entry(pt, &dev->vmalist, head) {
>                vma = pt->vma;
>                if (!vma)
>                        continue;
>                seq_printf(m,
> -                          "\n%5d 0x%08lx-0x%08lx %c%c%c%c%c%c 0x%08lx000",
> -                          pt->pid, vma->vm_start, vma->vm_end,
> +                          "\n%5d 0x%pK-0x%pK %c%c%c%c%c%c 0x%08lx000",
> +                          pt->pid,
> +                          (void *)vma->vm_start, (void *)vma->vm_end,
>                           vma->vm_flags & VM_READ ? 'r' : '-',
>                           vma->vm_flags & VM_WRITE ? 'w' : '-',
>                           vma->vm_flags & VM_EXEC ? 'x' : '-',
> --
> 1.7.2.3

This is a highly reasonable patch. Does 0x%pK show up as 0x0x0 in the
log, or just 0x0? Other than that...

Reviewed-by: Corbin Simpson <MostAwesomeDude@gmail.com>

-- 
When the facts change, I change my mind. What do you do, sir? ~ Keynes

Corbin Simpson
<MostAwesomeDude@gmail.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] drm: do not leak kernel addresses via /proc/dri/*/vma
  2011-02-12 18:13 ` Corbin Simpson
@ 2011-02-12 22:08   ` Kees Cook
  0 siblings, 0 replies; 3+ messages in thread
From: Kees Cook @ 2011-02-12 22:08 UTC (permalink / raw)
  To: Corbin Simpson; +Cc: linux-kernel, Dan Rosenberg, Eugene Teo, dri-devel

Hi Corbin,

On Sat, Feb 12, 2011 at 10:13:04AM -0800, Corbin Simpson wrote:
> On Fri, Feb 11, 2011 at 7:29 PM, Kees Cook <kees.cook@canonical.com> wrote:
> > In the continuing effort to avoid kernel addresses leaking to unprivileged
> > users, this patch switches to %pK for /proc/dri/*/vma.
> 
> This is a highly reasonable patch. Does 0x%pK show up as 0x0x0 in the
> log, or just 0x0? Other than that...
> Reviewed-by: Corbin Simpson <MostAwesomeDude@gmail.com>

Thanks! The default for %p (and %pK) is without the 0x prefix, and 0-padded to sizeof(void*)
character. So 0x%pK will show as 0x00000000 on 32bit to a regular user, etc.

-Kees

-- 
Kees Cook
Ubuntu Security Team

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-12 22:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-12  3:29 [PATCH] drm: do not leak kernel addresses via /proc/dri/*/vma Kees Cook
2011-02-12 18:13 ` Corbin Simpson
2011-02-12 22:08   ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox