From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@kernel.org>, "H . Peter Anvin" <hpa@zytor.com>,
the arch/x86 maintainers <x86@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Steven Rostedt <rostedt@goodmis.org>,
Brian Gerst <brgerst@gmail.com>,
Kees Cook <keescook@chromium.org>,
Frederic Weisbecker <fweisbec@gmail.com>,
Byungchul Park <byungchul.park@lge.com>,
Nilay Vaish <nilayvaish@gmail.com>
Subject: Re: [PATCH 3/6] x86/dumpstack: make printk_stack_address() more generally useful
Date: Thu, 1 Sep 2016 08:09:20 -0500 [thread overview]
Message-ID: <20160901130920.e7ac4jff6swqqbfc@treble> (raw)
In-Reply-To: <CA+55aFwpLR-z1ywSpjSc5XQp4WZFAVV989JDwgoieJMuSPWvRw@mail.gmail.com>
On Wed, Aug 31, 2016 at 10:15:19AM -0700, Linus Torvalds wrote:
> So I think the patch is good, and I think the oops looks great, but I
> think we should also just remove the stack dump. Sure, the register
> state *can* contain these things too, but almost never do (and didn't,
> in this example).
>
> The stack dump actually goes back to forever, and it used to be useful
> back in 1992 or so. But it used to be useful mainly because stacks
> were simpler and we didn't have very good call traces anyway. I
> definitely remember having used them - I just do not remember having
> used them in the last ten+ years.
>
> Of course, it's still true that if you can trigger an oops, you've
> likely already lost the security game, but since the stack dump is so
> useless, let's aim to just remove it and make games like the above
> harder.
Yeah. I'll do another patch to get rid of the raw stack dump (though
maybe I'll wait until the other patches get merged first so I don't have
patches flying around everywhere).
> I'm also sure that we probably have a lot of other addresses in dmesg
> that we should make sure aren't leaked. I did a quick grep and found
>
> Base memory trampoline at [ffff8f5e00097000] 97000 size 24576
> percpu: Embedded 35 pages/cpu @ffff8f6236c00000 s103640 r8192 d31528 u262144
> Freeing SMP alternatives memory: 32K (ffffffffaaec1000 - ffffffffaaec9000)
>
> and a few more, and didn't check if those might give load addresses
> away, but it would be good to check.
On my system, a grep found these:
$ dmesg |grep "ffff[8-e]\|ffffffff[8-e]"
[ 0.000000] found SMP MP-table at [mem 0x000f6b40-0x000f6b4f] mapped at [ffffa0b7000f6b40]
[ 0.000000] Base memory trampoline at [ffffa0b700099000] 99000 size 24576
[ 0.000000] percpu: Embedded 485 pages/cpu @ffffa0b77d200000 s1946904 r8192 d31464 u2097152
[ 0.475975] Freeing SMP alternatives memory: 32K (ffffffff9e309000 - ffffffff9e311000)
[ 2.656380] Freeing initrd memory: 10588K (ffffa0b736b42000 - ffffa0b737599000)
[ 4.444099] Freeing unused kernel memory: 3592K (ffffffff9df87000 - ffffffff9e309000)
[ 4.447080] Freeing unused kernel memory: 1352K (ffffa0b7288ae000 - ffffa0b728a00000)
[ 4.449517] Freeing unused kernel memory: 632K (ffffa0b728d62000 - ffffa0b728e00000)
The text starts at 0xffffa0b728000000 and 0xffffffff9d000000. I think
only the "Freeing" messages would give away the vmlinux mappings.
I'm wonder if it might be useful to encode the addresses somehow; they
could conceivably be used to debug use-after-free issues. Or we could
just remove them.
--
Josh
next prev parent reply other threads:[~2016-09-01 13:09 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-24 16:50 [PATCH 0/6] x86/dumpstack: more stack dump improvements Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 1/6] perf/x86: check perf_callchain_store() error Josh Poimboeuf
2016-09-08 9:48 ` [tip:x86/asm] perf/x86: Check " tip-bot for Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 2/6] oprofile/x86: add regs->ip to oprofile trace Josh Poimboeuf
2016-08-30 11:30 ` Robert Richter
2016-09-08 9:48 ` [tip:x86/asm] oprofile/x86: Add " tip-bot for Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 3/6] x86/dumpstack: make printk_stack_address() more generally useful Josh Poimboeuf
2016-08-24 17:28 ` Joe Perches
2016-08-24 18:43 ` Josh Poimboeuf
2016-08-24 19:07 ` Joe Perches
2016-08-24 19:24 ` Josh Poimboeuf
2016-08-24 19:57 ` Joe Perches
2016-08-24 18:03 ` Linus Torvalds
2016-08-24 18:22 ` Peter Zijlstra
2016-08-24 18:37 ` Linus Torvalds
2016-08-24 19:37 ` Josh Poimboeuf
2016-08-25 17:49 ` Josh Poimboeuf
2016-08-25 20:41 ` Kees Cook
2016-08-25 21:07 ` Josh Poimboeuf
[not found] ` <CA+55aFy3sgA4=ZPhiDWiRMvWj9QPhUd0JBdUr1hm_6G0aSC6uw@mail.gmail.com>
2016-08-26 2:19 ` Kees Cook
2016-08-26 3:19 ` Josh Poimboeuf
2016-08-26 4:40 ` Linus Torvalds
2016-08-26 5:56 ` Josh Poimboeuf
[not found] ` <CA+55aFy8FPRiEr-4p++TGj+keTNsg781q1E1FQZ7z4+nAs0ZaQ@mail.gmail.com>
2016-08-26 13:30 ` Josh Poimboeuf
2016-08-31 16:53 ` Josh Poimboeuf
2016-08-31 17:15 ` Linus Torvalds
2016-09-01 13:09 ` Josh Poimboeuf [this message]
2016-09-01 16:30 ` Linus Torvalds
2016-09-08 9:49 ` [tip:x86/asm] x86/dumpstack: Make " tip-bot for Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 4/6] x86/dumpstack: add get_stack_pointer() and get_frame_pointer() Josh Poimboeuf
2016-09-08 9:49 ` [tip:x86/asm] x86/dumpstack: Add " tip-bot for Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 5/6] x86/dumpstack: remove unnecessary stack pointer arguments Josh Poimboeuf
2016-09-08 9:50 ` [tip:x86/asm] x86/dumpstack: Remove " tip-bot for Josh Poimboeuf
2016-08-24 16:50 ` [PATCH 6/6] x86/dumpstack: allow preemption in show_stack_log_lvl() and dump_trace() Josh Poimboeuf
2016-09-08 7:04 ` Ingo Molnar
2016-09-08 21:47 ` Josh Poimboeuf
2016-09-08 21:49 ` [PATCH v2] " Josh Poimboeuf
2016-09-13 18:29 ` Ingo Molnar
2016-09-13 19:38 ` Josh Poimboeuf
2016-09-14 17:39 ` [tip:x86/asm] x86/dumpstack: Allow " tip-bot for Josh Poimboeuf
2016-09-09 6:11 ` [PATCH 6/6] x86/dumpstack: allow " Ingo Molnar
2016-09-01 13:13 ` [PATCH 0/6] x86/dumpstack: more stack dump improvements Josh Poimboeuf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160901130920.e7ac4jff6swqqbfc@treble \
--to=jpoimboe@redhat.com \
--cc=brgerst@gmail.com \
--cc=byungchul.park@lge.com \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=nilayvaish@gmail.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).