From: "Tobin C. Harding" <me@tobin.cc>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: kernel-hardening@lists.openwall.com,
"Jason A. Donenfeld" <Jason@zx2c4.com>,
Theodore Ts'o <tytso@mit.edu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Kees Cook <keescook@chromium.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Tycho Andersen <tycho@docker.com>,
"Roberts, William C" <william.c.roberts@intel.com>,
Tejun Heo <tj@kernel.org>,
Jordan Glover <Golden_Miller83@protonmail.ch>,
Greg KH <gregkh@linuxfoundation.org>,
Petr Mladek <pmladek@suse.com>, Joe Perches <joe@perches.com>,
Ian Campbell <ijc@hellion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <wil.deacon@arm.com>, Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>,
Daniel Micay <danielmicay@gmai
Subject: Re: [PATCH] kallsyms: don't leak address when printing symbol
Date: Thu, 9 Nov 2017 16:45:48 +1100 [thread overview]
Message-ID: <20171109054548.GF19752@eros> (raw)
In-Reply-To: <20171108223555.52c01531@vmware.local.home>
On Wed, Nov 08, 2017 at 10:35:55PM -0500, Steven Rostedt wrote:
> On Thu, 9 Nov 2017 12:50:29 +1100
> "Tobin C. Harding" <me@tobin.cc> wrote:
>
> > Currently if a pointer is printed using %p[ssB] and the symbol is not
> > found (kallsyms_lookup() fails) then we print the actual address. This
> > leaks kernel addresses. We should instead print something _safe_.
> >
> > Print "<no-symbol>" instead of kernel address.
>
> Ug, ftrace requires this to work as is, as it uses it to print some
> addresses that may or may not be a symbol.
>
> If anything, can this return a success or failure if it were to find a
> symbol or not, and then something like ftrace could decide to use %x if
> it does not.
Thanks for the feed back Steve. Propagating the error back up through
the call chain may require a little bit of thought so we don't upset the
apple cart. sprint_symbol() never currently (as far as I can see)
returns an error. I can go through the other callers of sprint_symbol()
(there aren't many) and check if it is going to upset anything.
> And yes, ftrace leaks kernel addresses all over the place, that's just
> the nature of tracing the kernel.
Would it be good for you (for this change and future changes aimed at
closing leaks) if any changes like this include patches to ftrace to
maintain the current behaviour?
You have been on the CC list for the printk hashing and what not since
the start I believe so you know I'm a noob, feel free to scream bloody
murder if I'm breaching protocol.
thanks,
Tobin.
next prev parent reply other threads:[~2017-11-09 5:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-09 1:50 [PATCH] kallsyms: don't leak address when printing symbol Tobin C. Harding
2017-11-09 3:35 ` Steven Rostedt
2017-11-09 4:23 ` Sergey Senozhatsky
2017-11-09 5:45 ` Tobin C. Harding [this message]
2017-11-09 18:15 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171109054548.GF19752@eros \
--to=me@tobin.cc \
--cc=Golden_Miller83@protonmail.ch \
--cc=Jason@zx2c4.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=danielmicay@gmai \
--cc=gregkh@linuxfoundation.org \
--cc=ijc@hellion.org.uk \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=olorin@google.com \
--cc=pbonzini@redhat.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@docker.com \
--cc=tytso@mit.edu \
--cc=wil.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).