| Message ID | 20200226215039.2842351-1-nivedita@alum.mit.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/mm/init_32: Don't print out kernel memory layout if KASLR | expand |
Arvind Sankar said: > For security, only show the virtual kernel memory layout if KASLR is > disabled. These have been entirely removed on other architectures, so let's just do the same for ia32 and remove it unconditionally. 071929dbdd86 ("arm64: Stop printing the virtual memory layout") 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") -Kees
On Sat, Feb 29, 2020 at 03:51:45PM -0800, Kees Cook wrote: > Arvind Sankar said: > > For security, only show the virtual kernel memory layout if KASLR is > > disabled. > > These have been entirely removed on other architectures, so let's > just do the same for ia32 and remove it unconditionally. > > 071929dbdd86 ("arm64: Stop printing the virtual memory layout") > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") > > -Kees > > -- > Kees Cook microblaze (arch/microblaze/mm/init.c) and PPC32 (arch/powerpc/mm/mem.c) appear to still print it out. I can't test those, but will resubmit x86-32 with it removed.
On Sat, Feb 29, 2020 at 07:11:23PM -0500, Arvind Sankar wrote: > On Sat, Feb 29, 2020 at 03:51:45PM -0800, Kees Cook wrote: > > Arvind Sankar said: > > > For security, only show the virtual kernel memory layout if KASLR is > > > disabled. > > > > These have been entirely removed on other architectures, so let's > > just do the same for ia32 and remove it unconditionally. > > > > 071929dbdd86 ("arm64: Stop printing the virtual memory layout") > > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") > > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") > > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") > > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") > > > > -Kees > > > > -- > > Kees Cook > > microblaze (arch/microblaze/mm/init.c) and PPC32 (arch/powerpc/mm/mem.c) > appear to still print it out. I can't test those, but will resubmit > x86-32 with it removed. Might as well fix those up too. :)
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c index 23df4885bbed..53635be69102 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -788,6 +788,10 @@ void __init mem_init(void) x86_init.hyper.init_after_bootmem(); mem_init_print_info(NULL); + + if (kaslr_enabled()) + goto skip_layout; + printk(KERN_INFO "virtual kernel memory layout:\n" " fixmap : 0x%08lx - 0x%08lx (%4ld kB)\n" " cpu_entry : 0x%08lx - 0x%08lx (%4ld kB)\n" @@ -827,6 +831,7 @@ void __init mem_init(void) (unsigned long)&_text, (unsigned long)&_etext, ((unsigned long)&_etext - (unsigned long)&_text) >> 10); +skip_layout: /* * Check boundaries twice: Some fundamental inconsistencies can * be detected at build time already.
For security, only show the virtual kernel memory layout if KASLR is disabled. Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu> --- arch/x86/mm/init_32.c | 5 +++++ 1 file changed, 5 insertions(+)