x86/mm/init: Stop printing pgt_buf addresses

Message ID	20200229231120.1147527-1-nivedita@alum.mit.edu (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=agvL=4R=lists.openwall.com=kernel-hardening-return-18025-patchwork-kernel-hardening=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E97E524672 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk From: Arvind Sankar <nivedita@alum.mit.edu> To: "Tobin C . Harding" <me@tobin.cc>, Tycho Andersen <tycho@tycho.ws> Cc: kernel-hardening@lists.openwall.com, Kees Cook <keescook@chromium.org>, Dave Hansen <dave.hansen@linux.intel.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, x86@kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] x86/mm/init: Stop printing pgt_buf addresses Date: Sat, 29 Feb 2020 18:11:20 -0500 Message-Id: <20200229231120.1147527-1-nivedita@alum.mit.edu> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	x86/mm/init: Stop printing pgt_buf addresses \| expand x86/mm/init: Stop printing pgt_buf addresses

Message ID

20200229231120.1147527-1-nivedita@alum.mit.edu (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E97E524672
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
From: Arvind Sankar <nivedita@alum.mit.edu>
To: "Tobin C . Harding" <me@tobin.cc>,
	Tycho Andersen <tycho@tycho.ws>
Cc: kernel-hardening@lists.openwall.com,
	Kees Cook <keescook@chromium.org>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Andy Lutomirski <luto@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	x86@kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] x86/mm/init: Stop printing pgt_buf addresses
Date: Sat, 29 Feb 2020 18:11:20 -0500
Message-Id: <20200229231120.1147527-1-nivedita@alum.mit.edu>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

x86/mm/init: Stop printing pgt_buf addresses | expand

Comments

Kees Cook Feb. 29, 2020, 11:23 p.m. UTC | #1

On Sat, Feb 29, 2020 at 06:11:20PM -0500, Arvind Sankar wrote:
> This currently leaks kernel physical addresses into userspace.
> 
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  arch/x86/mm/init.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index e7bb483557c9..dc4711f09cdc 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -121,8 +121,6 @@ __ref void *alloc_low_pages(unsigned int num)
>  	} else {
>  		pfn = pgt_buf_end;
>  		pgt_buf_end += num;
> -		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
> -			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
>  	}
>  
>  	for (i = 0; i < num; i++) {
> -- 
> 2.24.1
>

Arvind Sankar April 9, 2020, 10:19 p.m. UTC | #2

On Sat, Feb 29, 2020 at 06:11:20PM -0500, Arvind Sankar wrote:
> This currently leaks kernel physical addresses into userspace.
> 
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> ---
>  arch/x86/mm/init.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index e7bb483557c9..dc4711f09cdc 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -121,8 +121,6 @@ __ref void *alloc_low_pages(unsigned int num)
>  	} else {
>  		pfn = pgt_buf_end;
>  		pgt_buf_end += num;
> -		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
> -			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
>  	}
>  
>  	for (i = 0; i < num; i++) {
> -- 
> 2.24.1
> 

This was acked by Kees, is it ok for merge?

Thanks.

Dave Hansen April 9, 2020, 10:35 p.m. UTC | #3

On 4/9/20 3:19 PM, Arvind Sankar wrote:
>> @@ -121,8 +121,6 @@ __ref void *alloc_low_pages(unsigned int num)
>>  	} else {
>>  		pfn = pgt_buf_end;
>>  		pgt_buf_end += num;
>> -		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
>> -			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
>>  	}
>>  
>>  	for (i = 0; i < num; i++) {
>> -- 
>> 2.24.1
>>
> This was acked by Kees, is it ok for merge?

Independent of the obvious security implications, I don't think I've
ever once gleaned useful information from that message.  It's fine by me.

Acked-by: Dave Hansen <dave.hansen@intel.com>

Arvind Sankar May 23, 2020, 1:51 a.m. UTC | #4

On Sat, Feb 29, 2020 at 06:11:20PM -0500, Arvind Sankar wrote:
> This currently leaks kernel physical addresses into userspace.
> 
> Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> ---
>  arch/x86/mm/init.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index e7bb483557c9..dc4711f09cdc 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -121,8 +121,6 @@ __ref void *alloc_low_pages(unsigned int num)
>  	} else {
>  		pfn = pgt_buf_end;
>  		pgt_buf_end += num;
> -		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
> -			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
>  	}
>  
>  	for (i = 0; i < num; i++) {
> -- 
> 2.24.1
> 

Ping.

https://lore.kernel.org/lkml/20200229231120.1147527-1-nivedita@alum.mit.edu/

Joe Perches May 23, 2020, 2:57 a.m. UTC | #5

On Fri, 2020-05-22 at 21:51 -0400, Arvind Sankar wrote:
> On Sat, Feb 29, 2020 at 06:11:20PM -0500, Arvind Sankar wrote:
> > This currently leaks kernel physical addresses into userspace.
> > 
> > Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
> > ---
> >  arch/x86/mm/init.c | 2 --
> >  1 file changed, 2 deletions(-)
> > 
> > diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> > index e7bb483557c9..dc4711f09cdc 100644
> > --- a/arch/x86/mm/init.c
> > +++ b/arch/x86/mm/init.c
> > @@ -121,8 +121,6 @@ __ref void *alloc_low_pages(unsigned int num)
> >  	} else {
> >  		pfn = pgt_buf_end;
> >  		pgt_buf_end += num;
> > -		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
> > -			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
> >  	}
> >  
> >  	for (i = 0; i < num; i++) {
> > -- 
> > 2.24.1
> > 
> 
> Ping.
> 
> https://lore.kernel.org/lkml/20200229231120.1147527-1-nivedita@alum.mit.edu/

If this output is at all valuable,
perhaps emit them as hashed pointers?

Maybe:

---
 arch/x86/mm/init.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 1bba16c5742b..44f0d6592c7e 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -121,8 +121,9 @@ __ref void *alloc_low_pages(unsigned int num)
 	} else {
 		pfn = pgt_buf_end;
 		pgt_buf_end += num;
-		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
-			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
+		printk(KERN_DEBUG "BRK [0x%8p, 0x%8p] PGTABLE\n",
+		       (void *)(pfn << PAGE_SHIFT),
+		       (void *)((pgt_buf_end << PAGE_SHIFT) - 1));
 	}
 
 	for (i = 0; i < num; i++) {

diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index e7bb483557c9..dc4711f09cdc 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -121,8 +121,6 @@  __ref void *alloc_low_pages(unsigned int num)
 	} else {
 		pfn = pgt_buf_end;
 		pgt_buf_end += num;
-		printk(KERN_DEBUG "BRK [%#010lx, %#010lx] PGTABLE\n",
-			pfn << PAGE_SHIFT, (pgt_buf_end << PAGE_SHIFT) - 1);
 	}
 
 	for (i = 0; i < num; i++) {

x86/mm/init: Stop printing pgt_buf addresses

Commit Message

Comments

Patch