From patchwork Wed Oct 5 20:52:39 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 9363411 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 13C57607D6 for ; Wed, 5 Oct 2016 20:52:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 060CC28CDE for ; Wed, 5 Oct 2016 20:52:57 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EE78428CE7; Wed, 5 Oct 2016 20:52:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 261A328CDE for ; Wed, 5 Oct 2016 20:52:55 +0000 (UTC) Received: (qmail 17981 invoked by uid 550); 5 Oct 2016 20:52:54 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: kernel-hardening@lists.openwall.com Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 17949 invoked from network); 5 Oct 2016 20:52:52 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:organization:references:date:in-reply-to :message-id:user-agent:mime-version; bh=S3RnKexWQA3Z0wxKp2DkQ5JEckM3TgydpCwsSthP/KA=; b=f+l8O77bfuv2NcQ5DVwvcbiqsdT6VTcjp4GYAbvPIlXfbD3H2Y3C57dV9vUB8fjo0l kexvX+3cSNyAvzhPjP1b7WifQZ6tjdIURZCRePaESxPP0C4yZMfEdeaxkp3FD5joXJ7c SbvGQ7uLONY8M1Ro7UK31Eaz71q4wUfNtN6g8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references:date :in-reply-to:message-id:user-agent:mime-version; bh=S3RnKexWQA3Z0wxKp2DkQ5JEckM3TgydpCwsSthP/KA=; b=V/JpqXaToqGMzpnPl6zULZfmJXdLMyroZH6nG4fbEDCzNi1SNyQ7v/sCW6gpIEE9Ad 9fbNTvoBcEZACbdiDc1Sxu64JJysVNv6OZBohj+2meIPeGqZ+Ku82yF/YM4BO1SMN0// 5bnrbfv70V8slgn6m/kQesOUPpzP+6Wb9x4Ed/R7BeCsn7EtvgFk5EU4yAQhdLO/EV5u 3v11/xOAnIb51i59vA7AKax1zlvuyM1vEs3R47Kvz847wAm4mDqabpxbqpU/Yicx8rkM W6KfD7D+2MfWmXWmhcrzD2OLSRk3Oi6LjyIwVrdiRJAK/kXMpcjL91ZZo+RbPjeG73Av y9Bw== X-Gm-Message-State: AA6/9Rlt/d3+KBHNLWvQ816muGYBKeU0GkXFiXUc/lXXBw6Ryn+oiWWcfSQLVdxU+8Aslg== X-Received: by 10.194.139.236 with SMTP id rb12mr9248455wjb.101.1475700761228; Wed, 05 Oct 2016 13:52:41 -0700 (PDT) From: Rasmus Villemoes To: william.c.roberts@intel.com Cc: kernel-hardening@lists.openwall.com, corbet@lwn.net, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org Organization: D03 References: <1475690686-16138-1-git-send-email-william.c.roberts@intel.com> X-Hashcash: 1:20:161005:kernel-hardening@lists.openwall.com::rcPgSFSdxAOGUa8v:0000000000000000000000000010gV X-Hashcash: 1:20:161005:linux-doc@vger.kernel.org::sUi9QKvzfu7OIlCS:0000000000000000000000000000000000001ypq X-Hashcash: 1:20:161005:william.c.roberts@intel.com::aXwO0ZMvKm1Dwsip:00000000000000000000000000000000003Fl6 X-Hashcash: 1:20:161005:linux-kernel@vger.kernel.org::JZo/Qoh2H3j8b7yU:0000000000000000000000000000000005wM3 X-Hashcash: 1:20:161005:corbet@lwn.net::9PKi9DwJ+2/k/ooO:0007iW9 Date: Wed, 05 Oct 2016 22:52:39 +0200 In-Reply-To: <1475690686-16138-1-git-send-email-william.c.roberts@intel.com> (william c. roberts's message of "Wed, 5 Oct 2016 14:04:46 -0400") Message-ID: <87eg3umsbs.fsf@rasmusvillemoes.dk> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Subject: [kernel-hardening] Re: [PATCH] printk: introduce kptr_restrict level 3 X-Virus-Scanned: ClamAV using ClamSMTP On Wed, Oct 05 2016, william.c.roberts@intel.com wrote: > From: William Roberts > > Some out-of-tree modules do not use %pK and just use %p, as it's > the common C paradigm for printing pointers. Because of this, > kptr_restrict has no affect on the output and thus, no way to > contain the kernel address leak. > > Introduce kptr_restrict level 3 that causes the kernel to > treat %p as if it was %pK and thus always prints zeros. > > Sample Output: > kptr_restrict == 2: > p: 00000000604369f4 > pK: 0000000000000000 > > kptr_restrict == 3: > p: 0000000000000000 > pK: 0000000000000000 > > Signed-off-by: William Roberts > --- > Documentation/sysctl/kernel.txt | 3 ++ > kernel/sysctl.c | 3 +- > lib/vsprintf.c | 107 ++++++++++++++++++++++++---------------- That's a lot of changed lines. Why isn't this just ? --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -1719,6 +1719,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, case 'G': return flags_string(buf, end, ptr, fmt); } + if (kptr_restrict == 3) + ptr = NULL; spec.flags |= SMALL; if (spec.field_width == -1) { spec.field_width = default_width;