From: Greg KH <gregkh@linuxfoundation.org>
To: "Roberts, William C" <william.c.roberts@intel.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>
Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
Date: Thu, 18 May 2017 16:13:23 +0200 [thread overview]
Message-ID: <20170518141323.GD23654@kroah.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC563362B030@ORSMSX103.amr.corp.intel.com>
On Tue, May 16, 2017 at 09:36:37PM +0000, Roberts, William C wrote:
>
>
> > -----Original Message-----
> > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com]
> > Sent: Wednesday, May 10, 2017 6:38 PM
> > To: Greg KH <gregkh@linuxfoundation.org>
> > Cc: kernel-hardening@lists.openwall.com; Petr Mladek <pmladek@suse.com>;
> > Sergey Senozhatsky <sergey.senozhatsky@gmail.com>; linux-
> > kernel@vger.kernel.org; Catalin Marinas <catalin.marinas@arm.com>; Will
> > Deacon <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>;
> > Roberts, William C <william.c.roberts@intel.com>; Chris Fries
> > <cfries@google.com>; Dave Weinstein <olorin@google.com>
> > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
> >
> > Hello Greg,
> >
> > On (05/05/17 21:06), Greg KH wrote:
> > > Here's a short patch series from Chris Fries and Dave Weinstein that
> > > implement some new restrictions when printing out kernel pointers, as
> > > well as the ability to whitelist kernel pointers where needed.
> > >
> > > These patches are based on work from William Roberts, and also is
> > > inspired by grsecurity's %pP to specifically whitelist a kernel
> > > pointer, where it is always needed, like the last patch in the series
> > > shows, in the UIO drivers (UIO requires that you know the address,
> > > it's a hardware address, nothing wrong with seeing that...)
> > >
> > > I haven't done much to this patch series, only forward porting it from
> > > an older kernel release (4.4) and a few minor tweaks. It applies
> > > cleanly on top of 4.11 as well as Linus's current development tree
> > > (10502 patches into the 4.12-rc1 merge window). I'm posting it now
> > > for comments if anyone sees anything wrong with this approach
> >
> > overall, I don't see anything wrong.
> >
> > > or thinks the things that are being whitelisted should not be?
> >
> > can't say for sure, sorry.
> >
> > -ss
>
> I almost missed this, none of the mail was delivered to my inbox...
Why not? Did I get the address wrong?
> Anyways, I am glad to see this revived and I don't have any
> Comments besides thanks.
Acks for the patches are always appreciated :)
I'll revise this in the next few weeks and send out a new series.
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@linuxfoundation.org>
To: "Roberts, William C" <william.c.roberts@intel.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>
Subject: [kernel-hardening] Re: [RFC 00/06] printk: add more new kernel pointer filter options.
Date: Thu, 18 May 2017 16:13:23 +0200 [thread overview]
Message-ID: <20170518141323.GD23654@kroah.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC563362B030@ORSMSX103.amr.corp.intel.com>
On Tue, May 16, 2017 at 09:36:37PM +0000, Roberts, William C wrote:
>
>
> > -----Original Message-----
> > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com]
> > Sent: Wednesday, May 10, 2017 6:38 PM
> > To: Greg KH <gregkh@linuxfoundation.org>
> > Cc: kernel-hardening@lists.openwall.com; Petr Mladek <pmladek@suse.com>;
> > Sergey Senozhatsky <sergey.senozhatsky@gmail.com>; linux-
> > kernel@vger.kernel.org; Catalin Marinas <catalin.marinas@arm.com>; Will
> > Deacon <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>;
> > Roberts, William C <william.c.roberts@intel.com>; Chris Fries
> > <cfries@google.com>; Dave Weinstein <olorin@google.com>
> > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
> >
> > Hello Greg,
> >
> > On (05/05/17 21:06), Greg KH wrote:
> > > Here's a short patch series from Chris Fries and Dave Weinstein that
> > > implement some new restrictions when printing out kernel pointers, as
> > > well as the ability to whitelist kernel pointers where needed.
> > >
> > > These patches are based on work from William Roberts, and also is
> > > inspired by grsecurity's %pP to specifically whitelist a kernel
> > > pointer, where it is always needed, like the last patch in the series
> > > shows, in the UIO drivers (UIO requires that you know the address,
> > > it's a hardware address, nothing wrong with seeing that...)
> > >
> > > I haven't done much to this patch series, only forward porting it from
> > > an older kernel release (4.4) and a few minor tweaks. It applies
> > > cleanly on top of 4.11 as well as Linus's current development tree
> > > (10502 patches into the 4.12-rc1 merge window). I'm posting it now
> > > for comments if anyone sees anything wrong with this approach
> >
> > overall, I don't see anything wrong.
> >
> > > or thinks the things that are being whitelisted should not be?
> >
> > can't say for sure, sorry.
> >
> > -ss
>
> I almost missed this, none of the mail was delivered to my inbox...
Why not? Did I get the address wrong?
> Anyways, I am glad to see this revived and I don't have any
> Comments besides thanks.
Acks for the patches are always appreciated :)
I'll revise this in the next few weeks and send out a new series.
thanks,
greg k-h
next prev parent reply other threads:[~2017-05-18 14:13 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-06 4:06 [RFC 00/06] printk: add more new kernel pointer filter options Greg KH
2017-05-06 4:06 ` [kernel-hardening] " Greg KH
2017-05-06 4:06 ` [RFC 1/6] lib: vsprintf: additional kernel pointer filtering options Greg KH
2017-05-06 4:06 ` [kernel-hardening] " Greg KH
2017-05-16 11:58 ` Petr Mladek
2017-05-16 11:58 ` [kernel-hardening] " Petr Mladek
2017-05-18 14:12 ` Greg KH
2017-05-18 14:12 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 2/6] lib: vsprintf: whitelist stack traces Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 10:48 ` Ian Campbell
2017-05-06 4:07 ` [RFC 4/6] lib: vsprintf: default kptr_restrict to the maximum value Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 5/6] lib: vsprintf: Add "%paP", "%padP" options Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:42 ` Joe Perches
2017-05-06 4:42 ` [kernel-hardening] " Joe Perches
2017-05-06 5:00 ` Greg KH
2017-05-06 5:00 ` [kernel-hardening] " Greg KH
2017-05-16 14:41 ` Petr Mladek
2017-05-16 14:41 ` [kernel-hardening] " Petr Mladek
2017-05-18 14:12 ` Greg KH
2017-05-18 14:12 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 6/6] drivers: uio: Un-restrict sysfs pointers for UIO Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-11 1:37 ` [RFC 00/06] printk: add more new kernel pointer filter options Sergey Senozhatsky
2017-05-11 1:37 ` [kernel-hardening] " Sergey Senozhatsky
2017-05-16 21:36 ` Roberts, William C
2017-05-16 21:36 ` [kernel-hardening] " Roberts, William C
2017-05-18 14:13 ` Greg KH [this message]
2017-05-18 14:13 ` [kernel-hardening] " Greg KH
2017-05-19 20:25 ` Roberts, William C
2017-05-19 20:25 ` [kernel-hardening] " Roberts, William C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170518141323.GD23654@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olorin@google.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=will.deacon@arm.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.