From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752354AbcHZF6H (ORCPT <rfc822;w@1wt.eu>);
        Fri, 26 Aug 2016 01:58:07 -0400
Received: from mx1.redhat.com ([209.132.183.28]:50850 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751668AbcHZF6G (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 26 Aug 2016 01:58:06 -0400
Date: Fri, 26 Aug 2016 00:56:58 -0500
From: Josh Poimboeuf <jpoimboe@redhat.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Kees Cook <keescook@chromium.org>, "H . Peter Anvin" <hpa@zytor.com>,
        Nilay Vaish <nilayvaish@gmail.com>,
        the arch/x86 maintainers <x86@kernel.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Andy Lutomirski <luto@amacapital.net>, Ingo Molnar <mingo@kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Brian Gerst <brgerst@gmail.com>,
        Byungchul Park <byungchul.park@lge.com>,
        Peter Zijlstra <peterz@infradead.org>
Subject: Re: [PATCH 3/6] x86/dumpstack: make printk_stack_address() more
 generally useful
Message-ID: <20160826055658.igc5dghceuwwb6vu@treble>
References: <CA+55aFyaLgbocKa4Ec1J4Z12p4-N66MQGOj-HLaxP8RSW8NOrw@mail.gmail.com>
 <20160824182220.GB10153@twins.programming.kicks-ass.net>
 <CA+55aFzAqoxqzN3eG96qAAMF-qsHe=MWOqi1wK+7Vpq9=-Un1Q@mail.gmail.com>
 <20160824193707.qw7vii3l4ggcfl6d@treble>
 <20160825174904.vfam55lpo7geczqf@treble>
 <CAGXu5j+bU6aioi5AfTX25h0QBz_F_NmugTjW1sdAKrdgPKz8PA@mail.gmail.com>
 <20160825210716.e3p42qm5k4yd3cqb@treble>
 <CA+55aFy3sgA4=ZPhiDWiRMvWj9QPhUd0JBdUr1hm_6G0aSC6uw@mail.gmail.com>
 <20160826031904.ldqgc6bg4g6is4un@treble>
 <CA+55aFw4hfHMNn_vPGwKjUafV42C+H5ba4S29iJvk225etZ1pg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <CA+55aFw4hfHMNn_vPGwKjUafV42C+H5ba4S29iJvk225etZ1pg@mail.gmail.com>
User-Agent: Mutt/1.6.0.1 (2016-04-01)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Fri, 26 Aug 2016 05:57:01 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Aug 25, 2016 at 09:40:12PM -0700, Linus Torvalds wrote:
> On Thu, Aug 25, 2016 at 8:19 PM, Josh Poimboeuf <jpoimboe@redhat.com> wrote:
> > So yes, dmesg_restrict sounds useful to me.  It's a way to prevent users
> > from seeing kernel addresses without affecting my ability to debug
> > issues.  For a locked down system, why would non-root users need to
> > access dmesg anyway?
> 
> That's the point. It is only useful for locked-down systems.
> 
> But that also means that IT IS NOT USEFUL AS A SECURITY ARGUMENT -
> since it's simply not relevant to most systems out there.
> 
> Most systems aren't locked down.

Ok, so maybe removing kernel text addresses from the stack dump wouldn't
be the end of the world.

But I still don't quite understand your statement that dmesg_restrict is
only useful for locked down systems.

To prevent kernel address disclosure, it seems we already rely on the
user setting kptr_restrict today, otherwise I can do cat
/proc/self/stack and the game is already lost, right?

So what's the difference between expecting the user to set kptr_restrict
vs dmesg_restrict?

-- 
Josh