All of lore.kernel.org
 help / color / mirror / Atom feed
* Potential info leak: Kernel pointer leak?
@ 2019-01-22 13:25 Fuqian Huang
  2019-01-23 12:24 ` Vinod Koul
  0 siblings, 1 reply; 3+ messages in thread
From: Fuqian Huang @ 2019-01-22 13:25 UTC (permalink / raw)
  To: linux-kernel, dmaengine, linux-soc, linux-arm-msm

Hi, recently I came across some code and it seems to be able to leak
kernel address?
Is the following code cause info leak in the Linux kernel?
The callback function address is printed to debugfs.
The local user could know the kernel object address, and is able to
bypass kASLR.
linux-4.14.90
drivers/dma/qcom/hidma_dbg.c:46
function - hidma_ll_chstats

The hidma_ll_chstats function in drivers/dma/qcom/hidma_dbg.c in the
Linux kernel 4.14.90 allows local users to obtain sensitive address
information by reading "callback=" lines in a debugfs file.

Similar to CVE-2018-7754

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Potential info leak: Kernel pointer leak?
  2019-01-22 13:25 Potential info leak: Kernel pointer leak? Fuqian Huang
@ 2019-01-23 12:24 ` Vinod Koul
  2019-01-23 15:01   ` Marc Gonzalez
  0 siblings, 1 reply; 3+ messages in thread
From: Vinod Koul @ 2019-01-23 12:24 UTC (permalink / raw)
  To: Fuqian Huang; +Cc: linux-kernel, dmaengine, linux-soc, linux-arm-msm

On 22-01-19, 21:25, Fuqian Huang wrote:
> Hi, recently I came across some code and it seems to be able to leak
> kernel address?
> Is the following code cause info leak in the Linux kernel?
> The callback function address is printed to debugfs.
> The local user could know the kernel object address, and is able to
> bypass kASLR.
> linux-4.14.90
> drivers/dma/qcom/hidma_dbg.c:46
> function - hidma_ll_chstats

Doesnt %p not print kernel addresses anymore, see
Documentation/core-api/printk-formats.rst

> 
> The hidma_ll_chstats function in drivers/dma/qcom/hidma_dbg.c in the
> Linux kernel 4.14.90 allows local users to obtain sensitive address
> information by reading "callback=" lines in a debugfs file.
> 
> Similar to CVE-2018-7754

-- 
~Vinod

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Potential info leak: Kernel pointer leak?
  2019-01-23 12:24 ` Vinod Koul
@ 2019-01-23 15:01   ` Marc Gonzalez
  0 siblings, 0 replies; 3+ messages in thread
From: Marc Gonzalez @ 2019-01-23 15:01 UTC (permalink / raw)
  To: Vinod Koul, Fuqian Huang; +Cc: LKML, MSM, DMA

On 23/01/2019 13:24, Vinod Koul wrote:

> On 22-01-19, 21:25, Fuqian Huang wrote:
>
>> Recently I came across some code and it seems to be able to leak kernel address?
>> Is the following code cause info leak in the Linux kernel?
>> linux-4.14.90
> 
> Doesn't %p not print kernel addresses anymore, see
> Documentation/core-api/printk-formats.rst

Commit ad67b74d2469d9b82aaa ("printk: hash addresses printed with %p")
was merged in v4.15-rc2 and not backported to v4.14 AFAICT.

Regards.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-23 15:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-22 13:25 Potential info leak: Kernel pointer leak? Fuqian Huang
2019-01-23 12:24 ` Vinod Koul
2019-01-23 15:01   ` Marc Gonzalez

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.