From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752596AbdEPVgl convert rfc822-to-8bit (ORCPT ); Tue, 16 May 2017 17:36:41 -0400 Received: from mga02.intel.com ([134.134.136.20]:57940 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750924AbdEPVgk (ORCPT ); Tue, 16 May 2017 17:36:40 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.38,350,1491289200"; d="scan'208";a="87644107" From: "Roberts, William C" To: Sergey Senozhatsky , Greg KH CC: "kernel-hardening@lists.openwall.com" , Petr Mladek , "Sergey Senozhatsky" , "linux-kernel@vger.kernel.org" , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein Subject: RE: [RFC 00/06] printk: add more new kernel pointer filter options. Thread-Topic: [RFC 00/06] printk: add more new kernel pointer filter options. Thread-Index: AQHSxh4xwPBipHLZ7kOtIZQW22uXb6Hu13OAgAi1BWA= Date: Tue, 16 May 2017 21:36:37 +0000 Message-ID: <476DC76E7D1DF2438D32BFADF679FC563362B030@ORSMSX103.amr.corp.intel.com> References: <20170506040641.GA32707@kroah.com> <20170511013737.GD801@jagdpanzerIV.localdomain> In-Reply-To: <20170511013737.GD801@jagdpanzerIV.localdomain> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiYjM0NjgxODMtYWUxNi00ZGUxLTkxMmEtZGEzNWVlMDRkYTk5IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE1LjkuNi42IiwiVHJ1c3RlZExhYmVsSGFzaCI6IkVsVUJNa0RSQ2RFa2ZaMG12SUkwbGRYZk4xVXUyaEpyQURXeHMzUEo4V0k9In0= x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 10.0.102.7 dlp-reaction: no-action x-originating-ip: [10.22.254.139] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > -----Original Message----- > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com] > Sent: Wednesday, May 10, 2017 6:38 PM > To: Greg KH > Cc: kernel-hardening@lists.openwall.com; Petr Mladek ; > Sergey Senozhatsky ; linux- > kernel@vger.kernel.org; Catalin Marinas ; Will > Deacon ; Steven Rostedt ; > Roberts, William C ; Chris Fries > ; Dave Weinstein > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options. > > Hello Greg, > > On (05/05/17 21:06), Greg KH wrote: > > Here's a short patch series from Chris Fries and Dave Weinstein that > > implement some new restrictions when printing out kernel pointers, as > > well as the ability to whitelist kernel pointers where needed. > > > > These patches are based on work from William Roberts, and also is > > inspired by grsecurity's %pP to specifically whitelist a kernel > > pointer, where it is always needed, like the last patch in the series > > shows, in the UIO drivers (UIO requires that you know the address, > > it's a hardware address, nothing wrong with seeing that...) > > > > I haven't done much to this patch series, only forward porting it from > > an older kernel release (4.4) and a few minor tweaks. It applies > > cleanly on top of 4.11 as well as Linus's current development tree > > (10502 patches into the 4.12-rc1 merge window). I'm posting it now > > for comments if anyone sees anything wrong with this approach > > overall, I don't see anything wrong. > > > or thinks the things that are being whitelisted should not be? > > can't say for sure, sorry. > > -ss I almost missed this, none of the mail was delivered to my inbox... Anyways, I am glad to see this revived and I don't have any Comments besides thanks. From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Roberts, William C" Date: Tue, 16 May 2017 21:36:37 +0000 Message-ID: <476DC76E7D1DF2438D32BFADF679FC563362B030@ORSMSX103.amr.corp.intel.com> References: <20170506040641.GA32707@kroah.com> <20170511013737.GD801@jagdpanzerIV.localdomain> In-Reply-To: <20170511013737.GD801@jagdpanzerIV.localdomain> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: [kernel-hardening] RE: [RFC 00/06] printk: add more new kernel pointer filter options. To: Sergey Senozhatsky , Greg KH Cc: "kernel-hardening@lists.openwall.com" , Petr Mladek , Sergey Senozhatsky , "linux-kernel@vger.kernel.org" , Catalin Marinas , Will Deacon , Steven Rostedt , Chris Fries , Dave Weinstein List-ID: > -----Original Message----- > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com] > Sent: Wednesday, May 10, 2017 6:38 PM > To: Greg KH > Cc: kernel-hardening@lists.openwall.com; Petr Mladek ; > Sergey Senozhatsky ; linux- > kernel@vger.kernel.org; Catalin Marinas ; Will > Deacon ; Steven Rostedt ; > Roberts, William C ; Chris Fries > ; Dave Weinstein > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter optio= ns. >=20 > Hello Greg, >=20 > On (05/05/17 21:06), Greg KH wrote: > > Here's a short patch series from Chris Fries and Dave Weinstein that > > implement some new restrictions when printing out kernel pointers, as > > well as the ability to whitelist kernel pointers where needed. > > > > These patches are based on work from William Roberts, and also is > > inspired by grsecurity's %pP to specifically whitelist a kernel > > pointer, where it is always needed, like the last patch in the series > > shows, in the UIO drivers (UIO requires that you know the address, > > it's a hardware address, nothing wrong with seeing that...) > > > > I haven't done much to this patch series, only forward porting it from > > an older kernel release (4.4) and a few minor tweaks. It applies > > cleanly on top of 4.11 as well as Linus's current development tree > > (10502 patches into the 4.12-rc1 merge window). I'm posting it now > > for comments if anyone sees anything wrong with this approach >=20 > overall, I don't see anything wrong. >=20 > > or thinks the things that are being whitelisted should not be? >=20 > can't say for sure, sorry. >=20 > -ss I almost missed this, none of the mail was delivered to my inbox... Anyways, I am glad to see this revived and I don't have any Comments besides thanks.