From: "Roberts, William C" <william.c.roberts@intel.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>
Subject: RE: [RFC 00/06] printk: add more new kernel pointer filter options.
Date: Fri, 19 May 2017 20:25:12 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC563362D5CD@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <20170518141323.GD23654@kroah.com>
> -----Original Message-----
> From: Greg KH [mailto:gregkh@linuxfoundation.org]
> Sent: Thursday, May 18, 2017 7:13 AM
> To: Roberts, William C <william.c.roberts@intel.com>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>; kernel-
> hardening@lists.openwall.com; Petr Mladek <pmladek@suse.com>; Sergey
> Senozhatsky <sergey.senozhatsky@gmail.com>; linux-kernel@vger.kernel.org;
> Catalin Marinas <catalin.marinas@arm.com>; Will Deacon
> <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>; Chris Fries
> <cfries@google.com>; Dave Weinstein <olorin@google.com>
> Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
>
> On Tue, May 16, 2017 at 09:36:37PM +0000, Roberts, William C wrote:
> >
> >
> > > -----Original Message-----
> > > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com]
> > > Sent: Wednesday, May 10, 2017 6:38 PM
> > > To: Greg KH <gregkh@linuxfoundation.org>
> > > Cc: kernel-hardening@lists.openwall.com; Petr Mladek
> > > <pmladek@suse.com>; Sergey Senozhatsky
> > > <sergey.senozhatsky@gmail.com>; linux- kernel@vger.kernel.org;
> > > Catalin Marinas <catalin.marinas@arm.com>; Will Deacon
> > > <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>;
> > > Roberts, William C <william.c.roberts@intel.com>; Chris Fries
> > > <cfries@google.com>; Dave Weinstein <olorin@google.com>
> > > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
> > >
> > > Hello Greg,
> > >
> > > On (05/05/17 21:06), Greg KH wrote:
> > > > Here's a short patch series from Chris Fries and Dave Weinstein
> > > > that implement some new restrictions when printing out kernel
> > > > pointers, as well as the ability to whitelist kernel pointers where needed.
> > > >
> > > > These patches are based on work from William Roberts, and also is
> > > > inspired by grsecurity's %pP to specifically whitelist a kernel
> > > > pointer, where it is always needed, like the last patch in the
> > > > series shows, in the UIO drivers (UIO requires that you know the
> > > > address, it's a hardware address, nothing wrong with seeing
> > > > that...)
> > > >
> > > > I haven't done much to this patch series, only forward porting it
> > > > from an older kernel release (4.4) and a few minor tweaks. It
> > > > applies cleanly on top of 4.11 as well as Linus's current
> > > > development tree
> > > > (10502 patches into the 4.12-rc1 merge window). I'm posting it
> > > > now for comments if anyone sees anything wrong with this approach
> > >
> > > overall, I don't see anything wrong.
> > >
> > > > or thinks the things that are being whitelisted should not be?
> > >
> > > can't say for sure, sorry.
> > >
> > > -ss
> >
> > I almost missed this, none of the mail was delivered to my inbox...
>
> Why not? Did I get the address wrong?
I don't think so. I've had weird issues with my Intel email address and mailing
lists before. On the selinux mailing list they kept getting bounces when sending
Me email, but it's only that list. I'm just going to blame it on something within
our corporate network.
>
> > Anyways, I am glad to see this revived and I don't have any Comments
> > besides thanks.
>
> Acks for the patches are always appreciated :)
>
> I'll revise this in the next few weeks and send out a new series.
I see some comments on clarifying the docs that seem spot on.
I'll look at the next series and I will test them, if they look good
to me, I'll ack away :-)
>
> thanks,
>
> greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: "Roberts, William C" <william.c.roberts@intel.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Chris Fries <cfries@google.com>,
Dave Weinstein <olorin@google.com>
Subject: [kernel-hardening] RE: [RFC 00/06] printk: add more new kernel pointer filter options.
Date: Fri, 19 May 2017 20:25:12 +0000 [thread overview]
Message-ID: <476DC76E7D1DF2438D32BFADF679FC563362D5CD@ORSMSX103.amr.corp.intel.com> (raw)
In-Reply-To: <20170518141323.GD23654@kroah.com>
> -----Original Message-----
> From: Greg KH [mailto:gregkh@linuxfoundation.org]
> Sent: Thursday, May 18, 2017 7:13 AM
> To: Roberts, William C <william.c.roberts@intel.com>
> Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>; kernel-
> hardening@lists.openwall.com; Petr Mladek <pmladek@suse.com>; Sergey
> Senozhatsky <sergey.senozhatsky@gmail.com>; linux-kernel@vger.kernel.org;
> Catalin Marinas <catalin.marinas@arm.com>; Will Deacon
> <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>; Chris Fries
> <cfries@google.com>; Dave Weinstein <olorin@google.com>
> Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
>
> On Tue, May 16, 2017 at 09:36:37PM +0000, Roberts, William C wrote:
> >
> >
> > > -----Original Message-----
> > > From: Sergey Senozhatsky [mailto:sergey.senozhatsky.work@gmail.com]
> > > Sent: Wednesday, May 10, 2017 6:38 PM
> > > To: Greg KH <gregkh@linuxfoundation.org>
> > > Cc: kernel-hardening@lists.openwall.com; Petr Mladek
> > > <pmladek@suse.com>; Sergey Senozhatsky
> > > <sergey.senozhatsky@gmail.com>; linux- kernel@vger.kernel.org;
> > > Catalin Marinas <catalin.marinas@arm.com>; Will Deacon
> > > <will.deacon@arm.com>; Steven Rostedt <rostedt@goodmis.org>;
> > > Roberts, William C <william.c.roberts@intel.com>; Chris Fries
> > > <cfries@google.com>; Dave Weinstein <olorin@google.com>
> > > Subject: Re: [RFC 00/06] printk: add more new kernel pointer filter options.
> > >
> > > Hello Greg,
> > >
> > > On (05/05/17 21:06), Greg KH wrote:
> > > > Here's a short patch series from Chris Fries and Dave Weinstein
> > > > that implement some new restrictions when printing out kernel
> > > > pointers, as well as the ability to whitelist kernel pointers where needed.
> > > >
> > > > These patches are based on work from William Roberts, and also is
> > > > inspired by grsecurity's %pP to specifically whitelist a kernel
> > > > pointer, where it is always needed, like the last patch in the
> > > > series shows, in the UIO drivers (UIO requires that you know the
> > > > address, it's a hardware address, nothing wrong with seeing
> > > > that...)
> > > >
> > > > I haven't done much to this patch series, only forward porting it
> > > > from an older kernel release (4.4) and a few minor tweaks. It
> > > > applies cleanly on top of 4.11 as well as Linus's current
> > > > development tree
> > > > (10502 patches into the 4.12-rc1 merge window). I'm posting it
> > > > now for comments if anyone sees anything wrong with this approach
> > >
> > > overall, I don't see anything wrong.
> > >
> > > > or thinks the things that are being whitelisted should not be?
> > >
> > > can't say for sure, sorry.
> > >
> > > -ss
> >
> > I almost missed this, none of the mail was delivered to my inbox...
>
> Why not? Did I get the address wrong?
I don't think so. I've had weird issues with my Intel email address and mailing
lists before. On the selinux mailing list they kept getting bounces when sending
Me email, but it's only that list. I'm just going to blame it on something within
our corporate network.
>
> > Anyways, I am glad to see this revived and I don't have any Comments
> > besides thanks.
>
> Acks for the patches are always appreciated :)
>
> I'll revise this in the next few weeks and send out a new series.
I see some comments on clarifying the docs that seem spot on.
I'll look at the next series and I will test them, if they look good
to me, I'll ack away :-)
>
> thanks,
>
> greg k-h
next prev parent reply other threads:[~2017-05-19 20:25 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-06 4:06 [RFC 00/06] printk: add more new kernel pointer filter options Greg KH
2017-05-06 4:06 ` [kernel-hardening] " Greg KH
2017-05-06 4:06 ` [RFC 1/6] lib: vsprintf: additional kernel pointer filtering options Greg KH
2017-05-06 4:06 ` [kernel-hardening] " Greg KH
2017-05-16 11:58 ` Petr Mladek
2017-05-16 11:58 ` [kernel-hardening] " Petr Mladek
2017-05-18 14:12 ` Greg KH
2017-05-18 14:12 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 2/6] lib: vsprintf: whitelist stack traces Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 10:48 ` Ian Campbell
2017-05-06 4:07 ` [RFC 4/6] lib: vsprintf: default kptr_restrict to the maximum value Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 5/6] lib: vsprintf: Add "%paP", "%padP" options Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-06 4:42 ` Joe Perches
2017-05-06 4:42 ` [kernel-hardening] " Joe Perches
2017-05-06 5:00 ` Greg KH
2017-05-06 5:00 ` [kernel-hardening] " Greg KH
2017-05-16 14:41 ` Petr Mladek
2017-05-16 14:41 ` [kernel-hardening] " Petr Mladek
2017-05-18 14:12 ` Greg KH
2017-05-18 14:12 ` [kernel-hardening] " Greg KH
2017-05-06 4:07 ` [RFC 6/6] drivers: uio: Un-restrict sysfs pointers for UIO Greg KH
2017-05-06 4:07 ` [kernel-hardening] " Greg KH
2017-05-11 1:37 ` [RFC 00/06] printk: add more new kernel pointer filter options Sergey Senozhatsky
2017-05-11 1:37 ` [kernel-hardening] " Sergey Senozhatsky
2017-05-16 21:36 ` Roberts, William C
2017-05-16 21:36 ` [kernel-hardening] " Roberts, William C
2017-05-18 14:13 ` Greg KH
2017-05-18 14:13 ` [kernel-hardening] " Greg KH
2017-05-19 20:25 ` Roberts, William C [this message]
2017-05-19 20:25 ` [kernel-hardening] " Roberts, William C
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=476DC76E7D1DF2438D32BFADF679FC563362D5CD@ORSMSX103.amr.corp.intel.com \
--to=william.c.roberts@intel.com \
--cc=catalin.marinas@arm.com \
--cc=cfries@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olorin@google.com \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.