From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kaiwan N Billimoria Date: Sun, 08 Mar 2020 12:29:50 +0000 Subject: Re: [PATCH] sh: Stop printing the virtual memory layout Message-Id: List-Id: References: <202003021038.8F0369D907@keescook> <20200305151010.835954-1-nivedita@alum.mit.edu> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: John Paul Adrian Glaubitz Cc: Arvind Sankar , Kees Cook , "Tobin C . Harding" , Tycho Andersen , Kernel Hardening , Yoshinori Sato , Rich Felker , linux-sh@vger.kernel.org, Linux Kernel Mailing List On Thu, Mar 5, 2020 at 8:48 PM John Paul Adrian Glaubitz wrote: > > On 3/5/20 4:10 PM, Arvind Sankar wrote: > > For security, don't display the kernel's virtual memory layout. > > > > Kees Cook points out: > > "These have been entirely removed on other architectures, so let's > > just do the same for ia32 and remove it unconditionally." > > > > 071929dbdd86 ("arm64: Stop printing the virtual memory layout") > > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") > > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") > > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") > > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") > Aww, why wasn't this made configurable? I found these memory map printouts > very useful for development. Same here! IMO, the kernel segment layout is useful for devs/debug purposes. Perhaps: a) all these printk's could be gathered into one function and invoked only when DEBUG (or equivalent) is defined? b) else, the s/pr_info/pr_devel approach with %pK should be good? -Kaiwan. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5002C10DCE for ; Sun, 8 Mar 2020 12:25:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 907E420663 for ; Sun, 8 Mar 2020 12:25:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726296AbgCHMZe (ORCPT ); Sun, 8 Mar 2020 08:25:34 -0400 Received: from sg2plout10-02.prod.sin2.secureserver.net ([182.50.145.5]:60616 "EHLO sg2plout10-02.prod.sin2.secureserver.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726213AbgCHMZd (ORCPT ); Sun, 8 Mar 2020 08:25:33 -0400 X-Greylist: delayed 440 seconds by postgrey-1.27 at vger.kernel.org; Sun, 08 Mar 2020 08:25:33 EDT Received: from mail-oi1-f172.google.com ([209.85.167.172]) by :SMTPAUTH: with ESMTPSA id AushjL9TYO6ZBAuskjSSOO; Sun, 08 Mar 2020 05:18:11 -0700 X-CMAE-Analysis: v=2.3 cv=BaWmLYl2 c=1 sm=1 tr=0 a=Y+b99WSDUBXwRGtcog24Ag==:117 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SS2py6AdgQ4A:10 a=1_j9CwCaYTysT8vyirYA:9 a=QEXdDO2ut3YA:10 X-SECURESERVER-ACCT: kaiwan@kaiwantech.com Received: by mail-oi1-f172.google.com with SMTP id l12so7374731oil.9; Sun, 08 Mar 2020 05:18:10 -0700 (PDT) X-Gm-Message-State: ANhLgQ0qMGNtbgT0CLSw7vFCRkXqWhn8Tv1o7mrYdIm0JByBZM66CeVW aBi5pUB+1C3DzKJxidAisBPB2IvvO2FEX6njS90= X-Google-Smtp-Source: ADFU+vtZnWMkbiL1bXf+FNyxSs2l/kh0C8lBmhrcLdSBCJkRlC3KOJuhCbp7XEyp4s5Om4jf+N/09525fkXc4ZKhqvc= X-Received: by 2002:aca:5044:: with SMTP id e65mr8541289oib.28.1583669887378; Sun, 08 Mar 2020 05:18:07 -0700 (PDT) MIME-Version: 1.0 References: <202003021038.8F0369D907@keescook> <20200305151010.835954-1-nivedita@alum.mit.edu> In-Reply-To: From: Kaiwan N Billimoria Date: Sun, 8 Mar 2020 17:47:50 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] sh: Stop printing the virtual memory layout To: John Paul Adrian Glaubitz Cc: Arvind Sankar , Kees Cook , "Tobin C . Harding" , Tycho Andersen , Kernel Hardening , Yoshinori Sato , Rich Felker , linux-sh@vger.kernel.org, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" X-CMAE-Envelope: MS4wfA50qyIlkVVHqwvhiVy51LCaeXikHE5ZfTHtJvQTeBKBpAxc3GA5+SHnjOiUpG4oZ00GXu12yjgqmiWDaw2sy0G1CK2UJ6H2oPsgrMOQUtKUF4nr+Pcf fN+MoFxTSylJOAo3i4JthnH6SMKgdVx3I5bgd4i9ByHqA7m2lT/3ZZp22V4ZBXChA36IplHl/lTN5ge6JRvBTfU8sB8dwBuUr5weO7herzpDdEttfo/bp+3m i+drPBLWNmwItSVko4UtZQ== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 5, 2020 at 8:48 PM John Paul Adrian Glaubitz wrote: > > On 3/5/20 4:10 PM, Arvind Sankar wrote: > > For security, don't display the kernel's virtual memory layout. > > > > Kees Cook points out: > > "These have been entirely removed on other architectures, so let's > > just do the same for ia32 and remove it unconditionally." > > > > 071929dbdd86 ("arm64: Stop printing the virtual memory layout") > > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") > > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") > > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") > > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") > Aww, why wasn't this made configurable? I found these memory map printouts > very useful for development. Same here! IMO, the kernel segment layout is useful for devs/debug purposes. Perhaps: a) all these printk's could be gathered into one function and invoked only when DEBUG (or equivalent) is defined? b) else, the s/pr_info/pr_devel approach with %pK should be good? -Kaiwan. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25CD0C10DCE for ; Sun, 8 Mar 2020 12:18:35 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 745112084E for ; Sun, 8 Mar 2020 12:18:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 745112084E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kaiwantech.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-18104-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 19918 invoked by uid 550); 8 Mar 2020 12:18:26 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 19880 invoked from network); 8 Mar 2020 12:18:25 -0000 X-CMAE-Analysis: v=2.3 cv=BaWmLYl2 c=1 sm=1 tr=0 a=Y+b99WSDUBXwRGtcog24Ag==:117 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=SS2py6AdgQ4A:10 a=1_j9CwCaYTysT8vyirYA:9 a=QEXdDO2ut3YA:10 X-SECURESERVER-ACCT: kaiwan@kaiwantech.com X-Gm-Message-State: ANhLgQ3TKSU83dN5knLO+QOjFG//+yoyhwfkuSiEOjSug/w3LRkCJzFm AIkUOOUpmxM40sPFdnQ8ae2xBH72RseM7Pzufow= X-Google-Smtp-Source: ADFU+vtZnWMkbiL1bXf+FNyxSs2l/kh0C8lBmhrcLdSBCJkRlC3KOJuhCbp7XEyp4s5Om4jf+N/09525fkXc4ZKhqvc= X-Received: by 2002:aca:5044:: with SMTP id e65mr8541289oib.28.1583669887378; Sun, 08 Mar 2020 05:18:07 -0700 (PDT) MIME-Version: 1.0 References: <202003021038.8F0369D907@keescook> <20200305151010.835954-1-nivedita@alum.mit.edu> In-Reply-To: From: Kaiwan N Billimoria Date: Sun, 8 Mar 2020 17:47:50 +0530 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] sh: Stop printing the virtual memory layout To: John Paul Adrian Glaubitz Cc: Arvind Sankar , Kees Cook , "Tobin C . Harding" , Tycho Andersen , Kernel Hardening , Yoshinori Sato , Rich Felker , linux-sh@vger.kernel.org, Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" X-CMAE-Envelope: MS4wfEpHFXeTJaEAZdXiWOnJrDqTUmChY95jfii4FNgvenyqyQCXhYPyh8A/Hd3FUScUqJB23DMcJaJx5UYtf5vVx5680OArOdeKA7+ygN+C9OLqvZCHwWZk kSZlaRjKsG5IAaRvwF/LnPwcGVGSy1UcC2cyMQCIrUGMSeZ4oeE5cBBBxJMKyDo3h5Q2Ac9FFWOpKdDrsoUCpU1rx3v/ZR1n/7k= On Thu, Mar 5, 2020 at 8:48 PM John Paul Adrian Glaubitz wrote: > > On 3/5/20 4:10 PM, Arvind Sankar wrote: > > For security, don't display the kernel's virtual memory layout. > > > > Kees Cook points out: > > "These have been entirely removed on other architectures, so let's > > just do the same for ia32 and remove it unconditionally." > > > > 071929dbdd86 ("arm64: Stop printing the virtual memory layout") > > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout") > > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout") > > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout") > > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()") > Aww, why wasn't this made configurable? I found these memory map printouts > very useful for development. Same here! IMO, the kernel segment layout is useful for devs/debug purposes. Perhaps: a) all these printk's could be gathered into one function and invoked only when DEBUG (or equivalent) is defined? b) else, the s/pr_info/pr_devel approach with %pK should be good? -Kaiwan.