linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sandeep Patil <sspatil@google.com>
To: "Theodore Y. Ts'o" <tytso@mit.edu>,
	Steven Rostedt <rostedt@goodmis.org>,
	Jann Horn <jannh@google.com>,
	salyzyn@google.com, Nick Desaulniers <ndesaulniers@google.com>,
	Golden_Miller83@protonmail.ch, Greg KH <greg@kroah.com>,
	Kees Cook <keescook@google.com>,
	salyzyn@android.com, kernel list <linux-kernel@vger.kernel.org>,
	Ingo Molnar <mingo@redhat.com>,
	kernel-team@android.com, stable@vger.kernel.org,
	Kernel Hardening <kernel-hardening@lists.openwall.com>,
	Jeffrey Vander Stoep <jeffv@google.com>
Subject: Re: [PATCH] tracing: do not leak kernel addresses
Date: Mon, 30 Jul 2018 07:35:11 -0700	[thread overview]
Message-ID: <20180730143511.GU190909@sspatil-desktop.mtv.corp.google.com> (raw)
In-Reply-To: <20180728000428.GI13922@thunk.org>

On Fri, Jul 27, 2018 at 08:04:28PM -0400, Theodore Y. Ts'o wrote:
> On Fri, Jul 27, 2018 at 03:05:43PM -0700, Sandeep Patil wrote:
> > On Fri, Jul 27, 2018 at 04:21:14PM -0400, Theodore Y. Ts'o wrote:
> > > On Fri, Jul 27, 2018 at 04:11:03PM -0400, Steven Rostedt wrote:
> > > > That said, I would assume that
> > > > other Android utilities are using other debugfs files for system
> > > > status and such.
> > 
> > As of today, I think a lot of information in 'bugreports' is read
> > out of debugfs (including things like binder stats). We do have a plan
> > to change that.
> 
> Hmm, if it's only for bugreports, maybe it can be only mounted when
> about root processes getting tricked into reading from debugfs.

Yes, that's an interesting idea. May be a quicker way to get ourselves
rid of relying on debugfs. We need some platform cleanup to remove
all debugfs accessing code that's not "debug only" first. That work has been
ongoing ..

> 
> 
> > Indeed, I think it can. However, the problem is the last time I tried to
> > remove this a whole bunch of things just broke. So, it wasn't about losing
> > a functionality here and there. Agree, we need to clean up platform to not use
> > debugfs first. Then we can expect Apps or other native processes to not rely
> > on debugfs at all.
> 
> Is Android controlling access to debugfs files via SELinux?  If so,
> then access to debugfs can be gradually cranked down as use cases are
> removed.

Yes, that's what we've done now, so we know where the code is that depends on
it and working on moving it out. New domains aren't allowed to rely on
debugfs now.

- ssp
> 
> 						- Ted
> 
> 
>    	   	       

      reply	other threads:[~2018-07-30 14:35 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-25 20:22 [PATCH] tracing: do not leak kernel addresses Mark Salyzyn
2018-07-25 21:14 ` Nick Desaulniers
2018-07-26  1:07 ` Steven Rostedt
2018-07-26 15:14   ` Mark Salyzyn
2018-07-26 15:22     ` Steven Rostedt
2018-07-26 16:32       ` Nick Desaulniers
2018-07-26 16:37         ` Steven Rostedt
2018-07-26 16:59           ` Nick Desaulniers
2018-07-26 21:56             ` Nick Desaulniers
2018-07-26 15:31     ` Greg KH
2018-07-26 16:52       ` Nick Desaulniers
2018-07-26 22:15         ` Steven Rostedt
2018-07-27 12:07           ` Jordan Glover
2018-07-27 13:40             ` Jann Horn
2018-07-27 13:47               ` Steven Rostedt
2018-07-27 18:13                 ` Nick Desaulniers
2018-07-27 18:31                   ` Steven Rostedt
     [not found]                     ` <CAMx4XWv3OazvURuN1XU2+5C5tNDzPuTniMn_T=XTA4P8_uwS_A@mail.gmail.com>
2018-07-27 18:47                       ` Jann Horn
2018-07-27 18:58                         ` Jann Horn
2018-07-27 19:54                           ` Theodore Y. Ts'o
2018-07-27 20:11                             ` Steven Rostedt
2018-07-27 20:21                               ` Theodore Y. Ts'o
2018-07-27 20:53                                 ` Steven Rostedt
2018-07-27 22:05                                 ` Sandeep Patil
2018-07-28  0:04                                   ` Theodore Y. Ts'o
2018-07-30 14:35                                     ` Sandeep Patil [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180730143511.GU190909@sspatil-desktop.mtv.corp.google.com \
    --to=sspatil@google.com \
    --cc=Golden_Miller83@protonmail.ch \
    --cc=greg@kroah.com \
    --cc=jannh@google.com \
    --cc=jeffv@google.com \
    --cc=keescook@google.com \
    --cc=kernel-hardening@lists.openwall.com \
    --cc=kernel-team@android.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=ndesaulniers@google.com \
    --cc=rostedt@goodmis.org \
    --cc=salyzyn@android.com \
    --cc=salyzyn@google.com \
    --cc=stable@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).