linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Scott Wood <oss@buserror.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
	Jason Yan <yanaijie@huawei.com>, Petr Mladek <pmladek@suse.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
	Rasmus Villemoes <linux@rasmusvillemoes.dk>,
	lkml <linux-kernel@vger.kernel.org>,
	"Tobin C . Harding" <tobin@kernel.org>,
	Daniel Axtens <dja@axtens.net>
Subject: Re: [PATCH v3 0/6] implement KASLR for powerpc/fsl_booke/64
Date: Fri, 06 Mar 2020 12:33:44 -0600	[thread overview]
Message-ID: <78e666fb78604d98252c436e9e3f6a27cff25a9a.camel@buserror.net> (raw)
In-Reply-To: <CAADWXX8guqt=Yz-Lo+qU6Ed0t-mG-B=UkqSDaSr3bH+Q2aOn-Q@mail.gmail.com>

On Thu, 2020-03-05 at 12:51 -0600, Linus Torvalds wrote:
> On Wed, Mar 4, 2020 at 3:16 PM Scott Wood <oss@buserror.net> wrote:
> > 
> > The frustration is with the inability to set a flag to say, "I'm debugging
> > and
> > don't care about leaks... in fact I'd like as much information as possible
> > to
> > leak to me."
> 
> Well, I definitely don't want to tie it to "I turned off kaslr in
> order to help debugging". That just means that now you're debugging a
> kernel that is fundamentally different from what people are running.

One shouldn't *test* with something different from what people are running but
once a problem has been identified I don't see the problem with changing the
kernel to make diagnosis easier (assuming the problem is reproduceable). 
Though I suppose one could just locally apply a "no pointer hashing" patch
when debugging...

> So I'd much rather have people just set a really magic flag, perhaps
> when kgdb is in use or something.
> 
> > In any case, this came up now due to a question about what to use when
> > printing crash dumps.  PowerPC currently prints stack and return addresses
> > with %lx (in addition to %pS in the latter case) and someone proposed
> > converting them to %p and/or removing them altogether.
> 
> Please just use '%pS'.
> 
> The symbol and offset is what is useful when users send crash-dumps.
> The hex value is entirely pointless with kaslr - which should
> basically be the default.
> 
> Note that this isn't about security at that point - crash dumps are
> something that shouldn't happen, but if they do happen, we want the
> pointers. But the random hex value just isn't _useful_, so it's just
> making things less legible.

Losing %lx on the return address would be a minor annoyance (harder to verify
that you're looking at the right stack frame in a dump, more steps to look up
the line number when modules and kaslr aren't involved, etc), but %pS doesn't
help with stack addresses themselves -- and yes, digging into the actual stack
data (via kdump, external debugger, etc.) is sometimes useful.  Maybe
condition it on it being an actual crash dump and not some other caller of
show_stack()?

-Scott



  reply	other threads:[~2020-03-06 18:38 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-04 12:47 [PATCH] vfsprintf: only hash addresses in security environment Jason Yan
2020-03-04 15:12 ` Andy Shevchenko
2020-03-04 18:34 ` Kees Cook
2020-03-04 21:11   ` [PATCH v3 0/6] implement KASLR for powerpc/fsl_booke/64 Scott Wood
2020-03-04 22:36     ` Kees Cook
2020-03-05 18:51     ` Linus Torvalds
2020-03-06 18:33       ` Scott Wood [this message]
  -- strict thread matches above, loose matches on Subject: below --
2020-02-06  2:58 Jason Yan
2020-02-13  3:00 ` Jason Yan
2020-02-20  3:33   ` Jason Yan
2020-02-26  7:16 ` Daniel Axtens
2020-02-26  8:18   ` Jason Yan
2020-02-26 11:41     ` Daniel Axtens
2020-02-27  1:55       ` Jason Yan
2020-02-28  5:53     ` Scott Wood
2020-02-28  6:47       ` Jason Yan
2020-02-29  4:28         ` Scott Wood
2020-02-29  7:27           ` Jason Yan
2020-02-29 22:54             ` Scott Wood
2020-03-02  2:17               ` Jason Yan
2020-03-02  3:24                 ` Scott Wood
2020-03-02  7:12                   ` Jason Yan
2020-03-02  8:47                     ` Scott Wood
2020-03-02  9:37                       ` Jason Yan
2020-03-04 21:21   ` Scott Wood
2020-03-05  3:22     ` Jason Yan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=78e666fb78604d98252c436e9e3f6a27cff25a9a.camel@buserror.net \
    --to=oss@buserror.net \
    --cc=andriy.shevchenko@linux.intel.com \
    --cc=dja@axtens.net \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=pmladek@suse.com \
    --cc=rostedt@goodmis.org \
    --cc=sergey.senozhatsky@gmail.com \
    --cc=tobin@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=yanaijie@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).