x86/mm/init_32: Don't print out kernel memory layout if KASLR
diff mbox series

Message ID 20200226215039.2842351-1-nivedita@alum.mit.edu
State New
Headers show
Series
  • x86/mm/init_32: Don't print out kernel memory layout if KASLR
Related show

Commit Message

Arvind Sankar Feb. 26, 2020, 9:50 p.m. UTC
For security, only show the virtual kernel memory layout if KASLR is
disabled.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
---
 arch/x86/mm/init_32.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Kees Cook Feb. 29, 2020, 11:51 p.m. UTC | #1
Arvind Sankar said:
> For security, only show the virtual kernel memory layout if KASLR is
> disabled.

These have been entirely removed on other architectures, so let's
just do the same for ia32 and remove it unconditionally.

071929dbdd86 ("arm64: Stop printing the virtual memory layout")
1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout")
31833332f798 ("m68k/mm: Stop printing the virtual memory layout")
fd8d0ca25631 ("parisc: Hide virtual kernel memory layout")
adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()")

-Kees
Arvind Sankar March 1, 2020, 12:11 a.m. UTC | #2
On Sat, Feb 29, 2020 at 03:51:45PM -0800, Kees Cook wrote:
> Arvind Sankar said:
> > For security, only show the virtual kernel memory layout if KASLR is
> > disabled.
> 
> These have been entirely removed on other architectures, so let's
> just do the same for ia32 and remove it unconditionally.
> 
> 071929dbdd86 ("arm64: Stop printing the virtual memory layout")
> 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout")
> 31833332f798 ("m68k/mm: Stop printing the virtual memory layout")
> fd8d0ca25631 ("parisc: Hide virtual kernel memory layout")
> adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()")
> 
> -Kees
> 
> -- 
> Kees Cook

microblaze (arch/microblaze/mm/init.c) and PPC32 (arch/powerpc/mm/mem.c)
appear to still print it out. I can't test those, but will resubmit
x86-32 with it removed.
Kees Cook March 2, 2020, 6:38 p.m. UTC | #3
On Sat, Feb 29, 2020 at 07:11:23PM -0500, Arvind Sankar wrote:
> On Sat, Feb 29, 2020 at 03:51:45PM -0800, Kees Cook wrote:
> > Arvind Sankar said:
> > > For security, only show the virtual kernel memory layout if KASLR is
> > > disabled.
> > 
> > These have been entirely removed on other architectures, so let's
> > just do the same for ia32 and remove it unconditionally.
> > 
> > 071929dbdd86 ("arm64: Stop printing the virtual memory layout")
> > 1c31d4e96b8c ("ARM: 8820/1: mm: Stop printing the virtual memory layout")
> > 31833332f798 ("m68k/mm: Stop printing the virtual memory layout")
> > fd8d0ca25631 ("parisc: Hide virtual kernel memory layout")
> > adb1fe9ae2ee ("mm/page_alloc: Remove kernel address exposure in free_reserved_area()")
> > 
> > -Kees
> > 
> > -- 
> > Kees Cook
> 
> microblaze (arch/microblaze/mm/init.c) and PPC32 (arch/powerpc/mm/mem.c)
> appear to still print it out. I can't test those, but will resubmit
> x86-32 with it removed.

Might as well fix those up too. :)

Patch
diff mbox series

diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 23df4885bbed..53635be69102 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -788,6 +788,10 @@  void __init mem_init(void)
 	x86_init.hyper.init_after_bootmem();
 
 	mem_init_print_info(NULL);
+
+	if (kaslr_enabled())
+		goto skip_layout;
+
 	printk(KERN_INFO "virtual kernel memory layout:\n"
 		"    fixmap  : 0x%08lx - 0x%08lx   (%4ld kB)\n"
 		"  cpu_entry : 0x%08lx - 0x%08lx   (%4ld kB)\n"
@@ -827,6 +831,7 @@  void __init mem_init(void)
 		(unsigned long)&_text, (unsigned long)&_etext,
 		((unsigned long)&_etext - (unsigned long)&_text) >> 10);
 
+skip_layout:
 	/*
 	 * Check boundaries twice: Some fundamental inconsistencies can
 	 * be detected at build time already.