Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file

Wed, 06 Apr 2016 10:55:57 -0700 

On Wed, Apr 6, 2016 at 8:20 AM, Linus Torvalds
<torva...@linux-foundation.org> wrote:
>
> I'd much rather just not insert the resources in the first place then.

So I'd find a patch like the attached to be perfectly acceptable (in
fact, we should have done this long ago).

That said, for a kernel hardening thing, I think it would be much more
important to just make sure that KASLR is enabled much more. Right now
I think it's disabled in practice if you enable hibernation support,
and I think most distros do that.

So I think that in *practice*, kaslr is much more likely to be
defeated by much more mundane reasons.

             Linus

 arch/x86/kernel/setup.c | 37 -------------------------------------
 1 file changed, 37 deletions(-)

diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 2367ae07eb76..319b08a5b6ed 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -146,31 +146,6 @@ int default_check_phys_apicid_present(int phys_apicid)
 
 struct boot_params boot_params;
 
-/*
- * Machine setup..
- */
-static struct resource data_resource = {
-       .name   = "Kernel data",
-       .start  = 0,
-       .end    = 0,
-       .flags  = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM
-};
-
-static struct resource code_resource = {
-       .name   = "Kernel code",
-       .start  = 0,
-       .end    = 0,
-       .flags  = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM
-};
-
-static struct resource bss_resource = {
-       .name   = "Kernel bss",
-       .start  = 0,
-       .end    = 0,
-       .flags  = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM
-};
-
-
 #ifdef CONFIG_X86_32
 /* cpu data as detected by the assembly code in head.S */
 struct cpuinfo_x86 new_cpu_data = {
@@ -949,13 +924,6 @@ void __init setup_arch(char **cmdline_p)
 
        mpx_mm_init(&init_mm);
 
-       code_resource.start = __pa_symbol(_text);
-       code_resource.end = __pa_symbol(_etext)-1;
-       data_resource.start = __pa_symbol(_etext);
-       data_resource.end = __pa_symbol(_edata)-1;
-       bss_resource.start = __pa_symbol(__bss_start);
-       bss_resource.end = __pa_symbol(__bss_stop)-1;
-
 #ifdef CONFIG_CMDLINE_BOOL
 #ifdef CONFIG_CMDLINE_OVERRIDE
        strlcpy(boot_command_line, builtin_cmdline, COMMAND_LINE_SIZE);
@@ -1019,11 +987,6 @@ void __init setup_arch(char **cmdline_p)
 
        x86_init.resources.probe_roms();
 
-       /* after parse_early_param, so could debug it */
-       insert_resource(&iomem_resource, &code_resource);
-       insert_resource(&iomem_resource, &data_resource);
-       insert_resource(&iomem_resource, &bss_resource);
-
        e820_add_kernel_range();
        trim_bios_range();
 #ifdef CONFIG_X86_32

Reply via email to