On Tue, Feb 28, 2017 at 02:55:51PM -0800, Laura Abbott wrote: > On 02/28/2017 02:04 AM, Mark Rutland wrote: > > On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote: > >> On 28 February 2017 at 07:05, Miles Chen <miles.c...@mediatek.com> wrote: > >>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like > >>> /proc/vmallocinfo does. > >>> > >>> With sysctl kernel.kptr_restrict=0 or 1: > >>> cat /sys/kernel/debug/kernel_page_tables > >> > >> I wonder if this file should be accessible at all if kptr_restrict > 0 > > > > I don't have strong feelings either way. > > > > This isn't typically enabled, and it's under debugfs, so this shouldn't > > be accessible by a typical user anyhow. > > > > That said, there are very few of us who need to take a look at this > > file. I'm happy to deal with attacking kptr_restrict when required. > > > > In the interest of security it's probably for the best to switch to the > restricted pointer. Who knows what might get enabled or forgotten about. > I don't like the idea of tying enablement of the file to kptr_restrict > though.
... but it's also pretty weird to show the sizes, mapping type and permissions yet hide the virtual addresses. If you want to keep the file in spite of kptr_restrict, which bits are actually useful once the addresses are nobbled? Will
