RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-07 Thread Roberts, William C
> > As a _singlular_ argument, "it's for out-of-tree code" is weak. As an > _additional_ > argument, it has value. Saying "this only helps out-of-tree code" doesn't > carry > much weight. Saying "this helps kernel security, even for out-of-tree code" is > perfectly valid. And a wrinkle in this

Re: [kernel-hardening] RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-07 Thread Jann Horn
M > > > To: Roberts, William C > > > Cc: kernel-harden...@lists.openwall.com; cor...@lwn.net; linux- > > > d...@vger.kernel.org; linux-ker...@vger.kernel.org > > > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > > > > >

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Kees Cook
On Thu, Oct 6, 2016 at 2:19 PM, Joe Perches wrote: > On Thu, 2016-10-06 at 14:00 -0700, Kees Cook wrote: > >> And based on my read of this thread, we all appear to be in violent >> agreement. :) "always protect %p" is absolutely the goal, and we can >> figure out the best way to get there. > > I p

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Joe Perches
On Thu, 2016-10-06 at 14:00 -0700, Kees Cook wrote: > And based on my read of this thread, we all appear to be in violent > agreement. :) "always protect %p" is absolutely the goal, and we can > figure out the best way to get there. I proposed emitting pointers from the const and text sections by

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Kees Cook
On Thu, Oct 6, 2016 at 6:56 AM, Christoph Hellwig wrote: > On Thu, Oct 06, 2016 at 01:47:47PM +, Roberts, William C wrote: > > On Thu, Oct 6, 2016 at 6:31 AM, Christoph Hellwig > > wrote: > > > So what? We a) don't care about out of tree modules and b) you could > > > just triviall > > > f

RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Roberts, William C
er...@vger.kernel.org > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > On Thu, Oct 06, 2016 at 01:47:47PM +, Roberts, William C wrote: > > Out of tree modules still affect core kernel security. > > So don't use them. > > > I would also bet mon

Re: [kernel-hardening] RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Jann Horn
M > > > To: Roberts, William C > > > Cc: kernel-harden...@lists.openwall.com; cor...@lwn.net; linux- > > > d...@vger.kernel.org; linux-ker...@vger.kernel.org > > > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > > > > >

Re: [kernel-hardening] RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Jann Horn
all.com; cor...@lwn.net; linux- > > d...@vger.kernel.org; linux-ker...@vger.kernel.org > > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > > > On Wed, Oct 05, 2016 at 02:04:46PM -0400, william.c.robe...@intel.com wrote: > > > From: William Roberts >

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Christoph Hellwig
On Thu, Oct 06, 2016 at 01:47:47PM +, Roberts, William C wrote: > Out of tree modules still affect core kernel security. So don't use them. > I would also bet money, that somewhere > In-tree someone has put a %p when they wanted a %pK. So fix them. > So this method is just quite error > pro

RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Roberts, William C
; Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > On Wed, Oct 05, 2016 at 02:04:46PM -0400, william.c.robe...@intel.com wrote: > > From: William Roberts > > > > Some out-of-tree modules do not use %pK and just use %p, as it's the > > common C paradigm f

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Christoph Hellwig
On Wed, Oct 05, 2016 at 02:04:46PM -0400, william.c.robe...@intel.com wrote: > From: William Roberts > > Some out-of-tree modules do not use %pK and just use %p, as it's > the common C paradigm for printing pointers. Because of this, > kptr_restrict has no affect on the output and thus, no way to

RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Roberts, William C
; Nick > Desaulniers ; Dave Weinstein > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > On Wed, Oct 5, 2016 at 11:04 AM, wrote: > > From: William Roberts > > > > Some out-of-tree modules do not use %pK and just use %p, as it's the >

RE: [PATCH] printk: introduce kptr_restrict level 3

2016-10-06 Thread Roberts, William C
.org > Subject: Re: [PATCH] printk: introduce kptr_restrict level 3 > > On Wed, Oct 05 2016, william.c.robe...@intel.com wrote: > > > From: William Roberts > > > > Some out-of-tree modules do not use %pK and just use %p, as it's the > > common C paradigm for p

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-05 Thread Rasmus Villemoes
On Wed, Oct 05 2016, william.c.robe...@intel.com wrote: > From: William Roberts > > Some out-of-tree modules do not use %pK and just use %p, as it's > the common C paradigm for printing pointers. Because of this, > kptr_restrict has no affect on the output and thus, no way to > contain the kernel

Re: [PATCH] printk: introduce kptr_restrict level 3

2016-10-05 Thread Kees Cook
On Wed, Oct 5, 2016 at 11:04 AM, wrote: > From: William Roberts > > Some out-of-tree modules do not use %pK and just use %p, as it's > the common C paradigm for printing pointers. Because of this, > kptr_restrict has no affect on the output and thus, no way to > contain the kernel address leak.