On Wed, Dec 6, 2017 at 4:26 PM, Tobin C. Harding <me@xxxxxxxx> wrote: > Hashing addresses printed with printk specifier %p was implemented > recently. During development a number of issues were raised regarding > leaking kernel addresses to userspace. We should update the > documentation appropriately. > > Add documentation regarding printing kernel addresses. > > Signed-off-by: Tobin C. Harding <me@xxxxxxxx> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > > Is there a proffered method for subscripts in sphinx kernel docs? Here > we use '[*]' Great question... I can't find an answer to this. :P > > thanks, > Tobin. > > Documentation/security/self-protection.rst | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst > index 60c8bd8b77bf..e711280cfdd7 100644 > --- a/Documentation/security/self-protection.rst > +++ b/Documentation/security/self-protection.rst > @@ -270,6 +270,20 @@ attacks, it is important to defend against exposure of both kernel memory > addresses and kernel memory contents (since they may contain kernel > addresses or other sensitive things like canary values). > > +Kernel addresses > +---------------- > + > +Printing kernel addresses to userspace leaks sensitive information about > +the kernel memory layout. Care should be exercised when using any printk > +specifier that prints the raw address, currently %px, %p[ad], (and %p[sSb] > +in certain circumstances [*]). Any file written to using one of these > +specifiers should be readable only by privileged processes. > + > +Kernels 4.14 and older printed the raw address using %p. As of 4.15-rc1 > +addresses printed with the specifier %p are hashed before printing. > + > +[*] If symbol lookup fails, the raw address is currently printed. Is there a plan to adjust this case? Thanks! -Kees > + > Unique identifiers > ------------------ > > -- > 2.7.4 > -- Kees Cook Pixel Security -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
