Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options

From: Linus Torvalds
Date: Wed Oct 04 2017 - 11:41:32 EST

Next message: Ming Lei: "Re: [RFC 0/5] fs: replace kthread freezing with filesystem freeze/thaw"
Previous message: Jacopo Mondi: "[PATCH] arm: dts: gr-peach: Reduce extal_clk resolution"
In reply to: Roberts, William C: "RE: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options"
Next in thread: Boris Lukashev: "Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Sep 30, 2017 at 5:06 PM, Tobin C. Harding <me@xxxxxxxx> wrote:
> lib: vsprintf: default kptr_restrict to the maximum value

So I'm not convinced about this one.

It removes kernel pointers even for root, which is annoying for things
like perf.

And the only physical pointers we should print out during boot etc are
things we *need*.

So kptr_restrict is wrong for that, bercause either we potentially
need those values for debugging ("why does my kernel not boot"), or
they shouldn't be printed at all.

And I think _that_ is the real issue. If there are places that leak,
we should look at those, rather than just say "kptr_restrict".

Linus

Next message: Ming Lei: "Re: [RFC 0/5] fs: replace kthread freezing with filesystem freeze/thaw"
Previous message: Jacopo Mondi: "[PATCH] arm: dts: gr-peach: Reduce extal_clk resolution"
In reply to: Roberts, William C: "RE: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options"
Next in thread: Boris Lukashev: "Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]