Date: Sat, 06 May 2017 11:48:36 +0100 From: Ian Campbell <ijc@...lion.org.uk> To: Greg KH <gregkh@...uxfoundation.org>, kernel-hardening@...ts.openwall.com, Petr Mladek <pmladek@...e.com>, Sergey Senozhatsky <sergey.senozhatsky@...il.com> Cc: linux-kernel@...r.kernel.org, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, Steven Rostedt <rostedt@...dmis.org>, William Roberts <william.c.roberts@...el.com>, Chris Fries <cfries@...gle.com>, Dave Weinstein <olorin@...gle.com> Subject: Re: [RFC 3/6] lib: vsprintf: physical address kernel pointer filtering options On Fri, 2017-05-05 at 21:07 -0700, Greg KH wrote: > From: Dave Weinstein <olorin@...gle.com> > > Add the kptr_restrict setting of 4 which results in %pa and > %p[rR] values being replaced by zeros. Given that '%pa' is: * - 'a[pd]' For address types [p] phys_addr_t, [d] dma_addr_t and derivatives * (default assumed to be phys_addr_t, passed by reference) what is the thread model which hiding physical addresses from attackers protects against? I can see why virtual addresses would be obviously dangerous but physical addresses seem less obvious and I didn't see it spelled out in any of the commit messages or added comments in the thread. I think a comment somewhere would be useful for people who are trying to decide if they should use %pa vs %paP etc. Ian.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.