Please drop this patch, needs amendment (commented inline). On Thu, Dec 07, 2017 at 11:26:38AM +1100, Tobin C. Harding wrote: > Hashing addresses printed with printk specifier %p was implemented > recently. During development a number of issues were raised regarding > leaking kernel addresses to userspace. We should update the > documentation appropriately. > > Add documentation regarding printing kernel addresses. > > Signed-off-by: Tobin C. Harding <m...@tobin.cc> > --- > > Is there a proffered method for subscripts in sphinx kernel docs? Here > we use '[*]' > > thanks, > Tobin. > > Documentation/security/self-protection.rst | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/Documentation/security/self-protection.rst > b/Documentation/security/self-protection.rst > index 60c8bd8b77bf..e711280cfdd7 100644 > --- a/Documentation/security/self-protection.rst > +++ b/Documentation/security/self-protection.rst > @@ -270,6 +270,20 @@ attacks, it is important to defend against exposure of > both kernel memory > addresses and kernel memory contents (since they may contain kernel > addresses or other sensitive things like canary values). > > +Kernel addresses > +---------------- > + > +Printing kernel addresses to userspace leaks sensitive information about > +the kernel memory layout. Care should be exercised when using any printk > +specifier that prints the raw address, currently %px, %p[ad], (and %p[sSb] > +in certain circumstances [*]). Any file written to using one of these > +specifiers should be readable only by privileged processes. > + > +Kernels 4.14 and older printed the raw address using %p. As of 4.15-rc1 > +addresses printed with the specifier %p are hashed before printing. > + > +[*] If symbol lookup fails, the raw address is currently printed.
[*] If KALLSYMS is enabled and symbol lookup fails, the raw address is currently printed. If KALLSYMS is not enabled the address is printed. thanks, Tobin.
