summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-11-12 16:33:33 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2017-11-12 16:33:33 -0800
commit9d5604101e40c1d9d020384de11f0d68398c8844 (patch)
tree964f879da4eaa770214ea79850d53b52729c20d1
parentba1029c9cbc5af834467bf264e58f9d1074735fb (diff)
parentc0f3ea1589394deac2d840c685f57c69e4ac4243 (diff)
downloadlwn-9d5604101e40c1d9d020384de11f0d68398c8844.tar.gz
lwn-9d5604101e40c1d9d020384de11f0d68398c8844.zip
Merge branch 'kallsyms-restrictions'
Merge /proc/kallsyms pointer value restrictions. Instead of using %pK, and making it about root access (at the wrong time, no less), make the whole choice of whether to show the actual pointer value be very explicit to the kallsyms code. In particular, we can now default to not doing so, and yet avoid annoying kernel profiling by actually looking at whether kernel profiling is allowed or not (by default it is not). This is all mostly preparation for the real "let's stop leaking kernel addresses" work that Tobin Harding is working on. Small steps. * kallsyms-restrictions: stop using '%pK' for /proc/kallsyms pointer values
-rw-r--r--kernel/kallsyms.c49
1 files changed, 47 insertions, 2 deletions
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index 127e7cfafa55..51b49ed452e4 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -480,6 +480,7 @@ struct kallsym_iter {
char name[KSYM_NAME_LEN];
char module_name[MODULE_NAME_LEN];
int exported;
+ int show_value;
};
static int get_ksymbol_mod(struct kallsym_iter *iter)
@@ -580,14 +581,23 @@ static void s_stop(struct seq_file *m, void *p)
{
}
+#ifndef CONFIG_64BIT
+# define KALLSYM_FMT "%08lx"
+#else
+# define KALLSYM_FMT "%016lx"
+#endif
+
static int s_show(struct seq_file *m, void *p)
{
+ unsigned long value;
struct kallsym_iter *iter = m->private;
/* Some debugging symbols have no name. Ignore them. */
if (!iter->name[0])
return 0;
+ value = iter->show_value ? iter->value : 0;
+
if (iter->module_name[0]) {
char type;
@@ -597,10 +607,10 @@ static int s_show(struct seq_file *m, void *p)
*/
type = iter->exported ? toupper(iter->type) :
tolower(iter->type);
- seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value,
+ seq_printf(m, KALLSYM_FMT " %c %s\t[%s]\n", value,
type, iter->name, iter->module_name);
} else
- seq_printf(m, "%pK %c %s\n", (void *)iter->value,
+ seq_printf(m, KALLSYM_FMT " %c %s\n", value,
iter->type, iter->name);
return 0;
}
@@ -612,6 +622,40 @@ static const struct seq_operations kallsyms_op = {
.show = s_show
};
+static inline int kallsyms_for_perf(void)
+{
+#ifdef CONFIG_PERF_EVENTS
+ extern int sysctl_perf_event_paranoid;
+ if (sysctl_perf_event_paranoid <= 1)
+ return 1;
+#endif
+ return 0;
+}
+
+/*
+ * We show kallsyms information even to normal users if we've enabled
+ * kernel profiling and are explicitly not paranoid (so kptr_restrict
+ * is clear, and sysctl_perf_event_paranoid isn't set).
+ *
+ * Otherwise, require CAP_SYSLOG (assuming kptr_restrict isn't set to
+ * block even that).
+ */
+static int kallsyms_show_value(void)
+{
+ switch (kptr_restrict) {
+ case 0:
+ if (kallsyms_for_perf())
+ return 1;
+ /* fallthrough */
+ case 1:
+ if (has_capability_noaudit(current, CAP_SYSLOG))
+ return 1;
+ /* fallthrough */
+ default:
+ return 0;
+ }
+}
+
static int kallsyms_open(struct inode *inode, struct file *file)
{
/*
@@ -625,6 +669,7 @@ static int kallsyms_open(struct inode *inode, struct file *file)
return -ENOMEM;
reset_iter(iter, 0);
+ iter->show_value = kallsyms_show_value();
return 0;
}