Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp741504imm;
        Thu, 26 Jul 2018 11:09:25 -0700 (PDT)
X-Google-Smtp-Source: AAOMgpfNVZussInW4LcFckZNJCAN+j0PCtplgE0WRE5xS12o3FxCYpZi+4aOr/opB17WP4c3ao2C
X-Received: by 2002:a62:644d:: with SMTP id y74-v6mr3060750pfb.221.1532628565501;
        Thu, 26 Jul 2018 11:09:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1532628565; cv=none;
        d=google.com; s=arc-20160816;
        b=zgpkkyV1UNepzaXRVMBQIkm75j4sN3OqLE/UmVQjwI8NgZrhKTa+n6ckfiqqpuJ0P3
         Rhc3uMK8nyHLUSXrrCQzqoCI57WVaUolMs6rK/bn3lN4PPBsSHkIYH4L8XgVmKBA3bJh
         JVhxuluItslf9wd2/4Luw7ET/+KdNlHP5Opp4UCudE0fwROT6jyHtfS64Wk5pPfEpmb/
         D0amgWr0XP2dfi4UmlromkPzAg2n1md+ouB5k0wzAopZ51Aaiv0HFXLEcJoY0CUgKh6x
         CY1e7nD9aqIbaauAicVKRKkK0hxi6ejWKe0vGo+6/ytav+smgjWpP53piz5q/DSp0xpZ
         0+5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=oe4vrc/P43KVf8Hg1AcoCPYjxvh9zVIbduGWRymWadw=;
        b=tt/bzk8hfkqhNaaiwVDJq3rjdaAXLSxR2fBUnJZMjqdrJ3W3G218XSBWecE7TpIfd6
         PC6L1nP9tw2IVV8dEAW161iH7svHe7Fm0ANhUtW4O3FBAihHBIfVJAnyW8sckkpVlMmU
         8RCxZqh50/W8ZvJUayrXrdqpQ2IaorTT8xNNqQ4oKKWFxMU5f8olL0J7i6N8pmT72L95
         DRPPR7/JUf77Rq3KVlJHRr8A2ptkp0RBMbVPWZ1MhpTVBmpN2oqkFVrxWDZBdO9/7KC4
         nyiSYgPebCGTmPm7Vbl2p//Ij3qtxMA4KS/ATDh/oE231QSMsHXcSIqFn3jsoymB+Ri5
         QbTw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=jRs+J4b2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e10-v6si1897900pfc.51.2018.07.26.11.09.10;
        Thu, 26 Jul 2018 11:09:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=jRs+J4b2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732096AbeGZRty (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 99 others); Thu, 26 Jul 2018 13:49:54 -0400
Received: from mail-pl0-f67.google.com ([209.85.160.67]:35220 "EHLO
        mail-pl0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731370AbeGZRty (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jul 2018 13:49:54 -0400
Received: by mail-pl0-f67.google.com with SMTP id w3-v6so1056745plq.2
        for <linux-kernel@vger.kernel.org>; Thu, 26 Jul 2018 09:32:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=oe4vrc/P43KVf8Hg1AcoCPYjxvh9zVIbduGWRymWadw=;
        b=jRs+J4b2IzYXM1SHDx5fM+6xxLaKv2h7NPMb0I7aFy14tcYwRqCGxHtpUrgg8gR8xq
         BY0Ev1cWVUQ65BXRlJSQoMi/XVg8zbtrHup8tPAPjCgCmLZDAfUb0NVChtGW+PaQas/T
         s9SbCTtggUgBONO9nJ2oIXOkmBVcDCtouqvkGVzVD88OltlOcTi6LBgrlHpB8qM62VaA
         h/mPyLxccyg8RldKtKDmJddA8v//WOwc6oboZNK+m1q0JCw7o/MZwigIIB3ySEbOHNpb
         xDyrJ77VxK+sh9fzjwwe3Zl9/zGXu9sPur/Y/XX96QX9s0uvGpFzygYj/dFs7u12ED3p
         b8Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=oe4vrc/P43KVf8Hg1AcoCPYjxvh9zVIbduGWRymWadw=;
        b=axtnuUbMme3LCbjVBsIj92WK0jzQntvjMjZhN9pASUMiJUNR9TeHgE8qQnhigkMR5f
         +X8cL1ti6ZDQGmThVBblS18JB+wuWqgok23esK8WIPUWu/PelsmYSnFEccrrqnT2mTH5
         MYIreuEYrOJYyS40m/V2yWo9Hejuz/Ay5OS4Yo8krkRSDXw6WLqE3W44boLpG0fg4N9S
         8QXj81ClO0MBa0KSlAC+DC2jXgg+FMd1nB9glGht4aBEeVKau2VRAKHAfecOTZvFaj39
         C18Q6JCFDv1LEIER3CXdQTSu18afWqG5NDVjWdRmqbVyhmdnDhV09MGSH6Xlf/s0ugjO
         KBKA==
X-Gm-Message-State: AOUpUlGNsxd5pcpzlbNOkFtBPsQvK3L2Y4gokcPF2wwyuktOrbzJySoW
        WdoVSp2J30yehAB42zUBCnMjMba5q6juzrtpDDXgKw==
X-Received: by 2002:a17:902:64d7:: with SMTP id y23-v6mr2592533pli.53.1532622738464;
 Thu, 26 Jul 2018 09:32:18 -0700 (PDT)
MIME-Version: 1.0
References: <20180725202238.165314-1-salyzyn@android.com> <20180725210717.3b807191@vmware.local.home>
 <11437c3e-5131-7190-c496-7b51eb7fcc2a@android.com> <20180726112245.3c1bf91d@gandalf.local.home>
In-Reply-To: <20180726112245.3c1bf91d@gandalf.local.home>
From:   Nick Desaulniers <ndesaulniers@google.com>
Date:   Thu, 26 Jul 2018 09:32:07 -0700
Message-ID: <CAKwvOdknFPpyQx17EbixnydJukuX4kH8=xVTS_9qnsERKCoPkQ@mail.gmail.com>
Subject: Re: [PATCH] tracing: do not leak kernel addresses
To:     rostedt@goodmis.org
Cc:     salyzyn@android.com, LKML <linux-kernel@vger.kernel.org>,
        mingo@redhat.com, kernel-team@android.com, stable@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jul 26, 2018 at 8:22 AM Steven Rostedt <rostedt@goodmis.org> wrote:
>
> On Thu, 26 Jul 2018 08:14:08 -0700
> Mark Salyzyn <salyzyn@android.com> wrote:
>
> > Thank you Steve, much appreciated feedback, I have asked the security
> > developers to keep this in mind and come up with a correct fix.
> >
> > The correct fix that meets your guidelines would _not_ be suitable for
> > stable due to the invasiveness it sounds, only for the latest will such
> > a rework make sense. As such, the fix proposed in this patch is the only
> > one that meets the bar for stable patch simplicity, and merely(!) needs
> > to state that if the fix is taken, perf and trace are broken.
> >
> > Posting this patch publicly on the lists, that may never be applied, may
> > be the limit of our responsibility for a fix to stable kernel releases,
> > to be optionally applied by vendors concerned with this CVE criteria?
> >
>
> The patch breaks the code it touches. It makes it useless.

Doesn't that depend on kptr_restrict, or would it be broken if
kptr_restrict was set to 0?

> If you want
> something for stable, add a command line parameter that just disables
> the creation of that file. Otherwise you will break usespace and that
> will be a definitely NAK from Linus, and for stable itself. This is a
> very minor security issue, and does not justify breaking userspace
> applications. I would be very upset if a new stable release broke both
> perf and trace-cmd's ability to read certain trace events.

I don't disagree.

-- 
Thanks,
~Nick Desaulniers