Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1397603imm; Fri, 27 Jul 2018 17:06:00 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe4lCLYCOvGwTxofK2pg9Pu06+kwR6iWGLZcpDYEieX7umES+NLrDNo41NSHYPOhCdkWm0+ X-Received: by 2002:a17:902:8c84:: with SMTP id t4-v6mr7946859plo.100.1532736360683; Fri, 27 Jul 2018 17:06:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532736360; cv=none; d=google.com; s=arc-20160816; b=Y+M9rNBjvrsECHG7pKmA2z1B8A4D5o+tbmC7YUPGBJDG7MpTBBZ3knDJaj9nwXqHoh YhGwDYQq1O7yKIQUSr2W7w32C/0PmH6HUIoTxVe2SA0wyT8jsssMu5qqo6wh3Nw7yOu/ KyPjVYD+mQyhQREnJmzkznkBouHp+VihUb/t/eRYrDA5fy19a4B5MRWmnK8L4IZN0LyA RBNgrc4r1BEhMxIgSe+ibWPLAf/UHP1J3+17aHti6ZJGktfI88swFU3LNlvg4wRWswfI 6bIbST+zBSidjvEN9qwl60E04N5xpd9Jvi4mlPC8zqkcDdsJpaup0qkey/9M9oUn+IoR VFBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:mail-followup-to :message-id:subject:cc:to:from:date:dkim-signature :arc-authentication-results; bh=iczM11v4Sb9qFS0jeKu0lewIsLnK/WmUlQd/yujAJpw=; b=LKYL/ZcsaMJc8i7zLa+KUW/lU4rT3qEXLC6Py+NawhA/3xcIFFvXQA7+uZaNw+zQEA gJv9ge++NnWvWHTUK3bdCFoq8fXloEEH15QHacp0wdPns6DdHLadh5l7e9KpquLqV/CA Mg8rECjCTLATkmKgqj9EwSs/ppIorkGvrFQGAeLGitTma3QH5Pc4YI7K0S77PaYjB6aX GFiVNVbJ2QWKQym4eeYCCfz/0UWyiMHUIC6MNsGfhbJlZc43vHPtM7fYq6gFLSCj0VvF BowtV/Hkn7fRml9uuzPb3pmhsVfYSmCszAQfkznh/q84JtiHULkhH3PXXqeJKqvw6IqX d5+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=l5T5JMgW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h18-v6si4665194pfn.158.2018.07.27.17.05.46; Fri, 27 Jul 2018 17:06:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@thunk.org header.s=ef5046eb header.b=l5T5JMgW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389285AbeG1B3J (ORCPT + 99 others); Fri, 27 Jul 2018 21:29:09 -0400 Received: from imap.thunk.org ([74.207.234.97]:37386 "EHLO imap.thunk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388998AbeG1B3J (ORCPT ); Fri, 27 Jul 2018 21:29:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=iczM11v4Sb9qFS0jeKu0lewIsLnK/WmUlQd/yujAJpw=; b=l5T5JMgWtqzW25h3jtub1zFYUk d9SrMDIAFY2HwH/pUSsg9EL+tCMB0JqrKoEbrnGCpBDhQwaQXM4G1B+qn09EQcPWqqkdE9+1+LcLR 68h0DsycAxUtGo/FIuzCAui81pb5B5dJtCAfq0c+B8dLLMVWnb4HWbtxEgFC1s/DbXbs=; Received: from root (helo=callcc.thunk.org) by imap.thunk.org with local-esmtp (Exim 4.89) (envelope-from ) id 1fjCir-00035d-I2; Sat, 28 Jul 2018 00:04:38 +0000 Received: by callcc.thunk.org (Postfix, from userid 15806) id E2AF77A6163; Fri, 27 Jul 2018 20:04:28 -0400 (EDT) Date: Fri, 27 Jul 2018 20:04:28 -0400 From: "Theodore Y. Ts'o" To: Sandeep Patil Cc: Steven Rostedt , Jann Horn , salyzyn@google.com, Nick Desaulniers , Golden_Miller83@protonmail.ch, Greg KH , Kees Cook , salyzyn@android.com, kernel list , Ingo Molnar , kernel-team@android.com, stable@vger.kernel.org, Kernel Hardening , Jeffrey Vander Stoep Subject: Re: [PATCH] tracing: do not leak kernel addresses Message-ID: <20180728000428.GI13922@thunk.org> Mail-Followup-To: "Theodore Y. Ts'o" , Sandeep Patil , Steven Rostedt , Jann Horn , salyzyn@google.com, Nick Desaulniers , Golden_Miller83@protonmail.ch, Greg KH , Kees Cook , salyzyn@android.com, kernel list , Ingo Molnar , kernel-team@android.com, stable@vger.kernel.org, Kernel Hardening , Jeffrey Vander Stoep References: <20180727094730.3a448629@gandalf.local.home> <20180727143141.4b53d554@gandalf.local.home> <20180727195416.GF13922@thunk.org> <20180727161103.797f12b7@gandalf.local.home> <20180727202114.GH13922@thunk.org> <20180727220543.GT190909@sspatil-desktop.mtv.corp.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180727220543.GT190909@sspatil-desktop.mtv.corp.google.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: tytso@thunk.org X-SA-Exim-Scanned: No (on imap.thunk.org); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 27, 2018 at 03:05:43PM -0700, Sandeep Patil wrote: > On Fri, Jul 27, 2018 at 04:21:14PM -0400, Theodore Y. Ts'o wrote: > > On Fri, Jul 27, 2018 at 04:11:03PM -0400, Steven Rostedt wrote: > > > That said, I would assume that > > > other Android utilities are using other debugfs files for system > > > status and such. > > As of today, I think a lot of information in 'bugreports' is read > out of debugfs (including things like binder stats). We do have a plan > to change that. Hmm, if it's only for bugreports, maybe it can be only mounted when about root processes getting tricked into reading from debugfs. > Indeed, I think it can. However, the problem is the last time I tried to > remove this a whole bunch of things just broke. So, it wasn't about losing > a functionality here and there. Agree, we need to clean up platform to not use > debugfs first. Then we can expect Apps or other native processes to not rely > on debugfs at all. Is Android controlling access to debugfs files via SELinux? If so, then access to debugfs can be gradually cranked down as use cases are removed. - Ted