Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4034450imm; Mon, 30 Jul 2018 07:36:59 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeqwJZneCSY6w+CwlqjRyMrFHJ9GAzrlWctIBs+aaZpgdjgHkAkwASKBOlVgbANbu//LGnv X-Received: by 2002:a63:7d7:: with SMTP id 206-v6mr16667083pgh.137.1532961418995; Mon, 30 Jul 2018 07:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532961418; cv=none; d=google.com; s=arc-20160816; b=IVKKtlGJHg9hH2KbV7T+alRzrTH4zcIhJ4rPzJ+hnmfC9L6QXGRollKDemjMrpUZhC v4DtEpE4jAFr3r4AcyN0uBKciM6EN7Uxj3u/Pww7dxbJbUVjbF7SDHALE2TMmPXTvaCl 1qCekj8ZKnUfs4aGd6yJSNIrCMSRR1lDOvw08wOEy9hPG/eoQZj/WYfQOFXuUdPCkTza Mbn7Kp1nfL8dThzyxJQ0n1U2Pz9yn2VMRbMoBZV/hHSIFGoJqWrk87F0Bxz+TCcmOfxz 4eh3fZ1i38eaYfR1hS8/xXG7pK8B5YeYo0X4kLAOJpnNHANY+qK3EFCSTwQvVGaWDKGL evYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:to :from:date:dkim-signature:arc-authentication-results; bh=2DFafv1YkSRfeJeGHgpSV4L24ZM3a1fagdm8earY2BE=; b=lmx8vnOewIkdDAkTYFBG3aPyLPpAIc0cw0DSAZG5KLP756QkgxviFpAPZofhIl+nm8 qLRm/ONo883Oo4m4+t4EADkrQyHIjJkQeDs7ODcjdDJCrqvWSHKxHlqc9Jzt5EsguyQf oun7YIE2WJOETBve0aubNG0NMwil4EiguOyqBLEJkuyiF/782Jce/ldYEyxGvTpFiweR hOBOM4pruasGlRPEHPhVRHSR5GnGQ3TCB5fZq+Mr27fG/QlTl7DC+bzFBWETWA/EwvLJ kKVAeRUQKeWWlvz5v6DqSshYrDSxcZIFKDY2jvJSkkhlAUs19L9jvxqX2RDQtmQu3BrZ Jdew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CRdS9fws; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v22-v6si9989961plo.123.2018.07.30.07.36.44; Mon, 30 Jul 2018 07:36:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=CRdS9fws; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731557AbeG3QKa (ORCPT + 99 others); Mon, 30 Jul 2018 12:10:30 -0400 Received: from mail-pg1-f194.google.com ([209.85.215.194]:42518 "EHLO mail-pg1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726693AbeG3QKa (ORCPT ); Mon, 30 Jul 2018 12:10:30 -0400 Received: by mail-pg1-f194.google.com with SMTP id y4-v6so7362483pgp.9 for ; Mon, 30 Jul 2018 07:35:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=2DFafv1YkSRfeJeGHgpSV4L24ZM3a1fagdm8earY2BE=; b=CRdS9fwsXfyClho4NXDRr1xB8ZD7RZMpIBcHoIAtE3VmRWjcc44aW/QixdL1iHPT7s jUx1zB1q2XXSTvV6Qzh2s2hAFUQq75zh4yqH+fBsRoKwNYmSFh4XicSgHfAZOWNJarsT FsXIHVFIIXpa3P/5zYtRaoHhggR/Z83njadTuZKb8srNRcW+tHrivhDF8vZS7+Vk3eXx KzvO4kcHoaJrdvGf46m5xOjvluPlHR73SHAIyL645ylCaSV13sJMcqk+cUPck60+1ciD a0G2Znowh/gOr4sT7UyZ0lxJBD2QbP9aJUtAdlKCcz1BAhjvjA31fLF1nLaiR5l25F8g 6QEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=2DFafv1YkSRfeJeGHgpSV4L24ZM3a1fagdm8earY2BE=; b=bDFJXNSW7ubwZQ+l4He4W0QxMPP6oHLsl53P56IN0+eusBsbyACV4vGxtToS2I6xjU fXW5r5Upr+OnSAIDFMaDQPyLHq53vts9UK2qCgXfJvJo4bt4i/Hs6BT1s/jVFkw0snUD zoxh/qXfGTMjKmZZkeAd4+RgdYUsnxL2mglfMkEUKA+n82Bu6zbGGtx+ZQ7SwILWCbvr vWVqVoE/V5I2WZO7JswubukHXY97NLqx7CCYi9ClmDmpTyZi8DEWruaWsOB+O97iBDKC gaqwIgzSobBtIuNzhzYVkfa5PxYSmMX812RL3jZCT9P2DciZqru5uCwlqfSrIhhPTUER tNog== X-Gm-Message-State: AOUpUlHvbI7g60uDsYej2qmoiY99g+hHt+xHLON8CgdCTkqWVCvsqm7l rMUWG8AHRpMRVI34VUAHJlYeSg== X-Received: by 2002:a63:e914:: with SMTP id i20-v6mr16709126pgh.10.1532961312997; Mon, 30 Jul 2018 07:35:12 -0700 (PDT) Received: from localhost ([2620:0:1000:1600:6e29:33f4:7c9a:4918]) by smtp.gmail.com with ESMTPSA id s27-v6sm19824220pfk.133.2018.07.30.07.35.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 07:35:12 -0700 (PDT) Date: Mon, 30 Jul 2018 07:35:11 -0700 From: Sandeep Patil To: "Theodore Y. Ts'o" , Steven Rostedt , Jann Horn , salyzyn@google.com, Nick Desaulniers , Golden_Miller83@protonmail.ch, Greg KH , Kees Cook , salyzyn@android.com, kernel list , Ingo Molnar , kernel-team@android.com, stable@vger.kernel.org, Kernel Hardening , Jeffrey Vander Stoep Subject: Re: [PATCH] tracing: do not leak kernel addresses Message-ID: <20180730143511.GU190909@sspatil-desktop.mtv.corp.google.com> References: <20180727143141.4b53d554@gandalf.local.home> <20180727195416.GF13922@thunk.org> <20180727161103.797f12b7@gandalf.local.home> <20180727202114.GH13922@thunk.org> <20180727220543.GT190909@sspatil-desktop.mtv.corp.google.com> <20180728000428.GI13922@thunk.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180728000428.GI13922@thunk.org> User-Agent: Mutt/1.9.2 (2017-12-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 27, 2018 at 08:04:28PM -0400, Theodore Y. Ts'o wrote: > On Fri, Jul 27, 2018 at 03:05:43PM -0700, Sandeep Patil wrote: > > On Fri, Jul 27, 2018 at 04:21:14PM -0400, Theodore Y. Ts'o wrote: > > > On Fri, Jul 27, 2018 at 04:11:03PM -0400, Steven Rostedt wrote: > > > > That said, I would assume that > > > > other Android utilities are using other debugfs files for system > > > > status and such. > > > > As of today, I think a lot of information in 'bugreports' is read > > out of debugfs (including things like binder stats). We do have a plan > > to change that. > > Hmm, if it's only for bugreports, maybe it can be only mounted when > about root processes getting tricked into reading from debugfs. Yes, that's an interesting idea. May be a quicker way to get ourselves rid of relying on debugfs. We need some platform cleanup to remove all debugfs accessing code that's not "debug only" first. That work has been ongoing .. > > > > Indeed, I think it can. However, the problem is the last time I tried to > > remove this a whole bunch of things just broke. So, it wasn't about losing > > a functionality here and there. Agree, we need to clean up platform to not use > > debugfs first. Then we can expect Apps or other native processes to not rely > > on debugfs at all. > > Is Android controlling access to debugfs files via SELinux? If so, > then access to debugfs can be gradually cranked down as use cases are > removed. Yes, that's what we've done now, so we know where the code is that depends on it and working on moving it out. New domains aren't allowed to rely on debugfs now. - ssp > > - Ted > > >