Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp2557324ybf; Mon, 2 Mar 2020 11:02:23 -0800 (PST) X-Google-Smtp-Source: ADFU+vuf/ieMRm2QGzy/PA8zk4Ejd6u4MmAFl6n4sMjXhMcXkrApAUnn7KTD49zzD9+axRryW3JO X-Received: by 2002:aca:5ad5:: with SMTP id o204mr391606oib.2.1583175743709; Mon, 02 Mar 2020 11:02:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583175743; cv=none; d=google.com; s=arc-20160816; b=aU4p2/1KqKH6gqdY9Lg5NjLAjNVXpCmLYeHu13lnAngZtsWedGjtrxPUmUkwEShqXe YJZePNgSsp/h94PQrleUYz50LhvGIhBfH6RT4wfdxESzZP54Hkf/+CrrtgxorgOFBeBo OW423lU0NGwrnLVxaHZ0bp4RmwIXoskhhkfJYnt8tbpcEk4x/R+fQv/SwYoXwI2qaUS+ XldEVi95fnZos7sv7fWSdWf17nkDNiX7p5QxWbQUhbFh9Tj3ihU/A1YtWj8EQ6l941oz sFS6rz14kl/R7B+r1dFkYfgfLSw2Knr4VhbXZEbSUgD9b+y2TDFqGoejFe3gdUh9NlAT cRIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id; bh=jzkB+JDGejjZmamVnD6RrB45f1EU4xxdfR7koyotzfg=; b=sJOlG/V5McJoTdOaJcChL5dXhcFxqQJqjbtyDGRT0yeo2gQ4rpdBYL1yXwPym/x0kW c3VnQyasT8mol1IYpuU1N69ZcoNha81g0M881pW9gIhkGB2+RD02uCLxyZRIeGWk+HL3 Om4ILoKWVp3oBHLbYYFtxFro7es2DRlleh+8wRQbKP1t5ciaAcgY2gwvk1738m39qtDy 7jDCkJzxU85bDj9wwTBtdE6P8A8/6OD4uykxZHnVSQJqgy5841IZBR2SQotLIFpFehCh DzLckcEev6WSa0xIPLoi5oX93iAPBRY/FLgAcfVVz8KouxRJBkFr0DyLxh8xNg+008E3 iolw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y22si6594597oti.269.2020.03.02.11.02.09; Mon, 02 Mar 2020 11:02:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727408AbgCBTB6 (ORCPT + 99 others); Mon, 2 Mar 2020 14:01:58 -0500 Received: from mga06.intel.com ([134.134.136.31]:21654 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726451AbgCBTB6 (ORCPT ); Mon, 2 Mar 2020 14:01:58 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2020 11:01:57 -0800 X-IronPort-AV: E=Sophos;i="5.70,507,1574150400"; d="scan'208";a="273846472" Received: from kcaccard-mobl.amr.corp.intel.com (HELO kcaccard-mobl1.jf.intel.com) ([10.24.8.183]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 02 Mar 2020 11:01:56 -0800 Message-ID: <41d7049cb704007b3cd30a3f48198eebb8a31783.camel@linux.intel.com> Subject: Re: [RFC PATCH 09/11] kallsyms: hide layout and expose seed From: Kristen Carlson Accardi To: Jann Horn Cc: Kees Cook , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Arjan van de Ven , Rick Edgecombe , the arch/x86 maintainers , kernel list , Kernel Hardening Date: Mon, 02 Mar 2020 11:01:56 -0800 In-Reply-To: References: <20200205223950.1212394-1-kristen@linux.intel.com> <20200205223950.1212394-10-kristen@linux.intel.com> <202002060428.08B14F1@keescook> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.5 (3.30.5-1.fc29) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2020-02-06 at 20:27 +0100, Jann Horn wrote: > On Thu, Feb 6, 2020 at 6:51 PM Kristen Carlson Accardi > wrote: > > On Thu, 2020-02-06 at 04:32 -0800, Kees Cook wrote: > > > In the past, making kallsyms entirely unreadable seemed to break > > > weird > > > stuff in userspace. How about having an alternative view that > > > just > > > contains a alphanumeric sort of the symbol names (and they will > > > continue > > > to have zeroed addresses for unprivileged users)? > > > > > > Or perhaps we wait to hear about this causing a problem, and deal > > > with > > > it then? :) > > > > > > > Yeah - I don't know what people want here. Clearly, we can't leave > > kallsyms the way it is. Removing it entirely is a pretty fast way > > to > > figure out how people use it though :). > > FYI, a pretty decent way to see how people are using an API is > codesearch.debian.net, which searches through the source code of all > the packages debian ships: > > https://codesearch.debian.net/search?q=%2Fproc%2Fkallsyms&literal=1 I looked through some of these packages as Jann suggested, and it seems like there are several that are using /proc/kallsyms to look for specific symbol names to determine whether some feature has been compiled into the kernel. This practice seems dubious to me, knowing that many kernel symbol names can be changed at any time, but regardless seems to be fairly common.