| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171009100415.GA12785@eros>
Date: Mon, 9 Oct 2017 21:04:15 +1100
From: "Tobin C. Harding" <me@...in.cc>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: rkrcmar@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] KVM: remove printing of token address
On Mon, Oct 09, 2017 at 03:49:38AM -0400, Paolo Bonzini wrote:
>
>
> ----- Original Message -----
> > From: "Tobin C. Harding" <me@...in.cc>
> > To: "Paolo Bonzini" <pbonzini@...hat.com>, rkrcmar@...hat.com
> > Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, "Tobin C. Harding" <me@...in.cc>
> > Sent: Monday, October 9, 2017 8:30:14 AM
> > Subject: [PATCH] KVM: remove printing of token address
> >
> > KVM currently prints the address of the consumer token. It is not
> > immediately clear what benefit it is to see this address. Printing
> > this address leaks kernel pointers into dmesg and is a security risk.
> >
> > Remove the consumer token address from error message output.
>
> It should use %pK instead.
Is there any other way we can identify a token? There is some push back against kpt_restrict (as
used by %pK) at the moment. If there is another sane way to do it perhaps we could consider that,
else I'll use %pK for v2.
> Also, please do the same change on the VFIO
> side (drivers/vfio/pci/vfio_pci_intrs.c, call to irq_bypass_register_producer).
Oh, cool. I was wondering where the other side was. Will send v2
thanks,
Tobin.
Powered by blists - more mailing lists