lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <39b945bc-003c-4fb3-17ad-3484b6196bd3@redhat.com>
Date:   Fri, 19 Mar 2021 15:45:25 +0100
From:   David Hildenbrand <david@...hat.com>
To:     linux-kernel@...r.kernel.org
Cc:     linux-mm@...ck.org,
        "Alexander A. Klimov" <grandmaster@...klimov.de>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Alexandre Belloni <alexandre.belloni@...tlin.com>,
        Andrew Lunn <andrew@...n.ch>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andrey Zhizhikin <andrey.zhizhikin@...ca-geosystems.com>,
        Arnd Bergmann <arnd@...db.de>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Brian Cain <bcain@...eaurora.org>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        Christophe Leroy <christophe.leroy@...roup.eu>,
        Chris Zankel <chris@...kel.net>,
        Corentin Labbe <clabbe@...libre.com>,
        "David S. Miller" <davem@...emloft.net>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Geert Uytterhoeven <geert@...ux-m68k.org>,
        Gerald Schaefer <gerald.schaefer@...ux.ibm.com>,
        Greentime Hu <green.hu@...il.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Gregory Clement <gregory.clement@...tlin.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Helge Deller <deller@....de>, Hillf Danton <hdanton@...a.com>,
        huang ying <huang.ying.caritas@...il.com>,
        Ingo Molnar <mingo@...nel.org>,
        Ivan Kokshaysky <ink@...assic.park.msu.ru>,
        "James E.J. Bottomley" <James.Bottomley@...senPartnership.com>,
        Jiaxun Yang <jiaxun.yang@...goat.com>,
        Jonas Bonn <jonas@...thpole.se>,
        Jonathan Corbet <corbet@....net>,
        Kairui Song <kasong@...hat.com>,
        Krzysztof Kozlowski <krzk@...nel.org>,
        Kuninori Morimoto <kuninori.morimoto.gx@...esas.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux API <linux-api@...r.kernel.org>,
        Liviu Dudau <liviu.dudau@....com>,
        Lorenzo Pieralisi <lorenzo.pieralisi@....com>,
        Luc Van Oostenryck <luc.vanoostenryck@...il.com>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Matthew Wilcox <willy@...radead.org>,
        Matt Turner <mattst88@...il.com>,
        Max Filippov <jcmvbkbc@...il.com>,
        Michael Ellerman <mpe@...erman.id.au>,
        Michal Hocko <mhocko@...e.com>,
        Mike Rapoport <rppt@...nel.org>,
        Mikulas Patocka <mpatocka@...hat.com>,
        Minchan Kim <minchan@...nel.org>,
        Niklas Schnelle <schnelle@...ux.ibm.com>,
        Oleksiy Avramchenko <oleksiy.avramchenko@...ymobile.com>,
        Palmer Dabbelt <palmerdabbelt@...gle.com>,
        Paul Mackerras <paulus@...ba.org>,
        "Pavel Machek (CIP)" <pavel@...x.de>, Pavel Machek <pavel@....cz>,
        "Peter Zijlstra (Intel)" <peterz@...radead.org>,
        Pierre Morel <pmorel@...ux.ibm.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Richard Henderson <rth@...ddle.net>,
        Rich Felker <dalias@...c.org>,
        Robert Richter <rric@...nel.org>,
        Rob Herring <robh@...nel.org>,
        Russell King <linux@...linux.org.uk>,
        Sam Ravnborg <sam@...nborg.org>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        Sebastian Hesselbarth <sebastian.hesselbarth@...il.com>,
        Stafford Horne <shorne@...il.com>,
        Stefan Kristiansson <stefan.kristiansson@...nalahti.fi>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sudeep Holla <sudeep.holla@....com>,
        Theodore Dubois <tblodt@...oud.com>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        Thomas Gleixner <tglx@...utronix.de>,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        William Cohen <wcohen@...hat.com>,
        Xiaoming Ni <nixiaoming@...wei.com>,
        Yoshinori Sato <ysato@...rs.sourceforge.jp>
Subject: Re: [PATCH RFC 0/3] drivers/char: remove /dev/kmem for good

On 19.03.21 15:34, David Hildenbrand wrote:
> Let's start a discussion if /dev/kmem is worth keeping around and
> fixing/maintaining or if we should just remove it now for good.
> 
> More details / findings in patch #1. Patch #2 and #3 perform minor cleanups
> based on removed /dev/kmem support.

As some arch maintainers are only cced on patch #2 (grml), patch #1 is

https://lkml.kernel.org/r/20210319143452.25948-2-david@redhat.com

and the description is:

"
Exploring /dev/kmem and /dev/mem in the context of memory hot(un)plug and
memory ballooning, I started questioning the existance of /dev/kmem.

Comparing it with the /proc/kcore implementation, it does not seem to be
able to deal with things like
a) Pages unmapped from the direct mapping (e.g., to be used by secretmem)
   -> kern_addr_valid(). virt_addr_valid() is not sufficient.
b) Special cases like gart aperture memory that is not to be touched
   -> mem_pfn_is_ram()
Unless I am missing something, it's at least broken in some cases and might
fault/crash the machine.

Looks like its existance has been questioned before in 2005 and 2010
[1], after ~11 additional years, it might make sense to revive the
discussion.

CONFIG_DEVKMEM is only enabled in a single defconfig (on purpose or by
mistake?). All distributions I looked at disable it.

1) /dev/kmem was popular for rootkits [2] before it got disabled
    basically everywhere. Ubuntu documents [3] "There is no modern user of
    /dev/kmem any more beyond attackers using it to load kernel rootkits.".
    RHEL documents in a BZ [5] "it served no practical purpose other than to
    serve as a potential security problem or to enable binary module drivers
    to access structures/functions they shouldn't be touching"

2) /proc/kcore is a decent interface to have a controlled way to read
    kernel memory for debugging puposes. (will need some extensions to
    deal with memory offlining/unplug, memory ballooning, and poisoned
    pages, though)

3) It might be useful for corner case debugging [1]. KDB/KGDB might be a
    better fit, especially, to write random memory; harder to shoot
    yourself into the foot.

4) "Kernel Memory Editor" hasn't seen any updates since 2000 and seems
    to be incompatible with 64bit [1]. For educational purposes,
    /proc/kcore might be used to monitor value updates -- or older
    kernels can be used.

5) It's broken on arm64, and therefore, completely disabled there.

Looks like it's essentially unused and has been replaced by better
suited interfaces for individual tasks (/proc/kcore, KDB/KGDB). Let's
just remove it.

[1] https://lwn.net/Articles/147901/
[2] https://www.linuxjournal.com/article/10505
[3] https://wiki.ubuntu.com/Security/Features#A.2Fdev.2Fkmem_disabled
[4] https://sourceforge.net/projects/kme/
[5] https://bugzilla.redhat.com/show_bug.cgi?id=154796
"

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ