dev:md: A kernel address leakage in sys/dev/md/md.c
Nathan Whitehorn
nwhitehorn at freebsd.org
Tue Jun 18 00:34:06 UTC 2019
On 2019-06-17 09:25, Mark Johnston wrote:
> On Thu, Jun 13, 2019 at 02:52:24PM +0800, Fuqian Huang wrote:
>> In freebsd/sys/dev/md/md.c
>> if the kernel is created with option MD_ROOT,
>> g_md_init will call md_preload and use mfs_root as the image.
>> In function md_preload, address of image will be printed out,
>> in this case, the address of image is the address of a global object mfs_root.
>> A kernel address leakage happens.
> We have many such leaks. For example, netstat and fstat will print
> the kernel addresses of various structures. We currently do not perform
> any randomization of the kernel address space, so guessing is easy even
> in the absence of these leaks. In light of this I'm not sure it's worth
> the churn to update individual printf()s.
We do on some lower-tier platforms. On PowerNV, for instance, the kernel
will end up at a hard-to-predict address. I agree with the general
point, thouh.
-Nathan
More information about the freebsd-hackers
mailing list