diff options
author | Sara Hartse <[email protected]> | 2019-04-04 18:57:06 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2019-04-04 18:57:06 -0700 |
commit | a887d653b32aaba3fe04c7b25ff0091b9ea9c64e (patch) | |
tree | 6d0bd45a6d2080fce9223ae252f5c93782418dd7 /module/spl | |
parent | af6507930051e9ee481cad1130df84636c4a770c (diff) |
Restrict kstats and print real pointers
There are several places where we use zfs_dbgmsg and %p to
print pointers. In the Linux kernel, these values obfuscated
to prevent information leaks which means the pointers aren't
very useful for debugging crash dumps. We decided to restrict
the permissions of dbgmsg (and some other kstats while we were
at it) and print pointers with %px in zfs_dbgmsg as well as
spl_dumpstack
Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: John Gallagher <[email protected]>
Signed-off-by: sara hartse <[email protected]>
Closes #8467
Closes #8476
Diffstat (limited to 'module/spl')
-rw-r--r-- | module/spl/spl-kstat.c | 14 | ||||
-rw-r--r-- | module/spl/spl-procfs-list.c | 3 |
2 files changed, 13 insertions, 4 deletions
diff --git a/module/spl/spl-kstat.c b/module/spl/spl-kstat.c index 7207a35e0..feff31e6c 100644 --- a/module/spl/spl-kstat.c +++ b/module/spl/spl-kstat.c @@ -659,7 +659,7 @@ kstat_detect_collision(kstat_proc_entry_t *kpep) * kstat. */ void -kstat_proc_entry_install(kstat_proc_entry_t *kpep, +kstat_proc_entry_install(kstat_proc_entry_t *kpep, mode_t mode, const struct file_operations *file_ops, void *data) { kstat_module_t *module; @@ -693,7 +693,7 @@ kstat_proc_entry_install(kstat_proc_entry_t *kpep, list_add_tail(&kpep->kpe_list, &module->ksm_kstat_list); kpep->kpe_owner = module; - kpep->kpe_proc = proc_create_data(kpep->kpe_name, 0644, + kpep->kpe_proc = proc_create_data(kpep->kpe_name, mode, module->ksm_proc, file_ops, data); if (kpep->kpe_proc == NULL) { list_del_init(&kpep->kpe_list); @@ -710,7 +710,15 @@ void __kstat_install(kstat_t *ksp) { ASSERT(ksp); - kstat_proc_entry_install(&ksp->ks_proc, &proc_kstat_operations, ksp); + mode_t mode; + /* Specify permission modes for different kstats */ + if (strncmp(ksp->ks_proc.kpe_name, "dbufs", KSTAT_STRLEN) == 0) { + mode = 0600; + } else { + mode = 0644; + } + kstat_proc_entry_install( + &ksp->ks_proc, mode, &proc_kstat_operations, ksp); } EXPORT_SYMBOL(__kstat_install); diff --git a/module/spl/spl-procfs-list.c b/module/spl/spl-procfs-list.c index 4902e0a56..f6a00da5c 100644 --- a/module/spl/spl-procfs-list.c +++ b/module/spl/spl-procfs-list.c @@ -201,6 +201,7 @@ static struct file_operations procfs_list_operations = { void procfs_list_install(const char *module, const char *name, + mode_t mode, procfs_list_t *procfs_list, int (*show)(struct seq_file *f, void *p), int (*show_header)(struct seq_file *f), @@ -218,7 +219,7 @@ procfs_list_install(const char *module, procfs_list->pl_node_offset = procfs_list_node_off; kstat_proc_entry_init(&procfs_list->pl_kstat_entry, module, name); - kstat_proc_entry_install(&procfs_list->pl_kstat_entry, + kstat_proc_entry_install(&procfs_list->pl_kstat_entry, mode, &procfs_list_operations, procfs_list); } EXPORT_SYMBOL(procfs_list_install); |