Bug 111 - There maybe some risks to printf the addr of the map page
Summary: There maybe some risks to printf the addr of the map page
Status: UNCONFIRMED
Alias: None
Product: DPDK
Classification: Unclassified
Component: ethdev (show other bugs)
Version: 17.11
Hardware: All All
: Normal normal
Target Milestone: ---
Assignee: Gaetan Rivet
URL:
Depends on:
Blocks:
 
Reported: 2018-11-27 13:35 CET by andy01011501
Modified: 2023-12-15 04:52 CET (History)
2 users (show)


Attachments
Add an attachment (proposed patch, testcase, etc.)

Description andy01011501 2018-11-27 13:35:24 CET 
In the funtion pci_unmap_resource,the requested_addr will be print and this may cause some risks like the code below:

void pci_unmap_resource(void *requested_addr, size_t size)
{
	if (requested_addr == NULL)
		return;

	/* Unmap the PCI memory resource of device */
	if (munmap(requested_addr, size)) {
		RTE_LOG(ERR, EAL, "%s(): cannot munmap(%p, 0x%lx): %s\n",
			__func__, requested_addr, (unsigned long)size,
			strerror(errno));
	} else
		RTE_LOG(DEBUG, EAL, "  PCI memory unmapped at %p\n",
				requested_addr);
}
Comment 1 Ajit Khaparde 2018-11-27 22:49:37 CET 
Gaetan,
Can you please take a look?

Thanks
Ajit
Comment 2 Gaetan Rivet 2018-11-30 11:25:26 CET 
Hi,

Andy could you please be more specific? What risk do you see?

As I see it, the DPDK application is run with the right to map addresses exposed by *IO drivers. A user having the right to see the DPDK app logs would have the same rights to discover those mappings directly from *IO.
Comment 3 andy01011501 2018-12-05 08:17:26 CET 
Hi Gaetan,
    I don't think it is a good idea to expose the address in the log,but it is just a risk,we can ignore it.
Comment 4 Stephen Hemminger 2023-12-15 04:52:43 CET 
The issue is that logged messages go to syslog, and there maybe malware that has access to syslog and can use the that message to find addresses for other damage.
Note You need to log in before you can comment on or make changes to this bug.