Linux kernel < 4.14.111 drivers/message/fusion/mptbase.c kernel address dumps to user space

[Fuqian Huang <huangfq.daxian () gmail com>]

In drivers/message/fusion/mptbase.c:2150,
mpt_suspend will dump the address of dev into dmesg,
the address of pdev is printed to user space.
int
mpt_suspend(struct pci_dev *pdev, pm_message_t state)
{
    ...
    printk(MYIOC_s_INFO_FMT "pci-suspend: pdev=0x%p, slot=%s, Entering "
        "operating state [D%d]\n", ioc->name, pdev, pci_name(pdev),
        device_state);
    ...
}

In drivers/message/fusion/mptbase.c:2191,
mpt_resume will dump the address of dev into dmesg,
the address of pdev is printed to user space.
int
mpt_resume(struct pci_dev *pdev)
{
    ...
    printk(MYIOC_s_INFO_FMT "pci-resume: pdev=0x%p, slot=%s, Previous "
        "operating state [D%d]\n", ioc->name, pdev, pci_name(pdev),
        device_state);
    ...
}

In drivers/message/fusion/mptbase.c:6749
and drivers/message/fusion/mptbase.c:6762,
mpt_iocinfo_proc_show will dump the address of req_frames/alloc into procfs,
which allows local user to read the kernel address via /proc/mpt/info

static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
{
    ...
    seq_printf(m, "  RequestFrames @ 0x%p (Dma @ 0x%p)\n",
                    (void *)ioc->req_frames, (void
*)(ulong)ioc->req_frames_dma);
    ...
    seq_printf(m, "  Frames   @ 0x%p (Dma @ 0x%p)\n",
                    (void *)ioc->alloc, (void *)(ulong)ioc->alloc_dma);
    ...
}