Linux kernel < 4.14.111 drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c kernel address dumps to user space

[Fuqian Huang <huangfq.daxian () gmail com>]

In drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c:320
ppm_destory will dump the address of ppm into dmesg,
which allows local user to read the kernel address via dmesg.
static void ppm_destroy(struct kref *kref)
{
    ...
    pr_info("ippm: kref 0, destroy %s ppm 0x%p.\n",
        ppm->ndev->name, ppm);
    ...
}

In drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c:396
and drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c:458
and drivers/net/ethernet/chelsio/libcxgb/libcxgb_ppm.c:468,
cxgbi_ppm_init will dump the address of ppm into dmesg,
which allows local user to read the kernel address via dmesg.
int cxgbi_ppm_init(void **ppm_pp, struct net_device *ndev,
           struct pci_dev *pdev, void *lldev,
           struct cxgbi_tag_format *tformat,
           unsigned int ppmax,
           unsigned int llimit,
           unsigned int start,
           unsigned int reserve_factor)
{
    ...
    if (ppm) {
        pr_info("ippm: %s, ppm 0x%p,0x%p already initialized, %u/%u.\n",
            ndev->name, ppm_pp, ppm, ppm->ppmax, ppmax);
        kref_get(&ppm->refcnt);
        return 1;
    }
    ...
    if (*ppm_pp) {
        ...
        pr_info("ippm: %s, ppm 0x%p,0x%p already initialized, %u/%u.\n",
            ndev->name, ppm_pp, *ppm_pp, ppm->ppmax, ppmax);

        kref_get(&ppm->refcnt);
        return 1;
    }
    ...
    pr_info("ippm %s: ppm 0x%p, 0x%p, base %u/%u, pg %lu,%u, rsvd %u,%u.\n",
        ndev->name, ppm_pp, ppm, ppm->base_idx, ppm->ppmax, PAGE_SIZE,
        ppm->tformat.pgsz_idx_dflt, ppm->pool_rsvd,
        ppm->pool_index_max);
    ...
}