Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Jul 2017 19:45:21 -0700
From: Kees Cook <keescook@...omium.org>
To: Hans Liljestrand <liljestrandh@...il.com>
Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, 
	"Reshetova, Elena" <elena.reshetova@...el.com>, Dave Hansen <dave.hansen@...el.com>, 
	"H. Peter Anvin" <hpa@...or.com>, Daniel Micay <danielmicay@...il.com>
Subject: Re: [RFC PATCH 3/5] x86: add mpxk-wrappers

On Mon, Jul 24, 2017 at 6:38 AM, Hans Liljestrand
<liljestrandh@...il.com> wrote:
> This adds actual implementation for mpxk-wrapper functions. The wrapper
> function are used by the instrumentation to update and check pointer bounds
> on functions that alter memory, e.g. kmalloc and memcpy. The kmalloc
> wrapper function for instance simply executes kmalloc, associates bounds
> with the returned pointer, and returns both. Other wrapper functions, such
> as for memcpy, also check the bounds of incoming arguments.
>
> For future work these wrappers could potentially be replaced by direct
> instrumentation without the need to incur the cost of calling the wrapper
> function. In this scenario every kmalloc would simply be preceded by an
> appropriate mkbnd instruction, and memcpy preceded by bndcu+bndcl
> instructions.
>
> The wrappers are added by the MPXK gcc-plugin, and as such work on
> preprocessed code. This introduces another problem with our
> implementation since macros might actually be used to direct "base
> functions" into specific implementations (e.g. memcpy might be a macro
> pointing to __memcpy). One solution is covering all possibilities, but
> this might introduce unwanted code bloat.

I'd be curious to see how (if?) this interacts with CONFIG_FORTIFY. It
seems that currently the MPXK checks would be similar to the
inter-object checks as they exist (e.g. checking the size of the whole
kmalloc allocation), but it wouldn't work on intra-object copies (i.e.
bounds checking a field within an object).

More directly, I'd be curious to see coverage and performance
comparisons between FORTIFY and MPXK.

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.