Date: Wed, 4 Oct 2017 16:31:20 -0700 From: Kees Cook <keescook@...omium.org> To: Alexander Popov <alex.popov@...ux.com> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Tycho Andersen <tycho@...ker.com>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Andy Lutomirski <luto@...capital.net>, "x86@...nel.org" <x86@...nel.org> Subject: Re: [PATCH RFC v4 1/3] gcc-plugins: Add STACKLEAK erasing the kernel stack at the end of syscalls On Wed, Oct 4, 2017 at 3:55 PM, Alexander Popov <alex.popov@...ux.com> wrote: > The STACKLEAK feature erases the kernel stack before returning from > syscalls. That reduces the information which a kernel stack leak bug can > reveal and blocks some uninitialized stack variable attacks. Moreover, > STACKLEAK provides runtime checks for kernel stack overflow detection. > > This feature consists of: > - the architecture-specific code filling the used part of the kernel > stack with a poison value before returning to the userspace; > - the STACKLEAK gcc plugin. It instruments the kernel code inserting > the track_stack() call for tracking the lowest border of the kernel > stack and check_alloca() call for checking alloca size. > > The STACKLEAK feature is ported from grsecurity/PaX. More information at: > https://grsecurity.net/ > https://pax.grsecurity.net/ > > This code is modified from Brad Spengler/PaX Team's code in the last > public patch of grsecurity/PaX based on our understanding of the code. > Changes or omissions from the original code are ours and don't reflect > the original grsecurity/PaX code. > > Signed-off-by: Alexander Popov <alex.popov@...ux.com> Thanks for the continuing work on this! If I can get some review from Andy or other x86 folks, I'd appreciate it. If they're happy, I'll add this to the gcc-plugins tree... -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.