Date: Sat, 9 Dec 2017 00:54:21 +0300 From: Alexander Popov <alex.popov@...ux.com> To: Peter Zijlstra <peterz@...radead.org> Cc: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>, Tycho Andersen <tycho@...ho.ws>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Borislav Petkov <bp@...en8.de>, Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>, x86@...nel.org Subject: Re: [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls Hello Peter, On 08.12.2017 14:44, Peter Zijlstra wrote: > On Wed, Dec 06, 2017 at 02:33:42AM +0300, Alexander Popov wrote: >> The STACKLEAK feature erases the kernel stack before returning from >> syscalls. That reduces the information which kernel stack leak bugs can >> reveal and blocks some uninitialized stack variable attacks. Moreover, >> STACKLEAK provides runtime checks for kernel stack overflow detection. >> >> This commit introduces the architecture-specific code filling the used >> part of the kernel stack with a poison value before returning to the >> userspace. Full STACKLEAK feature also contains the gcc plugin which >> comes in a separate commit. > > Have you looked at the entry rework in this series: > > https://firstname.lastname@example.org Thanks for the link. I briefly looked through WIP.x86/pti branch. Should I rebase STACKLEAK patch series onto it? Although I don't fully understand some of the commits, I can suppose that STACKLEAK stack erasing must be modified because of this trampoline stack introduction: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=WIP.x86/pti&id=813b4125a835f2eb9aa6fb08dac0bc8eeadd69a1 Am I right? Are there other changes which I should consider? May I also ask for your feedback on this version of the STACKLEAK patch series? Thanks! Best regards, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.