Date: Fri, 8 Dec 2017 12:44:31 +0100 From: Peter Zijlstra <peterz@...radead.org> To: Alexander Popov <alex.popov@...ux.com> Cc: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>, Tycho Andersen <tycho@...ho.ws>, Laura Abbott <labbott@...hat.com>, Mark Rutland <mark.rutland@....com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Borislav Petkov <bp@...en8.de>, Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>, x86@...nel.org Subject: Re: [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls On Wed, Dec 06, 2017 at 02:33:42AM +0300, Alexander Popov wrote: > The STACKLEAK feature erases the kernel stack before returning from > syscalls. That reduces the information which kernel stack leak bugs can > reveal and blocks some uninitialized stack variable attacks. Moreover, > STACKLEAK provides runtime checks for kernel stack overflow detection. > > This commit introduces the architecture-specific code filling the used > part of the kernel stack with a poison value before returning to the > userspace. Full STACKLEAK feature also contains the gcc plugin which > comes in a separate commit. Have you looked at the entry rework in this series: https://firstname.lastname@example.org
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.