Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Dec 2017 10:26:45 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Alexander Popov <alex.popov@...ux.com>
Cc: kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>,
	PaX Team <pageexec@...email.hu>,
	Brad Spengler <spender@...ecurity.net>,
	Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>,
	Tycho Andersen <tycho@...ho.ws>, Laura Abbott <labbott@...hat.com>,
	Mark Rutland <mark.rutland@....com>,
	Ard Biesheuvel <ard.biesheuvel@...aro.org>,
	Borislav Petkov <bp@...en8.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	"H . Peter Anvin" <hpa@...or.com>, x86@...nel.org
Subject: Re: [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel
 stack at the end of syscalls

On Sat, Dec 09, 2017 at 12:54:21AM +0300, Alexander Popov wrote:
> Hello Peter,
> 
> On 08.12.2017 14:44, Peter Zijlstra wrote:
> > On Wed, Dec 06, 2017 at 02:33:42AM +0300, Alexander Popov wrote:
> >> The STACKLEAK feature erases the kernel stack before returning from
> >> syscalls. That reduces the information which kernel stack leak bugs can
> >> reveal and blocks some uninitialized stack variable attacks. Moreover,
> >> STACKLEAK provides runtime checks for kernel stack overflow detection.
> >>
> >> This commit introduces the architecture-specific code filling the used
> >> part of the kernel stack with a poison value before returning to the
> >> userspace. Full STACKLEAK feature also contains the gcc plugin which
> >> comes in a separate commit.
> > 
> > Have you looked at the entry rework in this series:
> > 
> >   https://lkml.kernel.org/r/20171204140706.296109558@linutronix.de
> 
> Thanks for the link. I briefly looked through WIP.x86/pti branch. Should I
> rebase STACKLEAK patch series onto it?

Probably a good idea; the tail end of that series is still somewhat in
flux but the entry rework is fairly stable at this point.

> Although I don't fully understand some of the commits, I can suppose that
> STACKLEAK stack erasing must be modified because of this trampoline stack
> introduction:
> https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=WIP.x86/pti&id=813b4125a835f2eb9aa6fb08dac0bc8eeadd69a1
> 
> Am I right? Are there other changes which I should consider?

You're right; the trampoline stack is what I was thinking of. You can
run the erase thing when we're on the trampoline back out.

> May I also ask for your feedback on this version of the STACKLEAK patch series?

I meant to have a look, but have not yet found the time for it, its on
the todo list.

Thanks!

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.