Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Jan 2018 17:19:26 +0300
From: Alexander Popov <>
	Kees Cook <>,
	PaX Team <>,
	Brad Spengler <>,
	Ingo Molnar <>,
	Andy Lutomirski <>,
	Tycho Andersen <>,
	Laura Abbott <>,
	Mark Rutland <>,
	Ard Biesheuvel <>,
	Borislav Petkov <>,
	Thomas Gleixner <>,
	"H . Peter Anvin" <>,
	Peter Zijlstra <>,
	"Dmitry V . Levin" <>,,
Subject: [PATCH RFC v7 3/6] x86/entry: Erase kernel stack in syscall_trace_enter()

Make STACKLEAK erase kernel stack after ptrace/seccomp/auditing
not to leave any sensitive information on the stack for the syscall code.

This code is modified from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on our understanding of the code.
Changes or omissions from the original code are ours and don't reflect
the original grsecurity/PaX code.

Signed-off-by: Alexander Popov <>
 arch/x86/entry/common.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index d7d3cc2..cd38727 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -45,6 +45,12 @@ __visible inline void enter_from_user_mode(void)
 static inline void enter_from_user_mode(void) {}
+asmlinkage void erase_kstack(void);
+static void erase_kstack(void) {}
 static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
 #ifdef CONFIG_X86_64
@@ -127,6 +133,7 @@ static long syscall_trace_enter(struct pt_regs *regs)
 	do_audit_syscall_entry(regs, arch);
+	erase_kstack();
 	return ret ?: regs->orig_ax;

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.