Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 22 Jun 2018 11:58:00 -0700
From: Laura Abbott <labbott@...hat.com>
To: Alexander Popov <alex.popov@...ux.com>,
 kernel-hardening@...ts.openwall.com, Kees Cook <keescook@...omium.org>,
 PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>,
 Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>,
 Tycho Andersen <tycho@...ho.ws>, Mark Rutland <mark.rutland@....com>,
 Ard Biesheuvel <ard.biesheuvel@...aro.org>, Borislav Petkov <bp@...en8.de>,
 Richard Sandiford <richard.sandiford@....com>,
 Thomas Gleixner <tglx@...utronix.de>, "H . Peter Anvin" <hpa@...or.com>,
 Peter Zijlstra <a.p.zijlstra@...llo.nl>, "Dmitry V . Levin"
 <ldv@...linux.org>, Emese Revfy <re.emese@...il.com>,
 Jonathan Corbet <corbet@....net>, Andrey Ryabinin <aryabinin@...tuozzo.com>,
 "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
 Thomas Garnier <thgarnie@...gle.com>,
 Andrew Morton <akpm@...ux-foundation.org>,
 Alexei Starovoitov <ast@...nel.org>, Josef Bacik <jbacik@...com>,
 Masami Hiramatsu <mhiramat@...nel.org>, Nicholas Piggin <npiggin@...il.com>,
 Al Viro <viro@...iv.linux.org.uk>, "David S . Miller" <davem@...emloft.net>,
 Ding Tianhong <dingtianhong@...wei.com>, David Woodhouse
 <dwmw@...zon.co.uk>, Josh Poimboeuf <jpoimboe@...hat.com>,
 Steven Rostedt <rostedt@...dmis.org>,
 Dominik Brodowski <linux@...inikbrodowski.net>,
 Juergen Gross <jgross@...e.com>,
 Linus Torvalds <torvalds@...ux-foundation.org>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Dan Williams <dan.j.williams@...el.com>,
 Dave Hansen <dave.hansen@...ux.intel.com>,
 Mathias Krause <minipli@...glemail.com>,
 Vikas Shivappa <vikas.shivappa@...ux.intel.com>, Kyle Huey
 <me@...ehuey.com>, Dmitry Safonov <dsafonov@...tuozzo.com>,
 Will Deacon <will.deacon@....com>, Arnd Bergmann <arnd@...db.de>,
 Florian Weimer <fweimer@...hat.com>,
 Boris Lukashev <blukashev@...pervictus.com>,
 Andrey Konovalov <andreyknvl@...gle.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v13 (resend) 2/6] x86/entry: Add STACKLEAK erasing the
 kernel stack at the end of syscalls

On 06/22/2018 09:58 AM, Alexander Popov wrote:
> +	/*
> +	 * Now write the poison value to the kernel stack. Start from
> +	 * 'kstack_ptr' and move up till the new 'boundary'. We assume that
> +	 * the stack pointer doesn't change when we write poison.
> +	 */
> +	if (on_thread_stack())
> +		boundary = current_stack_pointer;
> +	else
> +		boundary = current_top_of_stack();
> +
> +	BUG_ON(boundary - kstack_ptr >= THREAD_SIZE);
> +
> +	while (kstack_ptr < boundary) {
> +		*(unsigned long *)kstack_ptr = STACKLEAK_POISON;
> +		kstack_ptr += sizeof(unsigned long);
> +	}
> +
> +	/* Reset the 'lowest_stack' value for the next syscall */
> +	current->lowest_stack = current_top_of_stack() - THREAD_SIZE / 64;

on_thread_stack() and current_top_of_stack() are x86 only
functions currently defined in asm/processor.h. There are
similar functions in arch/arm64/include/asm/stacktrace.h
which I think I can use to build those functions. Should
I just throw the arm64 versions in processor.h or do
we want to consider abstracting these into something like
asm/stackleak.h? I'd like to know a direction before I
start ripping apart stacktrace.h.

Thanks,
Laura

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.