Date: Mon, 6 Aug 2018 12:07:48 +0200 From: Florian Weimer <fweimer@...hat.com> To: Ard Biesheuvel <ard.biesheuvel@...aro.org>, kernel-hardening@...ts.openwall.com Cc: keescook@...omium.org, christoffer.dall@....com, will.deacon@....com, catalin.marinas@....com, mark.rutland@....com, labbott@...oraproject.org, linux-arm-kernel@...ts.infradead.org Subject: Re: [RFC/PoC PATCH 0/3] arm64: basic ROP mitigation On 08/02/2018 03:21 PM, Ard Biesheuvel wrote: > The idea is that we can significantly limit the kernel's attack surface > for ROP based attacks by clearing the stack pointer's sign bit before > returning from a function, and setting it again right after proceeding > from the [expected] return address. This should make it much more difficult > to return to arbitrary gadgets, given that they rely on being chained to > the next via a return address popped off the stack, and this is difficult > when the stack pointer is invalid. Doesn't this break stack unwinding? Thanks, Florian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.