Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Apr 2019 10:14:45 +0000
From: "Reshetova, Elena" <elena.reshetova@...el.com>
To: Kees Cook <keescook@...omium.org>
CC: Andy Lutomirski <luto@...nel.org>, Kernel Hardening
	<kernel-hardening@...ts.openwall.com>, Andy Lutomirski <luto@...capital.net>,
	Josh Poimboeuf <jpoimboe@...hat.com>, Jann Horn <jannh@...gle.com>, "Perla,
 Enrico" <enrico.perla@...el.com>, Ingo Molnar <mingo@...hat.com>, "Borislav
 Petkov" <bp@...en8.de>, Thomas Gleixner <tglx@...utronix.de>, Peter Zijlstra
	<peterz@...radead.org>, Greg KH <gregkh@...uxfoundation.org>
Subject: RE: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon
 syscall

> On Thu, Apr 4, 2019 at 4:41 AM Reshetova, Elena
> <elena.reshetova@...el.com> wrote:
> > What I still don't fully understand here (due to my little knowledge of
> > compilers) and afraid of is that the asm code that alloca generates (see my version)
> > and the alignment might differ on the different targets, etc.
> 
> I guess it's possible, but for x86_64, since appears to be consistent.

So, yes, I double checked this now with just printing all possible offsets I get for rsp
from do_syscall_64, it is indeed 33 different offsets, so it is indeed more like 5 bits of entropy. 
We can increase it, if we want and people are ok with losing a bit more stack space. 
 
> 
> > If you tried it on yours, can you send me the asm code that it produced for you?
> > Is it different from mine?
> 
> You can compare compiler outputs here. Here's gcc vs clang for this code:
> https://godbolt.org/z/WJSbN8
> You can adjust compiler versions, etc.

Oh, this is handy! Thank you for the link! 


So, should I resend to lkml (with some cosmetic fixes) or how to proceed with this?
I will also update the randomness bit info. 

Best Regards,
Elena.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.