Date: Wed, 31 Mar 2021 13:54:52 -0700 From: Kees Cook <keescook@...omium.org> To: Will Deacon <will@...nel.org> Cc: Kees Cook <keescook@...omium.org>, Catalin Marinas <catalin.marinas@....com>, Mark Rutland <mark.rutland@....com>, Thomas Gleixner <tglx@...utronix.de>, Elena Reshetova <elena.reshetova@...el.com>, x86@...nel.org, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Alexander Potapenko <glider@...gle.com>, Alexander Popov <alex.popov@...ux.com>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, Jann Horn <jannh@...gle.com>, Vlastimil Babka <vbabka@...e.cz>, David Hildenbrand <david@...hat.com>, Mike Rapoport <rppt@...ux.ibm.com>, Andrew Morton <akpm@...ux-foundation.org>, Jonathan Corbet <corbet@....net>, Randy Dunlap <rdunlap@...radead.org>, kernel-hardening@...ts.openwall.com, linux-hardening@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org Subject: [PATCH v9 0/6] Optionally randomize kernel stack offset each syscall Hi Will (and Mark and Catalin), Can you take this via the arm64 tree for v5.13 please? Thomas has added his Reviewed-by, so it only leaves arm64's. :) v9: - comment position nit (tglx) - Added tglx's Reviewed-by v8: https://firstname.lastname@example.org/ v7: https://email@example.com/ v6: https://firstname.lastname@example.org/ v5: https://email@example.com/ v4: https://firstname.lastname@example.org/ v3: https://email@example.com/ v2: https://firstname.lastname@example.org/ rfc: https://email@example.com/ This is a continuation and refactoring of Elena's earlier effort to add kernel stack base offset randomization. In the time since the earlier discussions, two attacks were made public that depended on stack determinism, so we're no longer in the position of "this is a good idea but we have no examples of attacks". :) Earlier discussions also devolved into debates on entropy sources, which is mostly a red herring, given the already low entropy available due to stack size. Regardless, entropy can be changed/improved separately from this series as needed. Earlier discussions also got stuck debating how much syscall overhead was too much, but this is also a red herring since the feature itself needs to be selectable at boot with no cost for those that don't want it: this is solved here with static branches. So, here is the latest improved version, made as arch-agnostic as possible, with usage added for x86 and arm64. It also includes some small static branch clean ups, and addresses some surprise performance issues due to the stack canary. Thanks! -Kees  https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html  https://repositorio-aberto.up.pt/bitstream/10216/125357/2/374717.pdf  https://lore.kernel.org/lkml/202003281520.A9BFF461@keescook/ Kees Cook (6): jump_label: Provide CONFIG-driven build state defaults init_on_alloc: Optimize static branches stack: Optionally randomize kernel stack offset each syscall x86/entry: Enable random_kstack_offset support arm64: entry: Enable random_kstack_offset support lkdtm: Add REPORT_STACK for checking stack offsets .../admin-guide/kernel-parameters.txt | 11 ++++ Makefile | 4 ++ arch/Kconfig | 23 ++++++++ arch/arm64/Kconfig | 1 + arch/arm64/kernel/Makefile | 5 ++ arch/arm64/kernel/syscall.c | 16 ++++++ arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 3 ++ arch/x86/include/asm/entry-common.h | 16 ++++++ drivers/misc/lkdtm/bugs.c | 17 ++++++ drivers/misc/lkdtm/core.c | 1 + drivers/misc/lkdtm/lkdtm.h | 1 + include/linux/jump_label.h | 19 +++++++ include/linux/mm.h | 10 ++-- include/linux/randomize_kstack.h | 54 +++++++++++++++++++ init/main.c | 23 ++++++++ mm/page_alloc.c | 4 +- mm/slab.h | 6 ++- 18 files changed, 207 insertions(+), 8 deletions(-) create mode 100644 include/linux/randomize_kstack.h -- 2.25.1
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.