On Fri, Apr 6, 2018 at 7:22 AM, Alexander Popov <[email protected]> wrote:
> This commit introduces the architecture-specific code filling the used
> part of the kernel stack with a poison value before returning to the
> userspace. Full STACKLEAK feature also contains the gcc plugin which
> comes in a separate commit.
Thanks for sending this again! And thanks for the updated reasoning
for why this remains a valuable addition:
https://lkml.kernel.org/r/[email protected]
I, too, remain convinced this is a good protection to have, even as we
slowly remove VLAs and try to improve the compiler's initialization of
stack variables.
Dave, Ingo, Linus: how does this look? With the assembly rewritten
into C, the entry changes are very small:
> arch/x86/entry/entry_32.S | 7 ++++++
> arch/x86/entry/entry_64.S | 3 +++
> arch/x86/entry/entry_64_compat.S | 5 ++++
> arch/x86/entry/erase.c | 54 ++++++++++++++++++++++++++++++++++++++++
I'd really like to get people's Ack/Review. :)
Laura, can this C version work for arm64 as well?
Thanks,
-Kees
--
Kees Cook
Pixel Security
On 04/16/2018 11:29 AM, Kees Cook wrote:
> On Fri, Apr 6, 2018 at 7:22 AM, Alexander Popov <[email protected]> wrote:
>> This commit introduces the architecture-specific code filling the used
>> part of the kernel stack with a poison value before returning to the
>> userspace. Full STACKLEAK feature also contains the gcc plugin which
>> comes in a separate commit.
>
> Thanks for sending this again! And thanks for the updated reasoning
> for why this remains a valuable addition:
>
> https://lkml.kernel.org/r/[email protected]
>
> I, too, remain convinced this is a good protection to have, even as we
> slowly remove VLAs and try to improve the compiler's initialization of
> stack variables.
>
> Dave, Ingo, Linus: how does this look? With the assembly rewritten
> into C, the entry changes are very small:
>
>> arch/x86/entry/entry_32.S | 7 ++++++
>> arch/x86/entry/entry_64.S | 3 +++
>> arch/x86/entry/entry_64_compat.S | 5 ++++
>> arch/x86/entry/erase.c | 54 ++++++++++++++++++++++++++++++++++++++++
>
> I'd really like to get people's Ack/Review. :)
>
> Laura, can this C version work for arm64 as well?
>
> Thanks,
>
> -Kees
>
I did a quick port and it seems to work on a minimal system
(passes LKDTM tests). I'll clean it up and do a few more
tests to send out and see about give this series another
review.
Thanks,
Laura
On 04/16/2018 11:29 AM, Kees Cook wrote:
> Dave, Ingo, Linus: how does this look? With the assembly rewritten
> into C, the entry changes are very small:
The assembly looks very nice to me now. It is as minimally invasive as
it can get. Definitely no objections from me on that part.