Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752257AbdHPT31 (ORCPT <rfc822;w@1wt.eu>);
        Wed, 16 Aug 2017 15:29:27 -0400
Received: from mail-it0-f49.google.com ([209.85.214.49]:37133 "EHLO
        mail-it0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751678AbdHPT30 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 16 Aug 2017 15:29:26 -0400
MIME-Version: 1.0
In-Reply-To: <20170816190906.11098-1-labbott@redhat.com>
References: <20170816190906.11098-1-labbott@redhat.com>
From: Kees Cook <keescook@chromium.org>
Date: Wed, 16 Aug 2017 12:29:24 -0700
X-Google-Sender-Auth: 7rPhzVh7mpMDiptjINGW-kJwpSM
Message-ID: <CAGXu5jJg-KLk0UyhiqV_SMT7MF5_FHjHXSj8oU8WHuKhBCxwvA@mail.gmail.com>
Subject: Re: [PATCH] init: Move stack canary initialization after setup_arch
To: Laura Abbott <labbott@redhat.com>
Cc: Laura Abbott <lauraa@codeaurora.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 2194
Lines: 72

On Wed, Aug 16, 2017 at 12:09 PM, Laura Abbott <labbott@redhat.com> wrote:
> From: Laura Abbott <lauraa@codeaurora.org>
>
> Stack canary intialization involves getting a random number.
> Getting this random number may involve accessing caches or other
> architectural specific features which are not available until
> after the architecture is setup. Move the stack canary initialization
> later to accomodate this.
>
> Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
> Signed-off-by: Laura Abbott <labbott@redhat.com>
> ---
> This was a patch I did a while ago as part of some out of tree work to make the
> stack canary randomized on arm. The overall work didn't really go anywhere
> but there is interest in this part for other approaches to adding randomeness.
>
> I can re-send with more Cc for anyone else who might have opinions.

Combined with adding the kernel cmdline to entropy, this would be
desirable. This should probably go via -mm (as far a CCs go).

> ---
>  init/main.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/init/main.c b/init/main.c
> index 052481fbe363..c71c4451094c 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -515,11 +515,7 @@ asmlinkage __visible void __init start_kernel(void)
>         smp_setup_processor_id();
>         debug_objects_early_init();
>
> -       /*
> -        * Set up the initial canary ASAP:
> -        */
>         add_latent_entropy();
> -       boot_init_stack_canary();

Please move the entropy call too, since that should be just before the
stack canary initialization (in an effort to gather as much as
possible).

>
>         cgroup_init_early();
>
> @@ -534,6 +530,10 @@ asmlinkage __visible void __init start_kernel(void)
>         page_address_init();
>         pr_notice("%s", linux_banner);
>         setup_arch(&command_line);
> +       /*
> +        * Set up the the initial canary ASAP:

Maybe change "ASAP" to "after reasonable entropy has been gathered"

> +        */
> +       boot_init_stack_canary();
>         mm_init_cpumask(&init_mm);
>         setup_command_line(command_line);
>         setup_nr_cpu_ids();
> --
> 2.13.0
>

Thanks!

-Kees


-- 
Kees Cook
Pixel Security