Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4745048yba; Wed, 10 Apr 2019 04:08:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqzrzQD/NIszruXhG5pTT7dSIJUjynZ/V0mAfLN3goRxh3HMcvX4NXDzpyjvsYtmvriaTXca X-Received: by 2002:a63:6f0a:: with SMTP id k10mr39462798pgc.78.1554894533474; Wed, 10 Apr 2019 04:08:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554894533; cv=none; d=google.com; s=arc-20160816; b=mmxU3GS4/t9rlZThrw7cMmF+mWcyTPdVFXhi78PmC564rU8fOq7bswth1TZZLdd8TY fsCI0Fs9EK/SV//orehCrtHEXcDjXTUFP5UiLNWW4Te+EuvzeX/xUa+cnI0Czbs+N9K3 0koigQeUGWDlnkKF0yNcMjbac6Cmv8k1WgV4TMhzBfINxrxHkmOcfh1hKM3yBCalnrkl /u+DYwpjWus13y94VnGzA+3yZWQC+WF4UTaAZa6PAuT7vVJab69inTjRed0LZW3vzmYO tR6yBm2Urv9OswW4ifvE6EIP8XYGmF4X9zKb68JZUQkEdVUFylQdIlQ24X6SRcMylocM pSzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:content-transfer-encoding :dlp-reaction:dlp-version:dlp-product:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from; bh=UGz4g67TlSOW7PI6HOWCtDwtM4f5bzfLkRsbGZ8lM1E=; b=hOStPH3wOxKGsmuRodv2t2IPpXA9EqEhSSN6xCCiIvNYLNZklSOlkrqMp8wC3g9azE oSqtqd/M4ConYyl+0z6iTzZfrVX3oOyEEz575K2NUOf1ZV4jOHb23Mg8bqG4xjWTOSAL OcpI5W9o+YpWAmwxlQCOw1/027dATuinmrV9GilItdrhcL5Jrp1Jyr8jVg4ffyVXZeJ8 qyUuLxbR0VJyUznax8ju5FHMI1Kuhb6ow7ErR6fjKam2QopyuhIKGx5i0A7MoAL5v3F0 /uv1FuvgXsFC1LxAxfEktXgvEscx8ii8GajUZmC/YdB+V+L4uHN50rfVCtk+QphSQ/qn K2nQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j7si29969553pfb.75.2019.04.10.04.08.37; Wed, 10 Apr 2019 04:08:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730505AbfDJKYq convert rfc822-to-8bit (ORCPT + 99 others); Wed, 10 Apr 2019 06:24:46 -0400 Received: from mga02.intel.com ([134.134.136.20]:41505 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727943AbfDJKYp (ORCPT ); Wed, 10 Apr 2019 06:24:45 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Apr 2019 03:24:43 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.60,332,1549958400"; d="scan'208";a="134524868" Received: from irsmsx107.ger.corp.intel.com ([163.33.3.99]) by orsmga006.jf.intel.com with ESMTP; 10 Apr 2019 03:24:40 -0700 Received: from irsmsx102.ger.corp.intel.com ([169.254.2.21]) by IRSMSX107.ger.corp.intel.com ([169.254.10.246]) with mapi id 14.03.0415.000; Wed, 10 Apr 2019 11:24:40 +0100 From: "Reshetova, Elena" To: "Reshetova, Elena" , Ingo Molnar , Josh Poimboeuf CC: "luto@kernel.org" , "linux-kernel@vger.kernel.org" , "luto@amacapital.net" , "keescook@chromium.org" , "jannh@google.com" , "Perla, Enrico" , "mingo@redhat.com" , "bp@alien8.de" , "tglx@linutronix.de" , "peterz@infradead.org" , "gregkh@linuxfoundation.org" Subject: RE: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall Thread-Topic: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall Thread-Index: AQHU7dJsIdze6jSaA0qMnvHjeKNle6YyJqcAgALbMACAABmnEIAAFjjg Date: Wed, 10 Apr 2019 10:24:39 +0000 Message-ID: <2236FBA76BA1254E88B949DDB74E612BA4C48B15@IRSMSX102.ger.corp.intel.com> References: <20190408061358.21288-1-elena.reshetova@intel.com> <20190408124940.hb4d2mvwue7aydjj@treble> <20190410082642.GA35032@gmail.com> <2236FBA76BA1254E88B949DDB74E612BA4C48943@IRSMSX102.ger.corp.intel.com> In-Reply-To: <2236FBA76BA1254E88B949DDB74E612BA4C48943@IRSMSX102.ger.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-version: 11.0.600.7 dlp-reaction: no-action x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMDBkZjBjNmMtODE4ZC00ZDZkLTk5Y2EtNDE2NDVkYjkzZjEwIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiM1hlb1wvMW1xa3lYSERPTXJrNnhhZHhFc3pJamdVc25KTnJaS2RwRXJhRmxQQWU4WlwvekRSQUI4YW9cLzdvV2hOKyJ9 x-originating-ip: [163.33.239.180] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8BIT MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > > On Mon, Apr 08, 2019 at 09:13:58AM +0300, Elena Reshetova wrote: > > > > diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c > > > > index 7bc105f47d21..38ddc213a5e9 100644 > > > > --- a/arch/x86/entry/common.c > > > > +++ b/arch/x86/entry/common.c > > > > @@ -35,6 +35,12 @@ > > > > #define CREATE_TRACE_POINTS > > > > #include > > > > > > > > +#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET > > > > +#include > > > > + > > > > +void *alloca(size_t size); > > > > +#endif > > > > + > > > > #ifdef CONFIG_CONTEXT_TRACKING > > > > /* Called on entry from user mode with IRQs off. */ > > > > __visible inline void enter_from_user_mode(void) > > > > @@ -273,6 +279,13 @@ __visible void do_syscall_64(unsigned long nr, struct > > pt_regs *regs) > > > > { > > > > struct thread_info *ti; > > > > > > > > +#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET > > > > + size_t offset = ((size_t)prandom_u32()) % 256; > > > > + char *ptr = alloca(offset); > > > > + > > > > + asm volatile("":"=m"(*ptr)); > > > > +#endif > > > > + > > > > enter_from_user_mode(); > > > > local_irq_enable(); > > > > ti = current_thread_info(); > > > > > > Would it make sense to also do this for the compat syscalls > > > (do_fast_syscall_32, do_int80_syscall_32)? > > > > Could someone please include the full patch, with justification and > > performance impact analysis etc.? Can only find the code part of the > > thread on lkml, which leaves out this context. > > > > Sorry, this is very weird, I cannot find it either from lkml, but it was sent there > to begin with (and as visible from reply-to headers). > > Do you want me to resent original version or with "do_fast_syscall_32, > do_int80_syscall_32" additions (I am finishing testing them now). I will resend the original x86_64 now since this is the one I tested and measured properly. The 32 bit changes seem to work fine inside my 32 bit VM, but since I don't have any real 32 bit HW, I am hesitant to send them out without real HW testing and measuring. This is the asm code for 32 bits (note it requires __builtin_alloca definition and not just alloca, so I will change the 64 bit version to use it also): #ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET size_t offset = ((size_t)prandom_u32()) % 256; 0xc10025b6 call 0xc146f7d0 0xc10025bb movzbl %al,%eax char *ptr = __builtin_alloca(offset); 0xc10025be add $0x12,%eax 0xc10025c1 and $0x1fc,%eax 0xc10025c6 sub %eax,%esp 0xc10025c8 lea 0x27(%esp),%eax 0xc10025cc and $0xfffffff0,%eax Also, the result is 47 different random offsets produced, which is slightly better than 33 offsets for x86_64. Best Regards, Elena