Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp6652017ybx; Mon, 11 Nov 2019 12:26:17 -0800 (PST) X-Google-Smtp-Source: APXvYqxQeFKO7HqA47NtOgVKw+F9nWF+UH5z2yo67e1tY1cCNoEy6HpNw3yLv/qnmUA9fzM6tuf3 X-Received: by 2002:a17:906:d795:: with SMTP id pj21mr25697598ejb.44.1573503976986; Mon, 11 Nov 2019 12:26:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573503976; cv=none; d=google.com; s=arc-20160816; b=cDYsHR7IQ96eMesFVgFeKXW48DOQxcTK0Y6rbq3m+FGVv5rRfcnoz5NI6/lM3SY/Iy HDaqHk35TzRpZWcQ6EGsqQRjbUXzUVlF/bwF6Teq1hEXoLKF1zCO2ZHtUqfU1nDXFiY6 76jSu+VAqqHbvikygP4AdK3qORtvex6cffu/8r/sxrR1/mFdS2TaZyU1aE0i0TE/rbHt +/FoIcsiqR0y8TKz9NvdVGeW7Prx1wZx2dQgxgEPcp3H1rGl7xVth7D9Db3eXXaESvAo 7Ga42i9bHOthEuhBtRltYU2uvSAiv0ptVl7O9RmjzqOBx95e6IsYJwFDjPRviXIr36g9 cLPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vOfyNjirhZJpCYD/14r+NEmeylR+17cr7FHoRrl56Eg=; b=mqTZAPHFrbGlCYqiVMkpB0y0HZBpJfXjC0E5SNqRPZrT+wHexVwVycbz6DoDBDdyFU 81D/ArrmbNLwEBWCMq5gME0Q4/gLlUbZNPu9LXo2QIbWk54tMSZrKjnlEyMVmghGIw00 bDVxD117wPhdtMs62ccZk0F8zkZ54jI3hjZOixkmJpm41v9yebUA1bHvarvTwwbpyGO+ CDI7Rlf5cv6Ph+jyJBgHQPlB21n52rmbqibk16ckRjuZ+y9/Zd1skGMWsSlSexcmcc1S D6yURNIUXF7WtbeqAa2oi90kcqwWJlV1eWXlgHBGe1HayGq5kpNSJ4B33n09DlEKon21 rDqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dWfGQJGb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id me8si10525107ejb.382.2019.11.11.12.25.53; Mon, 11 Nov 2019 12:26:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dWfGQJGb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727718AbfKKUZB (ORCPT + 99 others); Mon, 11 Nov 2019 15:25:01 -0500 Received: from mail-oi1-f196.google.com ([209.85.167.196]:33122 "EHLO mail-oi1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726877AbfKKUZB (ORCPT ); Mon, 11 Nov 2019 15:25:01 -0500 Received: by mail-oi1-f196.google.com with SMTP id m193so12687670oig.0 for ; Mon, 11 Nov 2019 12:25:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vOfyNjirhZJpCYD/14r+NEmeylR+17cr7FHoRrl56Eg=; b=dWfGQJGbeWaicejJBkwOAjX8oYfy6+0uZOeGW/ISyKeITlGByBW9LZD0ef0cBcubzE 5VowYn+IFL3EjC5xJN98eoBJ9cxZurvUFXmKGHv1gMlwUAt2IJQhnG3HCcFE4yDs3pWb XLdbPgHB58v6MJSb7XzlKSm8nHqKiutilSbBjh40Ow8IDfWkiK9Zc47coLaMutfIxTpv xiOAoKCAR3q6SIm1Xx6H30p83uuVTAoIrXdrC6aCa9jLbptNxGMx/X6uQA01wED4UyBo ad+zy/cCPRnzazbtYB2TFdfXk0pT7JRbUbwCY3lgBPQdFIOMfyQqU8r4WxBMICIuDJ57 wbYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vOfyNjirhZJpCYD/14r+NEmeylR+17cr7FHoRrl56Eg=; b=SEachN9Lv8vdewPtCXIKMywvx544UHmeOl0aFPKr4zVnucrnp5eFZCp3OPQX3BeRLP IMkTH5vwx7n2eh7tYQq3FQocmt8/6Re9sL4TA+lQOkk24DtgK835JuV0ouL3HMaIdHRS TeXlEnFE+GJeLVC/6IaiFawmCzqlBaZeOQsL7wWszBqWIDT+q7orkKVN0QptEpwW5JPm lFL4wix5vycgDxM+6OC4igoKo9GFysQTHGhiPkn5/xPEdbF24Wmr7iO9bvngD9fK6eGx iYG8asqR4Ah/5pmpQVtvlKwF5CpCnvlf53Hucn+K9UjjamiCShqdfU8zqyBpPslS907+ 0UlA== X-Gm-Message-State: APjAAAVeaQc4gHc51WOF9l4Tolj3lbXMqmhkqLFs+qVZn+SqZb2dL5QP JBrxQ1fAK04gdOIEzA7J00PW571xBkyRg7qvh5/SaQ== X-Received: by 2002:a05:6808:9a1:: with SMTP id e1mr689381oig.175.1573503899982; Mon, 11 Nov 2019 12:24:59 -0800 (PST) MIME-Version: 1.0 References: <20191107151941.dw4gtul5lrtax4se@wittgenstein> <2eb2ab4c-b177-29aa-cdc4-420b24cfd7b3@gmail.com> <20191111165800.GD7017@mit.edu> In-Reply-To: <20191111165800.GD7017@mit.edu> From: Jann Horn Date: Mon, 11 Nov 2019 21:24:33 +0100 Message-ID: Subject: Re: For review: documentation of clone3() system call To: "Theodore Y. Ts'o" Cc: "Michael Kerrisk (man-pages)" , Christian Brauner , Florian Weimer , Christian Brauner , lkml , linux-man , Kees Cook , Oleg Nesterov , Arnd Bergmann , David Howells , Pavel Emelyanov , Andrew Morton , Adrian Reber , Andrei Vagin , Linux API , Ingo Molnar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 11, 2019 at 5:58 PM Theodore Y. Ts'o wrote: > On Mon, Nov 11, 2019 at 03:55:35PM +0100, Jann Horn wrote: > > Not on Linux, but on OpenBSD, they do use MAP_STACK now AFAIK; this > > was announced here: > > . > > Basically they periodically check whether the userspace stack pointer > > points into a MAP_STACK region, and if not, they kill the process. So > > even if it's a no-op on Linux... > > Hmm, is that something we should do in Linux? Even if we only check > on syscall entry, which should be pretty inexpensive, it seems like it > would be very effective in protecting various ROP techniques. I'm not a big fan, especially if that would only happen on syscall entry; at the point where you have enough control to perform syscalls, it probably isn't too difficult to move your ROP stack over to a legitimate stack.