Received: by 10.223.164.202 with SMTP id h10csp1022809wrb;
        Fri, 10 Nov 2017 21:17:47 -0800 (PST)
X-Google-Smtp-Source: AGs4zMaynnfydwc0Nntsu0fRP5XzluICLysHcWIrO7p8dGzjDwsQVGcZaUDROsn4U65A44azvX3E
X-Received: by 10.99.110.197 with SMTP id j188mr2519652pgc.34.1510377467647;
        Fri, 10 Nov 2017 21:17:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1510377467; cv=none;
        d=google.com; s=arc-20160816;
        b=IF/C3Pmuh+QW0nXGWaHhvzlyX0XgW7wgCiuFb2+TQsPaLs54MPhRGr9qOP0SWDmKr2
         +HjrHfc94XbXqZFbePehK7naqhC4pMTNjL1iLs4uIh1G7PUDtuVUaqr2T2ey4zvUa1F+
         oIq1dUsvDW/HhQ9312RFR/dDVpGQzr86hpYFaWrq2soG3I1kR1aVKGDNXsLbH2Mjo4cN
         HRY9MMTorHgbf28ZwaTX2WqQTnN/WxEaJbucEl+XQqjqNEYvvkLjc4YC8JyANO8UJZKx
         78G0cbFO2P5AXRUPAxvoShebuyypboT1hD1xUtBjzhr46ohTMi7ahOGMVeYi7VarJtvv
         omag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=DBUukHji9Wdg+Cw4vsVU+Xul7aT4eb1ZMfJCOBDKPn0=;
        b=ABvp+eccKnSwMn/zOaYWKrBhwoZvhWpRziKhYS08ar52+1cXL+eehKMaMBLf7bl1rx
         Ur9DkCUIKt85mZ5YVZ+bWG8pL0/lKOc2E0aSkSBQzbw4KCco89tDbQuTumyOeRnqLwqG
         pc8fUI5A2BQ9OAuNvzE4Mh5wO/nMFFCQrVcK1XLinJfURMAxGWiCT2DZP9+nHPug5NQJ
         VcedEmIRDLAPJ99PfSJZqlagfEMQ1PzY+4C/WLvmyV0+EsBy/zpCA228QgnAuwRGwag3
         cayOdjF5g9W4VslfxVcsw6udZniJw83uM8w8hlwzUvuCGjUTv25JYLg1bMJnRzE7C1IA
         1DIQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t3si10300038plm.716.2017.11.10.21.17.34;
        Fri, 10 Nov 2017 21:17:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1750990AbdKKFQ4 (ORCPT <rfc822;parkch98@gmail.com> + 83 others);
        Sat, 11 Nov 2017 00:16:56 -0500
Received: from marcansoft.com ([212.63.210.85]:50114 "EHLO mail.marcansoft.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750791AbdKKFQz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 11 Nov 2017 00:16:55 -0500
Received: from [127.0.0.1] (localhost [127.0.0.1])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        (Authenticated sender: marcan@marcansoft.com)
        by mail.marcansoft.com (Postfix) with ESMTPSA id DA2C942CBC;
        Sat, 11 Nov 2017 05:16:51 +0000 (UTC)
Subject: Re: [kernel-hardening] Re: vDSO maximum stack usage, stack probes,
 and -fstack-check
To:     Andy Lutomirski <luto@kernel.org>
Cc:     LKML <linux-kernel@vger.kernel.org>,
        "kernel-hardening@lists.openwall.com" 
        <kernel-hardening@lists.openwall.com>, X86 ML <x86@kernel.org>
References: <c6603960-c155-8f9f-6458-38e9ba6d4bdd@marcan.st>
 <CALCETrXhUdMNfC0yBah39Z=xWVe3Fix-qF922gJjqzTO1B7TSA@mail.gmail.com>
 <06a4b0b4-4b36-91b6-d146-9fc1300b785f@marcan.st>
 <a4f2bc2f-4d90-85fe-c0cc-d0d31551e933@marcan.st>
 <CALCETrVd-f-N=O6QmtdzS7oSVkXpsJhxH+=9+0fvfFmy5Cz3WQ@mail.gmail.com>
From:   Hector Martin 'marcan' <marcan@marcan.st>
Message-ID: <6dc150cb-13df-65d8-cb6e-0a522c13ae11@marcan.st>
Date:   Sat, 11 Nov 2017 14:16:48 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CALCETrVd-f-N=O6QmtdzS7oSVkXpsJhxH+=9+0fvfFmy5Cz3WQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: es-ES
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2017-11-11 07:04, Andy Lutomirski wrote:
>> On Nov 10, 2017, at 8:36 AM, Hector Martin 'marcan' <marcan@marcan.st> wrote:
>>
>>> On 2017-11-11 01:02, Hector Martin 'marcan' wrote:
>>> Not entirely sure what's going on here.
>>
>> Actually, if you think about it, it doesn't matter that it skips the
>> first page, since it's probing one page more. That just means the caller
>> will have probed the previous page. So ultimately you're just probing
>> ahead of where you need to, but that should be OK.
>>
> 
> The whole point is to touch the stack pages in order.  Also, I see no
> guarantee that the function would touch the intermediate page before
> clobbering the probed page.  You're seeing exactly that behavior, in
> fact.

Only because Go is not C and is not compiled like this. If all the code
is GCC-compiled C code and built with -fstack-check, it should always
probe stack pages in order except for potentially the second page in the
stack, which may be touched after the third page (but hopefully your
stack is at least two pages long to begin with).

AIUI -fstack-check was not intended for stack clash protection (the
latter isn't even in a GCC release yet), but in most circumstances it
seems to me like it's an effective mitigation if all code is compiled
with it. Qualys mentioned it as such in their advisory. This is probably
why Gentoo Hardened enables it by default globally in their toolchain.

-- 
Hector Martin "marcan" (marcan@marcan.st)
Public Key: https://mrcn.st/pub

From 1583718440076273903@xxx Fri Nov 10 22:06:40 +0000 2017
X-GM-THRID: 1583675421897144493
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread