Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1619402lqa; Mon, 29 Apr 2024 13:58:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVASzh+nL2hteLoszopqKJmOFlOY+0rg0dZsbOQWFkCwGa3vO1jQP+lSRr54QwRUeZkXk4R2N2te6hN95buZ3QNpH2khUsedy4bV+LAzw== X-Google-Smtp-Source: AGHT+IHFu31ddPyka9WMggR9eENs1yw9mk1ZRV50UIdr3/mAWfBBMhYMb8ENft7Nws/H1TnNd8Fb X-Received: by 2002:a05:620a:20db:b0:790:f83a:6105 with SMTP id f27-20020a05620a20db00b00790f83a6105mr666986qka.32.1714424289243; Mon, 29 Apr 2024 13:58:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714424289; cv=pass; d=google.com; s=arc-20160816; b=XU5NDrhrGJziIK4GbksCl/boEWlPHyIKnBRG/pRBAVNkMTbfU4oByhOwTyf5Bt1ZXv GWL2GF9ow+Ap2VaCB4AHu3AHX5hfo0ygfHZeuEG5ebZ6o6vFTt1QKjJvVUlF9r4Ga2tU Ly8OD+2ZMs/kwW3If8CmHYos7wNc06vFawm+breE9fnRCH56wZdBmhY5g9TwmkUio//S IDK7R8G+bBXgwcKWEVocWv9Oyg4MTEEwkSt1CuBZCFY8cyNygs3eLM3QQBv2+Yy3+xtT v8MtJsyf4M3y4Kq9Oh8pS4EUH+nhP5LwWBQeHEtS53/KTOsLlh8Z0nww6mmtvF1+OmEb 87TA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature :dkim-filter; bh=+GhsHmhMrDsQ4/RBIiXOwPhKdp8OKG2238MUvuiPqWE=; fh=LGfUXS0+sVVWy8n9Xv2Q8EHpz9DfiV+a3z0C5647cYU=; b=BbsSuok6ZBO9boSK7JX5bWYEZABMjOjkS4+3ycJgjbPQ1rjwOx3sCkJ3soHxthSExe MrfArtDfbq5VtHs4asVbLFIYokX5bGrhy1+U03Y9OkIUL82dOKcGBWNpH1kqNGVc695n /Oh/6YrTPIlaVpRBfzufnxhm3ttcdJ4vF7B3HjNctHXc5nuyaTKyzkZKITi+a2WQocC0 emvSUZZ4TrlPynaA+72AuLVAJRWN1aehbSZVW+eW3QYD7DIbfGs8txy/WlgapEezB1kQ ADrR3iKZ/R4ziYxj+HgcOF79JjEkeggJ5wIi3bO0T7YyqT2tgKogtx8Axjl8kuj0QgjF ZPJA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@zytor.com header.s=2024041401 header.b=FgPeL5ij; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-163031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163031-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id br18-20020a05620a461200b00790988f1978si12827912qkb.528.2024.04.29.13.58.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 13:58:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-163031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2024041401 header.b=FgPeL5ij; arc=pass (i=1 spf=pass spfdomain=zytor.com dkim=pass dkdomain=zytor.com dmarc=pass fromdomain=zytor.com); spf=pass (google.com: domain of linux-kernel+bounces-163031-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-163031-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id F33401C212A2 for ; Mon, 29 Apr 2024 20:58:08 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EF46B1779BD; Mon, 29 Apr 2024 20:58:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b="FgPeL5ij" Received: from mail.zytor.com (terminus.zytor.com [198.137.202.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A4351E886 for ; Mon, 29 Apr 2024 20:58:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.136 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714424284; cv=none; b=Uga6ZraNEK5T8iS7TfEsXu+ECkrjwk3eZBSaVM+V3Piw8qYrimvRZi5RJb8kl46xVwsBAPZ1f4qGsvY3kZMF+SBw/2dmU9yXebI1zjRAm/X/z2/9K1EqXWnmu780IF9EfX55aRi5iYeucgocVX+SyeRvICc3DnQNHoCF7qfMSp0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714424284; c=relaxed/simple; bh=tjeqQnAXPyfqb7X+qDbwtLwPhxxPfjqtjepkuaMtIEc=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=ml60GhhP9mUwPobNHQ1Q5h31cYvpgzFLIti5Am/KC7Dt9/khoxSwdTaADzTIgiYwjEv1j8Z5+58o/9mMOD0TVJaqtF43PZE5id4/zWBEizvGx4Nx3G+4PSJrdA3O5G+IdYViW5y1PjwjyJwyI3qoVqoEADT9r8kfTl/9QYjf5Ek= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com; spf=pass smtp.mailfrom=zytor.com; dkim=pass (2048-bit key) header.d=zytor.com header.i=@zytor.com header.b=FgPeL5ij; arc=none smtp.client-ip=198.137.202.136 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zytor.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=zytor.com Received: from [IPV6:2601:646:8002:4641:eb14:ad94:2806:1c1a] ([IPv6:2601:646:8002:4641:eb14:ad94:2806:1c1a]) (authenticated bits=0) by mail.zytor.com (8.17.2/8.17.1) with ESMTPSA id 43TKv5LH516495 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Mon, 29 Apr 2024 13:57:10 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 43TKv5LH516495 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2024041401; t=1714424230; bh=+GhsHmhMrDsQ4/RBIiXOwPhKdp8OKG2238MUvuiPqWE=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=FgPeL5ijy81JJqTxJp+Bc979wLqwA/aGvbUsdh8DvYshRZuTP0r0loPhnh9v3wmHZ 81E45gF1MxAf6MB0OTe9RBJxYznvlmY2scPvh9IWA7sLsQHdqB2HATLrl+Zwq0sjvv /+WQ3E5hizJiQ0OqD43R+yQ9u3+p8nO0/6N5fuoj0gWt33kjJUrwZmMP7r0RGYjH19 aymurNzUbVljOuU9Sy46IXipeaBqKFTgcH5mlAzzbIZrZ/9OBiLMzNaZyju1PcNGgs nkmVTz/jQGDP9fpWV34+BYsfOPqGe66s86x/K09MdSFQq5VI49/dx33nLcUOEDq1VS /nlun+C2CnzaA== Message-ID: <9f4927cb-e8c1-4b97-b9b6-145172b469e0@zytor.com> Date: Mon, 29 Apr 2024 13:57:00 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: x86: dynamic pt_regs pointer and kernel stack randomization To: Kees Cook Cc: Xin Li , Andrew Lutomirski , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , LKML , "x86@kernel.org" References: <202404290859.99763AA1@keescook> Content-Language: en-US From: "H. Peter Anvin" In-Reply-To: <202404290859.99763AA1@keescook> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 4/29/24 09:09, Kees Cook wrote: > > If I'm understanding FRED correctly, I think this exit path > would need to call choose_random_kstack_offset() as well. (For > syscalls, add_random_kstack_offset() is used on entry and > choose_random_kstack_offset() is used on exit, so I think we'd want the > same pattern for interrupt handling.) > Yes, I didn't include it in here because it doesn't affect the assembly flow per se, since it "simply" sets up the parameters for the next entry and so at least logically can be executed more or less anywhere. > Yeah, I'd like greater coverage for ring 3->0 transitions. We do want to > double-check the original design choices, though. I *think* they still > stand (see the comments for choose_random_kstack_offset() about entropy > location (per-cpu area), and lifetime (across userspace execution). Yeah, I'm not super sure of what exactly the constraints really are; they are written in a way that signals to me that there is implied context that isn't clear to me, especially the bit about "long running syscalls". -hpa