Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Dec 2017 12:44:31 +0100
From: Peter Zijlstra <>
To: Alexander Popov <>
Cc:, Kees Cook <>,
	PaX Team <>,
	Brad Spengler <>,
	Ingo Molnar <>, Andy Lutomirski <>,
	Tycho Andersen <>, Laura Abbott <>,
	Mark Rutland <>,
	Ard Biesheuvel <>,
	Borislav Petkov <>,
	Thomas Gleixner <>,
	"H . Peter Anvin" <>,
Subject: Re: [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel
 stack at the end of syscalls

On Wed, Dec 06, 2017 at 02:33:42AM +0300, Alexander Popov wrote:
> The STACKLEAK feature erases the kernel stack before returning from
> syscalls. That reduces the information which kernel stack leak bugs can
> reveal and blocks some uninitialized stack variable attacks. Moreover,
> STACKLEAK provides runtime checks for kernel stack overflow detection.
> This commit introduces the architecture-specific code filling the used
> part of the kernel stack with a poison value before returning to the
> userspace. Full STACKLEAK feature also contains the gcc plugin which
> comes in a separate commit.

Have you looked at the entry rework in this series:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.