kernel-hardening - Re: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon system call

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAGXu5j+OBohkiXZQ3rZENRhvQgcjBemoTvXVZK4Bc=KsS1fhpw@mail.gmail.com>
Date: Wed, 20 Feb 2019 14:04:53 -0800
From: Kees Cook <keescook@...omium.org>
To: Elena Reshetova <elena.reshetova@...el.com>
Cc: Kernel Hardening <kernel-hardening@...ts.openwall.com>, Andy Lutomirski <luto@...nel.org>, 
	Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, 
	Peter Zijlstra <peterz@...radead.org>, Alexander Popov <alex.popov@...ux.com>
Subject: Re: [RFC PATCH] x86/entry/64: randomize kernel stack offset upon
 system call

On Fri, Feb 8, 2019 at 4:16 AM Elena Reshetova
<elena.reshetova@...el.com> wrote:
> +.macro RANDOMIZE_KSTACK_NOCLOBBER
> +#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET
> +       PUSH_AND_CLEAR_REGS
> +       call randomize_kstack
> +       POP_REGS
> +#endif
> +.endm
> +
> [...]
> @@ -268,6 +268,8 @@ syscall_return_via_sysret:
>          */
>         STACKLEAK_ERASE_NOCLOBBER
>
> +       RANDOMIZE_KSTACK_NOCLOBBER

Probably we could extract the PUSH_AND_CLEAR_REGS and POP_REGS out
here from both this and stackleak to avoid doing it twice?

-- 
Kees Cook

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.