Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Jun 2020 18:23:38 +0300
From: Alexander Popov <>
To: Jann Horn <>, Kees Cook <>,
 Elena Reshetova <>
Cc: Emese Revfy <>,
 Miguel Ojeda <>,
 Masahiro Yamada <>,
 Michal Marek <>,
 Andrew Morton <>,
 Masahiro Yamada <>,
 Thiago Jung Bauermann <>,
 Luis Chamberlain <>, Jessica Yu <>,
 Sven Schnelle <>, Iurii Zaikin <>,
 Catalin Marinas <>, Will Deacon <>,
 Vincenzo Frascino <>,
 Thomas Gleixner <>, Peter Collingbourne <>,
 Naohiro Aota <>, Alexander Monakov <>,
 Mathias Krause <>, PaX Team <>,
 Brad Spengler <>, Laura Abbott <>,
 Florian Weimer <>,
 Kernel Hardening <>,, the arch/x86 maintainers <>,
 Linux ARM <>,
 kernel list <>,,
Subject: Re: [PATCH 1/5] gcc-plugins/stackleak: Exclude alloca() from the
 instrumentation logic

On 04.06.2020 17:01, Jann Horn wrote:
> On Thu, Jun 4, 2020 at 3:51 PM Alexander Popov <> wrote:
>> Some time ago Variable Length Arrays (VLA) were removed from the kernel.
>> The kernel is built with '-Wvla'. Let's exclude alloca() from the
>> instrumentation logic and make it simpler. The build-time assertion
>> against alloca() is added instead.
> [...]
>> +                       /* Variable Length Arrays are forbidden in the kernel */
>> +                       gcc_assert(!is_alloca(stmt));
> There is a patch series from Elena and Kees on the kernel-hardening
> list that deliberately uses __builtin_alloca() in the syscall entry
> path to randomize the stack pointer per-syscall - see
> <>.

Thanks, Jann.

At first glance, leaving alloca() handling in stackleak instrumentation logic
would allow to integrate stackleak and this version of random_kstack_offset.

Kees, Elena, did you try random_kstack_offset with upstream stackleak?

It looks to me that without stackleak erasing random_kstack_offset can be
weaker. I mean, if next syscall has a bigger stack randomization gap, the data
on thread stack from the previous syscall is not overwritten and can be used. Am
I right?

Another aspect: CONFIG_STACKLEAK_METRICS can be used for guessing kernel stack
offset, which is bad. It should be disabled if random_kstack_offset is on.

Best regards,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.