lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 29 Nov 2011 15:08:07 +0900
From:	Mitsuo Hayasaka <mitsuo.hayasaka.hu@...achi.com>
To:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Randy Dunlap <rdunlap@...otime.net>
Cc:	x86@...nel.org, linux-kernel@...r.kernel.org,
	linux-doc@...r.kernel.org, yrl.pp-manager.tt@...achi.com
Subject: [PATCH -v2 0/4] x86: check stack overflows more reliably

Hi,

This patch series adds the following three features about stack
overflow checking. The (3) feature works if the sysctl parameter
is enabled.

(1) add user mode vm check
    The kernel stack overflow is checked in stack_overflow_check(),
    which may wrongly detect the overflow if the user stack pointer
    points to the kernel stack intentionally or accidentally.
    To avoid this misdetection, bail out early if the user stack is
    used.

(2) check stack overflow in detail
    Currently, only kernel stack is checked for the overflow,
    which is not sufficient for systems that need a high reliability.
    To enhance it, expand stack overflow checking to IRQ and
    exception stacks.

(3) panic on stack overflow
    Currently, kernel messages are output on the detection of
    stack overflow. Similarly, its's not sufficient for systems
    that need a high reliability since it may corrupt data and the
    additional corruption may occur due to reading them. To enhance
    reliability, cause a panic for the overflows according to the
    sysctl parameter. In addition, it is also useful for analyzing
    the reason why it occurred using kdump which is a crash dumping
    mechanism. This option is disabled by default in sysctl.


Changes in v2:
 - Remove DEBUG_STACKOVERFLOW_DETAIL option in Kconfig.
 - Change the default overflow checking to the detail-check instead
   of original one that only checks the kernel stack overflow.
 - Remove the changes related to binary sysctl.

Thanks,

---

Mitsuo Hayasaka (4):
      x86: cleanup the range of stack overflow checking
      x86: panic on detection of stack overflow
      x86: check stack overflow in detail
      [BUGFIX] x86: add user_mode_vm check in stack_overflow_check


 Documentation/sysctl/kernel.txt |   14 ++++++++++++++
 arch/x86/Kconfig.debug          |    7 +++++--
 arch/x86/kernel/irq_32.c        |    2 ++
 arch/x86/kernel/irq_64.c        |   36 ++++++++++++++++++++++++++++++------
 include/linux/kernel.h          |    1 +
 kernel/sysctl.c                 |    9 +++++++++
 6 files changed, 61 insertions(+), 8 deletions(-)

-- 
Mitsuo Hayasaka (mitsuo.hayasaka.hu@...achi.com)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ