lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 28 Apr 2015 09:21:05 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>, Michal Marek <mmarek@...e.cz>,
	x86@...nel.org, live-patching@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] x86, stackvalidate: Compile-time stack frame pointer
 validation

On Tue, Apr 28, 2015 at 04:08:42PM +0200, Peter Zijlstra wrote:
> On Tue, Apr 28, 2015 at 09:04:54AM -0500, Josh Poimboeuf wrote:
> > On Tue, Apr 28, 2015 at 02:16:06PM +0200, Peter Zijlstra wrote:
> > > On Mon, Apr 27, 2015 at 08:56:27AM -0500, Josh Poimboeuf wrote:
> > > > Frame pointer based stack traces aren't always reliable.  One big reason
> > > > is that most asm functions don't set up the frame pointer.
> > > > 
> > > > Fix that by enforcing that all asm functions honor CONFIG_FRAME_POINTER.
> > > > This is done with a new stackvalidate host tool which is automatically
> > > > run for every compiled .S file and which validates that every asm
> > > > function does the proper frame pointer setup.
> > > 
> > > Would it make sense (maybe as an additional CONFIG_*_DEBUG thing) to
> > > also process the output of GCC with this tool? To both double check GCC
> > > and to give the tool more input?
> > 
> > I tried that, but I discovered that gcc's usage of frame pointers would
> > be a lot harder to validate.  It only sets up the frame pointer in code
> > paths which have call instructions.  There are a lot of functions which
> > have conditional jumps at the beginning which can jump straight to a
> > return instruction without first doing the frame pointer setup.
> 
> Hmm, would not such code break your patching?

No, because we'll also do some runtime stack validation (which will be a
future patch set).  If we detect preemption or an irq frame on the
stack, we'll assume the stack is unreliable and delay the patching of
the task (*).  Otherwise the stack will only consist of calls down to
schedule() which will be guaranteed to have frame pointers.

(*) This can be even further improved by making _all_ stacks reliable if
    we can ensure that dwarf call frame information is reliable (more
    future patch sets).

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ