lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 16 Jun 2022 09:51:03 +0800
From:   xiujianfeng <xiujianfeng@...wei.com>
To:     Michael Ellerman <mpe@...erman.id.au>, <benh@...nel.crashing.org>,
        <paulus@...ba.org>, <npiggin@...il.com>,
        <christophe.leroy@...roup.eu>, <tglx@...utronix.de>,
        <mark.rutland@....com>
CC:     <linuxppc-dev@...ts.ozlabs.org>, <linux-kernel@...r.kernel.org>,
        <linux-hardening@...r.kernel.org>
Subject: Re: [PATCH -next, v2] powerpc: add support for syscall stack
 randomization

在 2022/5/28 20:21, Michael Ellerman 写道:
> xiujianfeng <xiujianfeng@...wei.com> writes:
>> friendly ping....
> I will consider this for v5.20 once the merge window has closed (after
> v5.19-rc1 is release).

Hi, Michael, thanks for your feedback, and anything needed about this 
patch please let me know :)

>
> cheers
>
>> 在 2022/5/16 15:32, Xiu Jianfeng 写道:
>>> Add support for adding a random offset to the stack while handling
>>> syscalls. This patch uses mftb() instead of get_random_int() for better
>>> performance.
>>>
>>> In order to avoid unconditional stack canaries on syscall entry (due to
>>> the use of alloca()), also disable stack protector to avoid triggering
>>> needless checks and slowing down the entry path. As there is no general
>>> way to control stack protector coverage with a function attribute, this
>>> must be disabled at the compilation unit level.
>>>
>>> Signed-off-by: Xiu Jianfeng <xiujianfeng@...wei.com>
>>>
>>> ---
>>> Changes in v2:
>>>     -move choose choose_random_kstack_offset() to the end of system_call_exception
>>>     -allow full 6 (10) bits of entropy
>>>     -disable stack-protector for interrupt.c
>>> ---
>>>    arch/powerpc/Kconfig            |  1 +
>>>    arch/powerpc/kernel/Makefile    |  7 +++++++
>>>    arch/powerpc/kernel/interrupt.c | 19 ++++++++++++++++++-
>>>    3 files changed, 26 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
>>> index 98309eeae09c..2f0019a0054e 100644
>>> --- a/arch/powerpc/Kconfig
>>> +++ b/arch/powerpc/Kconfig
>>> @@ -192,6 +192,7 @@ config PPC
>>>    	select HAVE_ARCH_KASAN			if PPC32 && PPC_PAGE_SHIFT <= 14
>>>    	select HAVE_ARCH_KASAN_VMALLOC		if PPC32 && PPC_PAGE_SHIFT <= 14
>>>    	select HAVE_ARCH_KFENCE			if PPC_BOOK3S_32 || PPC_8xx || 40x
>>> +	select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
>>>    	select HAVE_ARCH_KGDB
>>>    	select HAVE_ARCH_MMAP_RND_BITS
>>>    	select HAVE_ARCH_MMAP_RND_COMPAT_BITS	if COMPAT
>>> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
>>> index 4ddd161aef32..5c5e85b8229b 100644
>>> --- a/arch/powerpc/kernel/Makefile
>>> +++ b/arch/powerpc/kernel/Makefile
>>> @@ -40,6 +40,13 @@ CFLAGS_cputable.o += -DDISABLE_BRANCH_PROFILING
>>>    CFLAGS_btext.o += -DDISABLE_BRANCH_PROFILING
>>>    endif
>>>    
>>> +#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET
>>> +# Remove stack protector to avoid triggering unneeded stack canary
>>> +# checks due to randomize_kstack_offset.
>>> +CFLAGS_REMOVE_interrupt.o = -fstack-protector -fstack-protector-strong
>>> +CFLAGS_interrupt.o += -fno-stack-protector
>>> +#endif
>>> +
>>>    obj-y				:= cputable.o syscalls.o \
>>>    				   irq.o align.o signal_$(BITS).o pmc.o vdso.o \
>>>    				   process.o systbl.o idle.o \
>>> diff --git a/arch/powerpc/kernel/interrupt.c b/arch/powerpc/kernel/interrupt.c
>>> index 784ea3289c84..d7cdcb6fc336 100644
>>> --- a/arch/powerpc/kernel/interrupt.c
>>> +++ b/arch/powerpc/kernel/interrupt.c
>>> @@ -4,6 +4,7 @@
>>>    #include <linux/err.h>
>>>    #include <linux/compat.h>
>>>    #include <linux/sched/debug.h> /* for show_regs */
>>> +#include <linux/randomize_kstack.h>
>>>    
>>>    #include <asm/kup.h>
>>>    #include <asm/cputime.h>
>>> @@ -78,10 +79,12 @@ notrace long system_call_exception(long r3, long r4, long r5,
>>>    				   long r6, long r7, long r8,
>>>    				   unsigned long r0, struct pt_regs *regs)
>>>    {
>>> +	long ret;
>>>    	syscall_fn f;
>>>    
>>>    	kuap_lock();
>>>    
>>> +	add_random_kstack_offset();
>>>    	regs->orig_gpr3 = r3;
>>>    
>>>    	if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG))
>>> @@ -229,7 +232,21 @@ notrace long system_call_exception(long r3, long r4, long r5,
>>>    		f = (void *)sys_call_table[r0];
>>>    	}
>>>    
>>> -	return f(r3, r4, r5, r6, r7, r8);
>>> +	ret = f(r3, r4, r5, r6, r7, r8);
>>> +	/*
>>> +	 * Ultimately, this value will get limited by KSTACK_OFFSET_MAX(),
>>> +	 * so the maximum stack offset is 1k bytes(10 bits).
>>> +	 *
>>> +	 * The actual entropy will be further reduced by the compiler when
>>> +	 * applying stack alignment constraints: the powerpc architecture
>>> +	 * may have two kinds of stack alignment(16-bytes and 8-bytes).
>>> +	 *
>>> +	 * So the resulting 6 or 7 bits of entropy is seen in SP[9:4] or SP[9:3].
>>> +	 *
>>> +	 */
>>> +	choose_random_kstack_offset(mftb());
>>> +
>>> +	return ret;
>>>    }
>>>    
>>>    static notrace void booke_load_dbcr0(void)
> .

Powered by blists - more mailing lists