lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 18 Jan 2009 09:41:34 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Tejun Heo <tj@...nel.org>
Cc:	Brian Gerst <brgerst@...il.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 16/17] x86-64: Remove the PDA


* Tejun Heo <tj@...nel.org> wrote:

> Hello, Brian.
> 
> Brian Gerst wrote:
> >> How about something like the following?
> >>
> >> #define CANARY_OFFSET   40
> >> #define CANARY_SIZE     8
> >>
> >> DECLARE_PER_CPU(unsigned long, stack_canary);
> >>
> >> and in linker script,
> >>
> >> PERCPU_VADDR_PREALLOC(0, :percpu, CANARY_OFFSET + CANARY_SIZE)
> >> per_cpu__stack_canary = __per_cpu_start + CANARY_OFFSET;
> >>
> > 
> > The thing I don't like about the prealloc method is that it puts the
> > page-aligned variables at the end.  This leaves a gap which is
> > unavailable for dynamic allocations.  Stealing 48 bytes from the
> > bottom of the irqstack (which is 16k) keeps the page-aligned section
> > at the start.  It's really no different than how the thread_info
> > structure sits at the bottom of the process stack.
> > 
> > How about something like:
> > union irq_stack_union {
> > 	char irq_stack[IRQSTACKSIZE];
> > 	struct {
> > 		char pad[40];
> > 		unsigned long stack_canary;
> > 	}
> > };
> > 
> > That documents the overlay better, and avoids having to touch the
> > linker script.
> 
> I have no objection as long as it's sufficiently documented.

There is another advantage from Brian's trick of reusing the IRQ stack 
bottom: if we ever overflow the IRQ stack the kernel will likely stomp on 
the canary and overwrite it, and then (if the user runs on a 
stackprotector kernel) we will get an instantaneous assert and backtrace, 
exactly where the overflow happened.

Small overflows are otherwise rather hard to catch right on the spot so 
this is a bonus.

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ