| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87a7b943-ed15-8521-773e-c182a37ee61e@infradead.org>
Date: Mon, 22 Jun 2020 12:40:49 -0700
From: Randy Dunlap <rdunlap@...radead.org>
To: Kees Cook <keescook@...omium.org>,
Thomas Gleixner <tglx@...utronix.de>
Cc: Elena Reshetova <elena.reshetova@...el.com>, x86@...nel.org,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Potapenko <glider@...gle.com>,
Alexander Popov <alex.popov@...ux.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Jann Horn <jannh@...gle.com>,
kernel-hardening@...ts.openwall.com,
linux-arm-kernel@...ts.infradead.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 3/5] stack: Optionally randomize kernel stack offset
each syscall
On 6/22/20 12:31 PM, Kees Cook wrote:
> This provides the ability for architectures to enable kernel stack base
> address offset randomization. This feature is controlled by the boot
> param "randomize_kstack_offset=on/off", with its default value set by
> CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT.
>
> Co-developed-by: Elena Reshetova <elena.reshetova@...el.com>
> Signed-off-by: Elena Reshetova <elena.reshetova@...el.com>
> Link: https://lore.kernel.org/r/20190415060918.3766-1-elena.reshetova@intel.com
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> Makefile | 4 ++++
> arch/Kconfig | 23 ++++++++++++++++++
> include/linux/randomize_kstack.h | 40 ++++++++++++++++++++++++++++++++
> init/main.c | 23 ++++++++++++++++++
> 4 files changed, 90 insertions(+)
> create mode 100644 include/linux/randomize_kstack.h
Hi,
Please add documentation for the new kernel boot parameter to
Documentation/admin-guide/kernel-parameters.txt.
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 1ea61290900a..1f52c9cfefca 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -883,6 +883,29 @@ config VMAP_STACK
> virtual mappings with real shadow memory, and KASAN_VMALLOC must
> be enabled.
>
> +config HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
> + def_bool n
> + help
> + An arch should select this symbol if it can support kernel stack
> + offset randomization with calls to add_random_kstack_offset()
> + during syscall entry and choose_random_kstack_offset() during
> + syscall exit. Downgrading of -fstack-protector-strong to
> + -fstack-protector should also be applied to the entry code and
> + closely examined, as the artificial stack bump looks like an array
> + to the compiler, so it will attempt to add canary checks regardless
> + of the static branch state.
> +
> +config RANDOMIZE_KSTACK_OFFSET_DEFAULT
> + bool "Randomize kernel stack offset on syscall entry"
> + depends on HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
> + help
> + The kernel stack offset can be randomized (after pt_regs) by
> + roughly 5 bits of entropy, frustrating memory corruption
> + attacks that depend on stack address determinism or
> + cross-syscall address exposures. This feature is controlled
> + by kernel boot param "randomize_kstack_offset=on/off", and this
> + config chooses the default boot state.
thanks.
--
~Randy
Powered by blists - more mailing lists