lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  3 Sep 2021 23:09:05 -0700
From:   Keith Packard <keithp@...thp.com>
To:     linux-kernel@...r.kernel.org
Cc:     Abbott Liu <liuwenliang@...wei.com>,
        Alexander Sverdlin <alexander.sverdlin@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Anshuman Khandual <anshuman.khandual@....com>,
        Ard Biesheuvel <ardb@...nel.org>,
        Arnd Bergmann <arnd@...db.de>,
        Bjorn Andersson <bjorn.andersson@...aro.org>,
        Florian Fainelli <f.fainelli@...il.com>,
        Geert Uytterhoeven <geert+renesas@...der.be>,
        Hartley Sweeten <hsweeten@...ionengravers.com>,
        Jens Axboe <axboe@...nel.dk>, Jian Cai <jiancai@...gle.com>,
        Joe Perches <joe@...ches.com>,
        Kees Cook <keescook@...omium.org>,
        Keith Packard <keithp@...thp.com>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>,
        Linus Walleij <linus.walleij@...aro.org>,
        linux-arm-kernel@...ts.infradead.org,
        Manivannan Sadhasivam <mani@...nel.org>,
        Marc Zyngier <maz@...nel.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Miguel Ojeda <ojeda@...nel.org>,
        Mike Rapoport <rppt@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Nicolas Pitre <nico@...xnic.net>,
        Rob Herring <robh@...nel.org>,
        Russell King <linux@...linux.org.uk>,
        Thomas Gleixner <tglx@...utronix.de>,
        Uwe Kleine-König 
        <u.kleine-koenig@...gutronix.de>,
        Valentin Schneider <valentin.schneider@....com>,
        Viresh Kumar <viresh.kumar@...aro.org>,
        "Wolfram Sang (Renesas)" <wsa+renesas@...g-engineering.com>,
        YiFei Zhu <yifeifz2@...inois.edu>,
        Keith Packard <keithpac@...zon.com>
Subject: [PATCH 0/2] ARM: support THREAD_INFO_IN_TASK (v7 only) (v2)

Placing thread_info in the kernel stack leaves it vulnerable to stack
overflow attacks. This short series addresses that by using the
existing THREAD_INFO_IN_TASK infrastructure.

This is the second version of this series, in this version the changes
are restricted to v7 hardware which offers a way to identify each cpu
in the system without reference to the stack it is using.

The series is broken into three pieces:

 1) Change the secondary_start_kernel API to pass the cpu number to
    this function. This is required for the following patch because the
    raw_smp_processor_id() macro will use the per_cpu_offset value which
    needs to have the cpu number to get the right value.

 2) Enable THREAD_INFO_IN_TASK by creating a new per-cpu variable,
    current_task, just like the x86 architecture. The largest changes
    are in the assembly code where fetching the current_task value
    requires a temporary register. Fortunately, each location in the
    code performing this had a reasonably obvious register to use.

 3) Optimize access to the cpu number using another new per-cpu
    variable. This is not functionally necessary, but avoids
    de-referencing through two pointers at modest memory cost.

Signed-off-by: Keith Packard <keithpac@...zon.com>

Powered by blists - more mailing lists