| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202205041205.803FD491@keescook>
Date: Wed, 4 May 2022 12:07:57 -0700
From: Kees Cook <keescook@...omium.org>
To: Mark Rutland <mark.rutland@....com>
Cc: linux-arm-kernel@...ts.infradead.org, akpm@...ux-foundation.org,
alex.popov@...ux.com, catalin.marinas@....com,
linux-kernel@...r.kernel.org, luto@...nel.org, will@...nel.org
Subject: Re: [PATCH v2 09/13] lkdtm/stackleak: rework boundary management
On Wed, Apr 27, 2022 at 06:31:24PM +0100, Mark Rutland wrote:
> There are a few problems with the way the LKDTM STACKLEAK_ERASING test
> manipulates the stack pointer and boundary values:
>
> * It uses the address of a local variable to determine the current stack
> pointer, rather than using current_stack_pointer directly. As the
> local variable could be placed anywhere within the stack frame, this
> can be an over-estimate of the true stack pointer value.
>
> * Is uses an estiamte of the current stack pointer as the upper boundary
> when scanning for poison, even though prior functions could have used
> more stack (and may have updated current->lowest stack accordingly).
>
> * A pr_info() call is made in the middle of the test. As the printk()
> code is out-of-line and will make use of the stack, this could clobber
> poison and/or adjust current->lowest_stack. It would be better to log
> the metadata after the body of the test to avoid such problems.
Yeah, I noticed this too when I was testing the v1 series. I started
cleaning it up, but your version is much better. :)
--
Kees Cook
Powered by blists - more mailing lists