lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZDZz8QvPdpGJqMd6@FVFF77S0Q05N>
Date:   Wed, 12 Apr 2023 10:03:46 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Heiko Carstens <hca@...ux.ibm.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Alexander Popov <alex.popov@...ux.com>,
        Vasily Gorbik <gor@...ux.ibm.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] stackleak: allow to specify arch specific stackleak
 poison function

On Wed, Apr 05, 2023 at 03:08:40PM +0200, Heiko Carstens wrote:
> Factor out the code that fills the stack with the stackleak poison value
> in order to allow architectures to provide a faster implementation.
> 
> Acked-by: Vasily Gorbik <gor@...ux.ibm.com>
> Signed-off-by: Heiko Carstens <hca@...ux.ibm.com>

As on patch 2, it might be nicer to have a noinstr-safe memset64() and use that
directly, but I don't have strong feelings either way, and I'll defer to Kees's
judgement:

Acked-by: Mark Rutland <mark.rutland@....com>

Thanks,
Mark.

> ---
>  kernel/stackleak.c | 17 +++++++++++++----
>  1 file changed, 13 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/stackleak.c b/kernel/stackleak.c
> index c2c33d2202e9..34c9d81eea94 100644
> --- a/kernel/stackleak.c
> +++ b/kernel/stackleak.c
> @@ -70,6 +70,18 @@ late_initcall(stackleak_sysctls_init);
>  #define skip_erasing()	false
>  #endif /* CONFIG_STACKLEAK_RUNTIME_DISABLE */
>  
> +#ifndef __stackleak_poison
> +static __always_inline void __stackleak_poison(unsigned long erase_low,
> +					       unsigned long erase_high,
> +					       unsigned long poison)
> +{
> +	while (erase_low < erase_high) {
> +		*(unsigned long *)erase_low = poison;
> +		erase_low += sizeof(unsigned long);
> +	}
> +}
> +#endif
> +
>  static __always_inline void __stackleak_erase(bool on_task_stack)
>  {
>  	const unsigned long task_stack_low = stackleak_task_low_bound(current);
> @@ -101,10 +113,7 @@ static __always_inline void __stackleak_erase(bool on_task_stack)
>  	else
>  		erase_high = task_stack_high;
>  
> -	while (erase_low < erase_high) {
> -		*(unsigned long *)erase_low = STACKLEAK_POISON;
> -		erase_low += sizeof(unsigned long);
> -	}
> +	__stackleak_poison(erase_low, erase_high, STACKLEAK_POISON);
>  
>  	/* Reset the 'lowest_stack' value for the next syscall */
>  	current->lowest_stack = task_stack_high;
> -- 
> 2.37.2
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ