lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZDaCpRp5wnh3VFuQ@FVFF77S0Q05N>
Date:   Wed, 12 Apr 2023 11:06:29 +0100
From:   Mark Rutland <mark.rutland@....com>
To:     Heiko Carstens <hca@...ux.ibm.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Alexander Popov <alex.popov@...ux.com>,
        Vasily Gorbik <gor@...ux.ibm.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] stackleak: allow to specify arch specific stackleak
 poison function

On Wed, Apr 12, 2023 at 11:58:07AM +0200, Heiko Carstens wrote:
> On Wed, Apr 12, 2023 at 10:03:46AM +0100, Mark Rutland wrote:
> > On Wed, Apr 05, 2023 at 03:08:40PM +0200, Heiko Carstens wrote:
> > > Factor out the code that fills the stack with the stackleak poison value
> > > in order to allow architectures to provide a faster implementation.
> > > 
> > > Acked-by: Vasily Gorbik <gor@...ux.ibm.com>
> > > Signed-off-by: Heiko Carstens <hca@...ux.ibm.com>
> > 
> > As on patch 2, it might be nicer to have a noinstr-safe memset64() and use that
> > directly, but I don't have strong feelings either way, and I'll defer to Kees's
> > judgement:
> 
> Wouldn't that enforce that memset64() wouldn't be allowed to have an own
> stackframe, since otherwise it would write poison values to it, since we
> have
> 
> 	if (on_task_stack)
> 		erase_high = current_stack_pointer;
> 
> in __stackleak_erase()?

Yes, sorry -- I was implicitly assuming that a noinstr-safe version would be
__always_inline.

> That was actually my motiviation to make this s390 optimization an always
> inline asm.
> 
> Besides that this wouldn't be a problem for at least s390, since memset64()
> is an asm function which comes whithout the need for a stackframe, but on
> the other hand this would add a quite subtle requirement to memset64(), if
> I'm not mistaken.

That's a fair enough justification, I think. Thanks for the details!

Thanks,
Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ