[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <9f4927cb-e8c1-4b97-b9b6-145172b469e0@zytor.com>
Date: Mon, 29 Apr 2024 13:57:00 -0700
From: "H. Peter Anvin" <hpa@...or.com>
To: Kees Cook <keescook@...omium.org>
Cc: Xin Li <xin@...or.com>, Andrew Lutomirski <luto@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
LKML <linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>
Subject: Re: x86: dynamic pt_regs pointer and kernel stack randomization
On 4/29/24 09:09, Kees Cook wrote:
>
> If I'm understanding FRED correctly, I think this exit path
> would need to call choose_random_kstack_offset() as well. (For
> syscalls, add_random_kstack_offset() is used on entry and
> choose_random_kstack_offset() is used on exit, so I think we'd want the
> same pattern for interrupt handling.)
>
Yes, I didn't include it in here because it doesn't affect the assembly
flow per se, since it "simply" sets up the parameters for the next entry
and so at least logically can be executed more or less anywhere.
> Yeah, I'd like greater coverage for ring 3->0 transitions. We do want to
> double-check the original design choices, though. I *think* they still
> stand (see the comments for choose_random_kstack_offset() about entropy
> location (per-cpu area), and lifetime (across userspace execution).
Yeah, I'm not super sure of what exactly the constraints really are;
they are written in a way that signals to me that there is implied
context that isn't clear to me, especially the bit about "long running
syscalls".
-hpa
Powered by blists - more mailing lists