[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240718124739.3834489-1-ruanjinjie@huawei.com>
Date: Thu, 18 Jul 2024 20:47:39 +0800
From: Jinjie Ruan <ruanjinjie@...wei.com>
To: <chenhuacai@...nel.org>, <kernel@...0n.name>, <kees@...nel.org>,
<gustavoars@...nel.org>, <arnd@...db.de>, <maobibo@...ngson.cn>,
<loongarch@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<linux-hardening@...r.kernel.org>
CC: <ruanjinjie@...wei.com>
Subject: [PATCH] loongarch: Support RANDOMIZE_KSTACK_OFFSET
Add support of kernel stack offset randomization while handling syscall,
the offset is defaultly limited by KSTACK_OFFSET_MAX().
In order to avoid trigger stack canaries (due to __builtin_alloca) and
slowing down the entry path, use __no_stack_protector attribute to
disable stack protector for do_syscall() at function level.
With this patch, the REPORT_STACK test show that:
`loongarch64 bits of stack entropy: 7`
Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
---
arch/loongarch/Kconfig | 1 +
arch/loongarch/kernel/syscall.c | 16 +++++++++++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index ddc042895d01..fcf6451b4e38 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -106,6 +106,7 @@ config LOONGARCH
select HAVE_ARCH_KFENCE
select HAVE_ARCH_KGDB if PERF_EVENTS
select HAVE_ARCH_MMAP_RND_BITS if MMU
+ select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
select HAVE_ARCH_SECCOMP
select HAVE_ARCH_SECCOMP_FILTER
select HAVE_ARCH_TRACEHOOK
diff --git a/arch/loongarch/kernel/syscall.c b/arch/loongarch/kernel/syscall.c
index ec17cd5163b7..a332c6cb76ec 100644
--- a/arch/loongarch/kernel/syscall.c
+++ b/arch/loongarch/kernel/syscall.c
@@ -9,6 +9,7 @@
#include <linux/entry-common.h>
#include <linux/errno.h>
#include <linux/linkage.h>
+#include <linux/randomize_kstack.h>
#include <linux/syscalls.h>
#include <linux/unistd.h>
@@ -39,7 +40,7 @@ void *sys_call_table[__NR_syscalls] = {
typedef long (*sys_call_fn)(unsigned long, unsigned long,
unsigned long, unsigned long, unsigned long, unsigned long);
-void noinstr do_syscall(struct pt_regs *regs)
+__no_stack_protector void noinstr do_syscall(struct pt_regs *regs)
{
unsigned long nr;
sys_call_fn syscall_fn;
@@ -55,11 +56,24 @@ void noinstr do_syscall(struct pt_regs *regs)
nr = syscall_enter_from_user_mode(regs, nr);
+ add_random_kstack_offset();
+
if (nr < NR_syscalls) {
syscall_fn = sys_call_table[nr];
regs->regs[4] = syscall_fn(regs->orig_a0, regs->regs[5], regs->regs[6],
regs->regs[7], regs->regs[8], regs->regs[9]);
}
+ /*
+ * This value will get limited by KSTACK_OFFSET_MAX(), which is 10
+ * bits. The actual entropy will be further reduced by the compiler
+ * when applying stack alignment constraints: 16-byte (i.e. 4-bit)
+ * aligned, which will remove the 4 low bits from any entropy chosen
+ * here.
+ *
+ * The resulting 6 bits of entropy is seen in SP[9:4].
+ */
+ choose_random_kstack_offset(get_random_u16());
+
syscall_exit_to_user_mode(regs);
}
--
2.34.1
Powered by blists - more mailing lists