Re: x86: dynamic pt_regs pointer and kernel stack randomization

From: H. Peter Anvin
Date: Mon Apr 29 2024 - 16:58:08 EST

Next message: Palmer Dabbelt: "Re: [PATCH] cpuidle: riscv-sbi: Add cluster_pm_enter()/exit()"
Previous message: Roman Gushchin: "[PATCH] mm: memcg: account memory used for memcg vmstats and lruvec stats"
In reply to: H. Peter Anvin: "Re: x86: dynamic pt_regs pointer and kernel stack randomization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/29/24 09:09, Kees Cook wrote:

If I'm understanding FRED correctly, I think this exit path
would need to call choose_random_kstack_offset() as well. (For
syscalls, add_random_kstack_offset() is used on entry and
choose_random_kstack_offset() is used on exit, so I think we'd want the
same pattern for interrupt handling.)

Yes, I didn't include it in here because it doesn't affect the assembly flow per se, since it "simply" sets up the parameters for the next entry and so at least logically can be executed more or less anywhere.

Yeah, I'd like greater coverage for ring 3->0 transitions. We do want to
double-check the original design choices, though. I *think* they still
stand (see the comments for choose_random_kstack_offset() about entropy
location (per-cpu area), and lifetime (across userspace execution).

Yeah, I'm not super sure of what exactly the constraints really are; they are written in a way that signals to me that there is implied context that isn't clear to me, especially the bit about "long running syscalls".

-hpa

Next message: Palmer Dabbelt: "Re: [PATCH] cpuidle: riscv-sbi: Add cluster_pm_enter()/exit()"
Previous message: Roman Gushchin: "[PATCH] mm: memcg: account memory used for memcg vmstats and lruvec stats"
In reply to: H. Peter Anvin: "Re: x86: dynamic pt_regs pointer and kernel stack randomization"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]