Re: [PATCH v11 2/6] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
From: Kees Cook
Date: Mon Apr 16 2018 - 14:29:20 EST
On Fri, Apr 6, 2018 at 7:22 AM, Alexander Popov <alex.popov@xxxxxxxxx> wrote:
> This commit introduces the architecture-specific code filling the used
> part of the kernel stack with a poison value before returning to the
> userspace. Full STACKLEAK feature also contains the gcc plugin which
> comes in a separate commit.
Thanks for sending this again! And thanks for the updated reasoning
for why this remains a valuable addition:
https://lkml.kernel.org/r/1523024546-6150-1-git-send-email-alex.popov@xxxxxxxxx
I, too, remain convinced this is a good protection to have, even as we
slowly remove VLAs and try to improve the compiler's initialization of
stack variables.
Dave, Ingo, Linus: how does this look? With the assembly rewritten
into C, the entry changes are very small:
> arch/x86/entry/entry_32.S | 7 ++++++
> arch/x86/entry/entry_64.S | 3 +++
> arch/x86/entry/entry_64_compat.S | 5 ++++
> arch/x86/entry/erase.c | 54 ++++++++++++++++++++++++++++++++++++++++
I'd really like to get people's Ack/Review. :)
Laura, can this C version work for arm64 as well?
Thanks,
-Kees
--
Kees Cook
Pixel Security