Re: [PATCH] x86/entry/64: randomize kernel stack offset upon syscall
From: Andy Lutomirski
Date: Wed May 01 2019 - 19:37:29 EST
On Wed, May 1, 2019 at 1:42 AM David Laight <David.Laight@xxxxxxxxxx> wrote:
>
> From: Reshetova, Elena
> > Sent: 30 April 2019 18:51
> ...
> > +unsigned char random_get_byte(void)
> > +{
> > + struct rnd_buffer *buffer = &get_cpu_var(stack_rand_offset);
> > + unsigned char res;
> > +
> > + if (buffer->byte_counter >= RANDOM_BUFFER_SIZE) {
> > + get_random_bytes(&(buffer->buffer), sizeof(buffer->buffer));
> > + buffer->byte_counter = 0;
> > + }
> > +
> > + res = buffer->buffer[buffer->byte_counter];
> > + buffer->buffer[buffer->byte_counter] = 0;
>
> If is really worth dirtying a cache line to zero data we've used?
> The unused bytes following are much more interesting.
>
For this particular use case, zeroing is probably worthless. But, for
the general case of get_random_bytes(), we need to zero, and I would
argue that get_random_bytes() should be doing exactly this in general.