Re: [GIT PULL] Stack randomization fix
From: Kees Cook
Date: Fri May 21 2021 - 14:12:06 EST
On Sun, May 16, 2021 at 09:29:39AM +0200, Ingo Molnar wrote:
> Without stackprotector we get:
>
> ffffffff81080330 <dummy_dummy>:
> ffffffff81080330: 55 push %rbp
> ffffffff81080331: 65 8b 05 88 12 f9 7e mov %gs:0x7ef91288(%rip),%eax # 115c0 <kstack_offset>
> ffffffff81080338: 25 ff 03 00 00 and $0x3ff,%eax
> ffffffff8108033d: 48 83 c0 0f add $0xf,%rax
> ffffffff81080341: 48 89 e5 mov %rsp,%rbp
> ffffffff81080344: 25 f8 07 00 00 and $0x7f8,%eax
> ffffffff81080349: 48 29 c4 sub %rax,%rsp
> ffffffff8108034c: 48 8d 44 24 0f lea 0xf(%rsp),%rax
> ffffffff81080351: 48 83 e0 f0 and $0xfffffffffffffff0,%rax
> ffffffff81080355: c9 leave
> ffffffff81080356: c3 ret
>
> Which is still quite a bit longer than it probably should be, IMO. Since we
> are relying on assembly anyway, we don't we force frame pointers explicitly
> and do this in assembly? The key sequence should only be something like:
>
> 65 8b 05 88 12 f9 7e mov %gs:0x7ef91288(%rip),%eax # 115c0 <kstack_offset>
> 48 29 c4 sub %rax,%rsp
>
> There's no fundamental reason for all the masking games IMO.
Mainly the mask is for enforcing stack alignment (and the compiler
does it). The top-level mask is to limit the resulting entropy while
keeping the rest of the entropy for mixing the per-cpu variable.
However, the compile almost entirely fails to optimize the masking:
> 25 ff 03 00 00 and $0x3ff,%eax
> 48 83 c0 0f add $0xf,%rax
> 25 f8 07 00 00 and $0x7f8,%eax
This should just be and $0x3f0, I suspect (I need to double-check the
rounding up it wants to do with the "add"...)
Luckily, while long, it is very fast.
--
Kees Cook