From: Kees Cook <keescook@chromium.org>
To: Guo Ren <guoren@kernel.org>
Cc: "Palmer Dabbelt" <palmerdabbelt@google.com>,
"Paul Walmsley" <paul.walmsley@sifive.com>,
"Anup Patel" <anup@brainfault.org>,
"Greentime Hu" <greentime.hu@sifive.com>,
"Zong Li" <zong.li@sifive.com>,
linux-riscv <linux-riscv@lists.infradead.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-csky@vger.kernel.org, "Guo Ren" <guoren@linux.alibaba.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Björn Töpel" <bjorn.topel@gmail.com>,
"Greentime Hu" <green.hu@gmail.com>,
"Atish Patra" <atish.patra@wdc.com>
Subject: Re: [PATCH] riscv: Add STACKPROTECTOR supported
Date: Sun, 5 Jul 2020 13:31:52 -0700 [thread overview]
Message-ID: <202007051328.FE9EF99@keescook> (raw)
In-Reply-To: <CAJF2gTQFqH7GMvRgmtb=hBwvUy6NZyM8xLqOsUTvnYhO48tQbg@mail.gmail.com>
On Sun, Jul 05, 2020 at 10:16:14PM +0800, Guo Ren wrote:
> On Sun, Jul 5, 2020 at 2:53 PM Kees Cook <keescook@chromium.org> wrote:
> > On Sun, Jul 05, 2020 at 06:24:15AM +0000, guoren@kernel.org wrote:
> > > +static __always_inline void boot_init_stack_canary(void)
> > > +{
> > > + unsigned long canary;
> > > +
> > > + /* Try to get a semi random initial value. */
> > > + get_random_bytes(&canary, sizeof(canary));
> > > + canary ^= LINUX_VERSION_CODE;
> > > + canary &= CANARY_MASK;
> >
> > Does riscv have any kind of instruction counters or other trivial timers
> > that could be mixed in here? (e.g. x86's TSC)
> Do you mean:
> get_random_bytes(&canary, sizeof(canary));
> + canary += get_cycles64() + (get_cycles64() << 32UL);
> canary ^= LINUX_VERSION_CODE;
> canary &= CANARY_MASK;
>
> Ok ?
Sure -- I assume get_cycles64() is architecturally "simple"? (i.e. it
doesn't require that the entire time-keeping subsystem has started?)
> >
> > > +
> > > + current->stack_canary = canary;
> > > + __stack_chk_guard = current->stack_canary;
> >
> > What's needed for riscv to support a per-task canary? (e.g. x86's TLS or
> > arm64's register-specific methods)
> Some archs change __stack_chk_guard in _switch_to of entry.S, but it
> depends on !CONFIG_SMP.
Oh, funny. I hadn't actually noticed that logic for the !CONFIG_SMP
cases. I see to problem with that, but the more important case, I think
is the per-task canaries.
> #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_SMP)
> get value from next_task->stack_canary
> store value to __stack_chk_guard
> #endif
>
> It's a so limitation solution for per-task canary, so I didn't copy it
> into riscv?
Right -- it's a limited solution. On the other had, is !CONFIG_SMP
expected to be a common config for riscv? If so, it's worth adding. If
not, I'd say skip it. (Though it looks very simple to do...)
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Guo Ren <guoren@kernel.org>
Cc: "Guo Ren" <guoren@linux.alibaba.com>,
"Anup Patel" <anup@brainfault.org>,
"Palmer Dabbelt" <palmerdabbelt@google.com>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
linux-csky@vger.kernel.org, "Atish Patra" <atish.patra@wdc.com>,
"Albert Ou" <aou@eecs.berkeley.edu>,
"Masami Hiramatsu" <mhiramat@kernel.org>,
"Zong Li" <zong.li@sifive.com>,
"Paul Walmsley" <paul.walmsley@sifive.com>,
"Greentime Hu" <greentime.hu@sifive.com>,
linux-riscv <linux-riscv@lists.infradead.org>,
"Greentime Hu" <green.hu@gmail.com>,
"Björn Töpel" <bjorn.topel@gmail.com>
Subject: Re: [PATCH] riscv: Add STACKPROTECTOR supported
Date: Sun, 5 Jul 2020 13:31:52 -0700 [thread overview]
Message-ID: <202007051328.FE9EF99@keescook> (raw)
In-Reply-To: <CAJF2gTQFqH7GMvRgmtb=hBwvUy6NZyM8xLqOsUTvnYhO48tQbg@mail.gmail.com>
On Sun, Jul 05, 2020 at 10:16:14PM +0800, Guo Ren wrote:
> On Sun, Jul 5, 2020 at 2:53 PM Kees Cook <keescook@chromium.org> wrote:
> > On Sun, Jul 05, 2020 at 06:24:15AM +0000, guoren@kernel.org wrote:
> > > +static __always_inline void boot_init_stack_canary(void)
> > > +{
> > > + unsigned long canary;
> > > +
> > > + /* Try to get a semi random initial value. */
> > > + get_random_bytes(&canary, sizeof(canary));
> > > + canary ^= LINUX_VERSION_CODE;
> > > + canary &= CANARY_MASK;
> >
> > Does riscv have any kind of instruction counters or other trivial timers
> > that could be mixed in here? (e.g. x86's TSC)
> Do you mean:
> get_random_bytes(&canary, sizeof(canary));
> + canary += get_cycles64() + (get_cycles64() << 32UL);
> canary ^= LINUX_VERSION_CODE;
> canary &= CANARY_MASK;
>
> Ok ?
Sure -- I assume get_cycles64() is architecturally "simple"? (i.e. it
doesn't require that the entire time-keeping subsystem has started?)
> >
> > > +
> > > + current->stack_canary = canary;
> > > + __stack_chk_guard = current->stack_canary;
> >
> > What's needed for riscv to support a per-task canary? (e.g. x86's TLS or
> > arm64's register-specific methods)
> Some archs change __stack_chk_guard in _switch_to of entry.S, but it
> depends on !CONFIG_SMP.
Oh, funny. I hadn't actually noticed that logic for the !CONFIG_SMP
cases. I see to problem with that, but the more important case, I think
is the per-task canaries.
> #if defined(CONFIG_STACKPROTECTOR) && !defined(CONFIG_SMP)
> get value from next_task->stack_canary
> store value to __stack_chk_guard
> #endif
>
> It's a so limitation solution for per-task canary, so I didn't copy it
> into riscv?
Right -- it's a limited solution. On the other had, is !CONFIG_SMP
expected to be a common config for riscv? If so, it's worth adding. If
not, I'd say skip it. (Though it looks very simple to do...)
--
Kees Cook
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2020-07-05 20:31 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-05 6:24 [PATCH] riscv: Add STACKPROTECTOR supported guoren
2020-07-05 6:24 ` guoren
2020-07-05 6:53 ` Kees Cook
2020-07-05 6:53 ` Kees Cook
2020-07-05 14:16 ` Guo Ren
2020-07-05 14:16 ` Guo Ren
2020-07-05 20:31 ` Kees Cook [this message]
2020-07-05 20:31 ` Kees Cook
2020-07-06 0:55 ` Guo Ren
2020-07-06 0:55 ` Guo Ren
2020-07-06 1:19 ` Kees Cook
2020-07-06 1:19 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202007051328.FE9EF99@keescook \
--to=keescook@chromium.org \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=atish.patra@wdc.com \
--cc=bjorn.topel@gmail.com \
--cc=green.hu@gmail.com \
--cc=greentime.hu@sifive.com \
--cc=guoren@kernel.org \
--cc=guoren@linux.alibaba.com \
--cc=linux-csky@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=mhiramat@kernel.org \
--cc=palmerdabbelt@google.com \
--cc=paul.walmsley@sifive.com \
--cc=zong.li@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.