From: Florian Weimer <fw@deneb.enyo.de>
To: Daniel Micay <danielmicay@gmail.com>
Cc: Jann Horn <jann@thejh.net>, Kees Cook <keescook@chromium.org>,
kernel-hardening@lists.openwall.com,
Andrew Morton <akpm@linux-foundation.org>,
Michal Hocko <mhocko@suse.com>, Ingo Molnar <mingo@kernel.org>,
Andy Lutomirski <luto@kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random
Date: Mon, 31 Oct 2016 22:38:00 +0100 [thread overview]
Message-ID: <8760o8ryh3.fsf@mid.deneb.enyo.de> (raw)
In-Reply-To: <1477948871.8761.9.camel@gmail.com> (Daniel Micay's message of "Mon, 31 Oct 2016 17:21:11 -0400")
* Daniel Micay:
> -fstack-stack is supposed to handle a single guard by default, and
> that's all there is for thread stacks by default.
Okay, then I'll really have to look at the probing offsets again.
It's been on my to-do list since about 2012, and arguably, it *is* a
user-space thing.
And I just realized that we should probably fail at dlopen time if
some tries to open a DSO which needs an executable stack, rather than
silently changing all thread stacks to executable. *sigh*
>> > Note: talking about userspace after the entropy bit. The kernel
>> > doesn't
>> > really -fstack-check, at least in even slightly sane code...
>>
>> There used to be lots of discussions about kernel stack sizes ...
>
> It should just be banning VLAs, alloca and large stack frames though, if
> it's not already. There wasn't even support for guard pages with kernel
> stacks until recently outside grsecurity,
Which is not surprising, considering that one prime motivation for
small stacks was to conserve 32-bit address space. But I'm glad that
there is now a guard page. Hopefully, it does not affect performance,
and on 64-bit, at least there isn't the address space limit to worry
about.
> and -fstack-check relies on them so it doesn't seem like a great
> solution for the kernel.
-fsplit-stack could enforce stack usage limits even without guard
pages, but of course, there is some run-time overhead, and the limit
has to come from somewhere (typically the TCB).
next prev parent reply other threads:[~2016-10-31 21:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-31 14:04 [kernel-hardening] [PATCH] fork: make whole stack_canary random Jann Horn
2016-10-31 14:04 ` Jann Horn
2016-10-31 16:04 ` [kernel-hardening] " Kees Cook
2016-10-31 16:04 ` Kees Cook
2016-10-31 16:29 ` [kernel-hardening] " Jann Horn
2016-10-31 20:45 ` Florian Weimer
2016-10-31 20:55 ` Jann Horn
2016-10-31 20:56 ` Daniel Micay
2016-10-31 21:01 ` Daniel Micay
2016-10-31 21:10 ` Florian Weimer
2016-10-31 21:21 ` Daniel Micay
2016-10-31 21:38 ` Florian Weimer [this message]
2016-10-31 22:02 ` Daniel Micay
2016-10-31 22:11 ` Florian Weimer
2016-10-31 21:22 ` Jann Horn
2016-10-31 21:26 ` Daniel Micay
2016-10-31 21:26 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760o8ryh3.fsf@mid.deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=akpm@linux-foundation.org \
--cc=danielmicay@gmail.com \
--cc=jann@thejh.net \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.