From: Alexander Popov <alex.popov@linux.com>
To: Mark Rutland <mark.rutland@arm.com>,
linux-arm-kernel@lists.infradead.org
Cc: akpm@linux-foundation.org, catalin.marinas@arm.com,
keescook@chromium.org, linux-kernel@vger.kernel.org,
luto@kernel.org, will@kernel.org
Subject: Re: [PATCH v2 03/13] stackleak: remove redundant check
Date: Sun, 8 May 2022 21:17:01 +0300 [thread overview]
Message-ID: <a604fa2b-e7c3-3fff-dd81-1a0585a9e2fa@linux.com> (raw)
In-Reply-To: <20220427173128.2603085-4-mark.rutland@arm.com>
On 27.04.2022 20:31, Mark Rutland wrote:
> In __stackleak_erase() we check that the `erase_low` value derived from
> `current->lowest_stack` is above the lowest legitimate stack pointer
> value, but this is already enforced by stackleak_track_stack() when
> recording the lowest stack value.
>
> Remove the redundant check.
>
> There should be no functional change as a result of this patch.
Mark, I can't agree here. I think this check is important.
The performance profit from dropping it is less than the confidence decrease :)
With this check, if the 'lowest_stack' value is corrupted, stackleak doesn't
overwrite some wrong kernel memory, but simply clears the whole thread stack,
which is safe behavior.
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Alexander Popov <alex.popov@linux.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Kees Cook <keescook@chromium.org>
> ---
> kernel/stackleak.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/kernel/stackleak.c b/kernel/stackleak.c
> index 753eab797a04d..f7a0f8cf73c37 100644
> --- a/kernel/stackleak.c
> +++ b/kernel/stackleak.c
> @@ -78,10 +78,6 @@ static __always_inline void __stackleak_erase(void)
> unsigned int poison_count = 0;
> const unsigned int depth = STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
>
> - /* Check that 'lowest_stack' value is sane */
> - if (unlikely(kstack_ptr - boundary >= THREAD_SIZE))
> - kstack_ptr = boundary;
> -
> /* Search for the poison value in the kernel stack */
> while (kstack_ptr > boundary && poison_count <= depth) {
> if (*(unsigned long *)kstack_ptr == STACKLEAK_POISON)
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Popov <alex.popov@linux.com>
To: Mark Rutland <mark.rutland@arm.com>,
linux-arm-kernel@lists.infradead.org
Cc: akpm@linux-foundation.org, catalin.marinas@arm.com,
keescook@chromium.org, linux-kernel@vger.kernel.org,
luto@kernel.org, will@kernel.org
Subject: Re: [PATCH v2 03/13] stackleak: remove redundant check
Date: Sun, 8 May 2022 21:17:01 +0300 [thread overview]
Message-ID: <a604fa2b-e7c3-3fff-dd81-1a0585a9e2fa@linux.com> (raw)
In-Reply-To: <20220427173128.2603085-4-mark.rutland@arm.com>
On 27.04.2022 20:31, Mark Rutland wrote:
> In __stackleak_erase() we check that the `erase_low` value derived from
> `current->lowest_stack` is above the lowest legitimate stack pointer
> value, but this is already enforced by stackleak_track_stack() when
> recording the lowest stack value.
>
> Remove the redundant check.
>
> There should be no functional change as a result of this patch.
Mark, I can't agree here. I think this check is important.
The performance profit from dropping it is less than the confidence decrease :)
With this check, if the 'lowest_stack' value is corrupted, stackleak doesn't
overwrite some wrong kernel memory, but simply clears the whole thread stack,
which is safe behavior.
> Signed-off-by: Mark Rutland <mark.rutland@arm.com>
> Cc: Alexander Popov <alex.popov@linux.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Kees Cook <keescook@chromium.org>
> ---
> kernel/stackleak.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/kernel/stackleak.c b/kernel/stackleak.c
> index 753eab797a04d..f7a0f8cf73c37 100644
> --- a/kernel/stackleak.c
> +++ b/kernel/stackleak.c
> @@ -78,10 +78,6 @@ static __always_inline void __stackleak_erase(void)
> unsigned int poison_count = 0;
> const unsigned int depth = STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
>
> - /* Check that 'lowest_stack' value is sane */
> - if (unlikely(kstack_ptr - boundary >= THREAD_SIZE))
> - kstack_ptr = boundary;
> -
> /* Search for the poison value in the kernel stack */
> while (kstack_ptr > boundary && poison_count <= depth) {
> if (*(unsigned long *)kstack_ptr == STACKLEAK_POISON)
next prev parent reply other threads:[~2022-05-08 18:18 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-27 17:31 [PATCH v2 00/13] stackleak: fixes and rework Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 01/13] arm64: stackleak: fix current_top_of_stack() Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-04 16:41 ` Catalin Marinas
2022-05-04 16:41 ` Catalin Marinas
2022-05-04 19:01 ` Kees Cook
2022-05-04 19:01 ` Kees Cook
2022-05-04 19:55 ` Catalin Marinas
2022-05-04 19:55 ` Catalin Marinas
2022-05-05 8:25 ` Will Deacon
2022-05-05 8:25 ` Will Deacon
2022-05-08 17:24 ` Alexander Popov
2022-05-08 17:24 ` Alexander Popov
2022-05-10 11:36 ` Mark Rutland
2022-05-10 11:36 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 02/13] stackleak: move skip_erasing() check earlier Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-08 17:44 ` Alexander Popov
2022-05-08 17:44 ` Alexander Popov
2022-05-10 11:40 ` Mark Rutland
2022-05-10 11:40 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 03/13] stackleak: remove redundant check Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-08 18:17 ` Alexander Popov [this message]
2022-05-08 18:17 ` Alexander Popov
2022-05-10 11:46 ` Mark Rutland
2022-05-10 11:46 ` Mark Rutland
2022-05-11 3:00 ` Kees Cook
2022-05-11 3:00 ` Kees Cook
2022-05-11 8:02 ` Mark Rutland
2022-05-11 8:02 ` Mark Rutland
2022-05-11 14:44 ` Kees Cook
2022-05-11 14:44 ` Kees Cook
2022-05-12 9:14 ` Mark Rutland
2022-05-12 9:14 ` Mark Rutland
2022-05-15 16:17 ` Alexander Popov
2022-05-15 16:17 ` Alexander Popov
2022-05-24 10:03 ` Mark Rutland
2022-05-24 10:03 ` Mark Rutland
2022-05-26 22:09 ` Alexander Popov
2022-05-26 22:09 ` Alexander Popov
2022-04-27 17:31 ` [PATCH v2 04/13] stackleak: rework stack low bound handling Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 05/13] stackleak: clarify variable names Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-08 20:49 ` Alexander Popov
2022-05-08 20:49 ` Alexander Popov
2022-05-10 13:01 ` Mark Rutland
2022-05-10 13:01 ` Mark Rutland
2022-05-11 3:05 ` Kees Cook
2022-05-11 3:05 ` Kees Cook
2022-04-27 17:31 ` [PATCH v2 06/13] stackleak: rework stack high bound handling Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-08 21:27 ` Alexander Popov
2022-05-08 21:27 ` Alexander Popov
2022-05-10 11:22 ` Mark Rutland
2022-05-10 11:22 ` Mark Rutland
2022-05-15 16:32 ` Alexander Popov
2022-05-15 16:32 ` Alexander Popov
2022-04-27 17:31 ` [PATCH v2 07/13] stackleak: rework poison scanning Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-09 13:51 ` Alexander Popov
2022-05-09 13:51 ` Alexander Popov
2022-05-10 13:13 ` Mark Rutland
2022-05-10 13:13 ` Mark Rutland
2022-05-15 17:33 ` Alexander Popov
2022-05-15 17:33 ` Alexander Popov
2022-05-24 13:31 ` Mark Rutland
2022-05-24 13:31 ` Mark Rutland
2022-05-26 23:25 ` Alexander Popov
2022-05-26 23:25 ` Alexander Popov
2022-05-31 18:13 ` Kees Cook
2022-05-31 18:13 ` Kees Cook
2022-06-03 16:55 ` Alexander Popov
2022-06-03 16:55 ` Alexander Popov
2022-04-27 17:31 ` [PATCH v2 08/13] lkdtm/stackleak: avoid spurious failure Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 09/13] lkdtm/stackleak: rework boundary management Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-04 19:07 ` Kees Cook
2022-05-04 19:07 ` Kees Cook
2022-04-27 17:31 ` [PATCH v2 10/13] lkdtm/stackleak: prevent unexpected stack usage Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 11/13] lkdtm/stackleak: check stack boundaries Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 12/13] stackleak: add on/off stack variants Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-04-27 17:31 ` [PATCH v2 13/13] arm64: entry: use stackleak_erase_on_task_stack() Mark Rutland
2022-04-27 17:31 ` Mark Rutland
2022-05-04 16:42 ` Catalin Marinas
2022-05-04 16:42 ` Catalin Marinas
2022-05-04 19:16 ` [PATCH v2 00/13] stackleak: fixes and rework Kees Cook
2022-05-04 19:16 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a604fa2b-e7c3-3fff-dd81-1a0585a9e2fa@linux.com \
--to=alex.popov@linux.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.