From: Alexander Popov <alex.popov@linux.com>
To: kernel-hardening@lists.openwall.com,
Kees Cook <keescook@chromium.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Ingo Molnar <mingo@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Tycho Andersen <tycho@tycho.ws>,
Laura Abbott <labbott@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
x86@kernel.org, alex.popov@linux.com
Subject: [kernel-hardening] [PATCH RFC v6 3/6] x86/entry: Erase kernel stack in syscall_trace_enter()
Date: Wed, 6 Dec 2017 02:33:44 +0300 [thread overview]
Message-ID: <1512516827-29797-4-git-send-email-alex.popov@linux.com> (raw)
In-Reply-To: <1512516827-29797-1-git-send-email-alex.popov@linux.com>
Make STACKLEAK erase kernel stack after ptrace/seccomp/auditing
not to leave any sensitive information on the stack for the syscall code.
This code is modified from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on our understanding of the code.
Changes or omissions from the original code are ours and don't reflect
the original grsecurity/PaX code.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
---
arch/x86/entry/common.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
index d7d3cc2..d45b7cf 100644
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -45,6 +45,12 @@ __visible inline void enter_from_user_mode(void)
static inline void enter_from_user_mode(void) {}
#endif
+#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
+asmlinkage void erase_kstack(void);
+#else
+static void erase_kstack(void) {}
+#endif
+
static void do_audit_syscall_entry(struct pt_regs *regs, u32 arch)
{
#ifdef CONFIG_X86_64
@@ -81,11 +87,15 @@ static long syscall_trace_enter(struct pt_regs *regs)
emulated = true;
if ((emulated || (work & _TIF_SYSCALL_TRACE)) &&
- tracehook_report_syscall_entry(regs))
+ tracehook_report_syscall_entry(regs)) {
+ erase_kstack();
return -1L;
+ }
- if (emulated)
+ if (emulated) {
+ erase_kstack();
return -1L;
+ }
#ifdef CONFIG_SECCOMP
/*
@@ -117,8 +127,10 @@ static long syscall_trace_enter(struct pt_regs *regs)
}
ret = __secure_computing(&sd);
- if (ret == -1)
+ if (ret == -1) {
+ erase_kstack();
return ret;
+ }
}
#endif
@@ -127,6 +139,7 @@ static long syscall_trace_enter(struct pt_regs *regs)
do_audit_syscall_entry(regs, arch);
+ erase_kstack();
return ret ?: regs->orig_ax;
}
--
2.7.4
next prev parent reply other threads:[~2017-12-05 23:33 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-05 23:33 [kernel-hardening] [PATCH RFC v6 0/6] Introduce the STACKLEAK feature and a test for it Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls Alexander Popov
2017-12-08 11:44 ` [kernel-hardening] " Peter Zijlstra
2017-12-08 21:54 ` Alexander Popov
2017-12-11 9:26 ` Peter Zijlstra
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 2/6] gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack Alexander Popov
2017-12-06 18:57 ` [kernel-hardening] " Laura Abbott
2017-12-07 23:05 ` Alexander Popov
2017-12-12 0:09 ` [kernel-hardening] " Dmitry V. Levin
2017-12-15 15:28 ` Alexander Popov
2017-12-05 23:33 ` Alexander Popov [this message]
2017-12-06 21:12 ` [kernel-hardening] [PATCH RFC v6 3/6] x86/entry: Erase kernel stack in syscall_trace_enter() Dmitry V. Levin
2017-12-11 22:38 ` Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 4/6] lkdtm: Add a test for STACKLEAK Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 5/6] fs/proc: Show STACKLEAK metrics in the /proc file system Alexander Popov
2017-12-06 19:22 ` [kernel-hardening] " Laura Abbott
2017-12-06 20:40 ` Kees Cook
2017-12-06 23:06 ` Laura Abbott
2017-12-07 22:58 ` Alexander Popov
2017-12-07 7:09 ` Alexander Popov
2017-12-07 20:47 ` Tobin C. Harding
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 6/6] doc: self-protection: Add information about STACKLEAK feature Alexander Popov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1512516827-29797-4-git-send-email-alex.popov@linux.com \
--to=alex.popov@linux.com \
--cc=a.p.zijlstra@chello.nl \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=pageexec@freemail.hu \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=tycho@tycho.ws \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox