From: Kees Cook <keescook@chromium.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Borislav Petkov <bp@alien8.de>,
Andrew Morton <akpm@linux-foundation.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Elena Reshetova <elena.reshetova@intel.com>
Subject: Re: [GIT PULL] Stack randomization fix
Date: Fri, 21 May 2021 11:12:00 -0700 [thread overview]
Message-ID: <202105211105.2E1A1B4D6@keescook> (raw)
In-Reply-To: <YKDJ40DUdY1Oy+FJ@gmail.com>
On Sun, May 16, 2021 at 09:29:39AM +0200, Ingo Molnar wrote:
> Without stackprotector we get:
>
> ffffffff81080330 <dummy_dummy>:
> ffffffff81080330: 55 push %rbp
> ffffffff81080331: 65 8b 05 88 12 f9 7e mov %gs:0x7ef91288(%rip),%eax # 115c0 <kstack_offset>
> ffffffff81080338: 25 ff 03 00 00 and $0x3ff,%eax
> ffffffff8108033d: 48 83 c0 0f add $0xf,%rax
> ffffffff81080341: 48 89 e5 mov %rsp,%rbp
> ffffffff81080344: 25 f8 07 00 00 and $0x7f8,%eax
> ffffffff81080349: 48 29 c4 sub %rax,%rsp
> ffffffff8108034c: 48 8d 44 24 0f lea 0xf(%rsp),%rax
> ffffffff81080351: 48 83 e0 f0 and $0xfffffffffffffff0,%rax
> ffffffff81080355: c9 leave
> ffffffff81080356: c3 ret
>
> Which is still quite a bit longer than it probably should be, IMO. Since we
> are relying on assembly anyway, we don't we force frame pointers explicitly
> and do this in assembly? The key sequence should only be something like:
>
> 65 8b 05 88 12 f9 7e mov %gs:0x7ef91288(%rip),%eax # 115c0 <kstack_offset>
> 48 29 c4 sub %rax,%rsp
>
> There's no fundamental reason for all the masking games IMO.
Mainly the mask is for enforcing stack alignment (and the compiler
does it). The top-level mask is to limit the resulting entropy while
keeping the rest of the entropy for mixing the per-cpu variable.
However, the compile almost entirely fails to optimize the masking:
> 25 ff 03 00 00 and $0x3ff,%eax
> 48 83 c0 0f add $0xf,%rax
> 25 f8 07 00 00 and $0x7f8,%eax
This should just be and $0x3f0, I suspect (I need to double-check the
rounding up it wants to do with the "add"...)
Luckily, while long, it is very fast.
--
Kees Cook
next prev parent reply other threads:[~2021-05-21 18:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-15 7:34 [GIT PULL] Stack randomization fix Ingo Molnar
2021-05-15 17:13 ` Linus Torvalds
2021-05-16 7:29 ` Ingo Molnar
2021-05-21 18:12 ` Kees Cook [this message]
2021-05-17 9:12 ` David Laight
2021-05-15 17:55 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202105211105.2E1A1B4D6@keescook \
--to=keescook@chromium.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=elena.reshetova@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=ndesaulniers@google.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox