From: Mark Rutland <mark.rutland@arm.com>
To: Heiko Carstens <hca@linux.ibm.com>
Cc: Kees Cook <keescook@chromium.org>,
Alexander Popov <alex.popov@linux.com>,
Vasily Gorbik <gor@linux.ibm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/2] stackleak: allow to specify arch specific stackleak poison function
Date: Wed, 12 Apr 2023 11:06:29 +0100 [thread overview]
Message-ID: <ZDaCpRp5wnh3VFuQ@FVFF77S0Q05N> (raw)
In-Reply-To: <ZDaAr0Tg5DPJM9BY@osiris>
On Wed, Apr 12, 2023 at 11:58:07AM +0200, Heiko Carstens wrote:
> On Wed, Apr 12, 2023 at 10:03:46AM +0100, Mark Rutland wrote:
> > On Wed, Apr 05, 2023 at 03:08:40PM +0200, Heiko Carstens wrote:
> > > Factor out the code that fills the stack with the stackleak poison value
> > > in order to allow architectures to provide a faster implementation.
> > >
> > > Acked-by: Vasily Gorbik <gor@linux.ibm.com>
> > > Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
> >
> > As on patch 2, it might be nicer to have a noinstr-safe memset64() and use that
> > directly, but I don't have strong feelings either way, and I'll defer to Kees's
> > judgement:
>
> Wouldn't that enforce that memset64() wouldn't be allowed to have an own
> stackframe, since otherwise it would write poison values to it, since we
> have
>
> if (on_task_stack)
> erase_high = current_stack_pointer;
>
> in __stackleak_erase()?
Yes, sorry -- I was implicitly assuming that a noinstr-safe version would be
__always_inline.
> That was actually my motiviation to make this s390 optimization an always
> inline asm.
>
> Besides that this wouldn't be a problem for at least s390, since memset64()
> is an asm function which comes whithout the need for a stackframe, but on
> the other hand this would add a quite subtle requirement to memset64(), if
> I'm not mistaken.
That's a fair enough justification, I think. Thanks for the details!
Thanks,
Mark.
next prev parent reply other threads:[~2023-04-12 10:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-05 13:08 [PATCH 0/2] stackleak: allow to specify arch specific stackleak poison function Heiko Carstens
2023-04-05 13:08 ` [PATCH 1/2] " Heiko Carstens
2023-04-12 9:03 ` Mark Rutland
2023-04-12 9:58 ` Heiko Carstens
2023-04-12 10:06 ` Mark Rutland [this message]
2023-04-05 13:08 ` [PATCH 2/2] s390/stackleak: provide fast __stackleak_poison() implementation Heiko Carstens
2023-04-12 9:02 ` Mark Rutland
2023-04-18 17:21 ` [PATCH 0/2] stackleak: allow to specify arch specific stackleak poison function Heiko Carstens
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZDaCpRp5wnh3VFuQ@FVFF77S0Q05N \
--to=mark.rutland@arm.com \
--cc=alex.popov@linux.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox