NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../include
History
Mark Rutland 77cf2b6dee stackleak: rework poison scanning 
Currently we over-estimate the region of stack which must be erased.

To determine the region to be erased, we scan downwards for a contiguous
block of poison values (or the low bound of the stack). There are a few
minor problems with this today:

* When we find a block of poison values, we include this block within
  the region to erase.

  As this is included within the region to erase, this causes us to
  redundantly overwrite 'STACKLEAK_SEARCH_DEPTH' (128) bytes with
  poison.

* As the loop condition checks 'poison_count <= depth', it will run an
  additional iteration after finding the contiguous block of poison,
  decrementing 'erase_low' once more than necessary.

  As this is included within the region to erase, this causes us to
  redundantly overwrite an additional unsigned long with poison.

* As we always decrement 'erase_low' after checking an element on the
  stack, we always include the element below this within the region to
  erase.

  As this is included within the region to erase, this causes us to
  redundantly overwrite an additional unsigned long with poison.

  Note that this is not a functional problem. As the loop condition
  checks 'erase_low > task_stack_low', we'll never clobber the
  STACK_END_MAGIC. As we always decrement 'erase_low' after this, we'll
  never fail to erase the element immediately above the STACK_END_MAGIC.

In total, this can cause us to erase `128 + 2 * sizeof(unsigned long)`
bytes more than necessary, which is unfortunate.

This patch reworks the logic to find the address immediately above the
poisoned region, by finding the lowest non-poisoned address. This is
factored into a stackleak_find_top_of_poison() helper both for clarity
and so that this can be shared with the LKDTM test in subsequent
patches.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Popov <alex.popov@linux.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220427173128.2603085-8-mark.rutland@arm.com
2022-05-08 01:33:08 -07:00
..
acpi ACPI: bus: Eliminate acpi_bus_get_device() 2022-04-05 19:49:26 +02:00
asm-generic arm64 fixes for -rc2 2022-04-08 07:09:17 -10:00
clocksource
crypto
drm
dt-bindings RTC for 5.18 2022-04-01 09:37:18 -07:00
keys
kunit
kvm
linux stackleak: rework poison scanning 2022-05-08 01:33:08 -07:00
math-emu
media
memory
misc
net mctp: Use output netdev to allocate skb headroom 2022-04-01 12:04:15 +01:00
pcmcia
ras mm/memory-failure.c: fix race with changing page compound again 2022-03-22 15:57:07 -07:00
rdma
scsi SCSI misc on 20220324 2022-03-24 19:37:53 -07:00
soc drm for 5.18-rc1 2022-03-24 16:19:43 -07:00
sound sound fixes for 5.18-rc1 2022-04-01 10:32:46 -07:00
target
trace NFSD bug fixes for 5.18-rc: 2022-04-12 14:23:19 -10:00
uapi hardening fixes for v5.18-rc3 2022-04-12 14:29:40 -10:00
vdso
video
xen