From: Xiu Jianfeng <xiujianfeng@huawei.com> To: <mpe@ellerman.id.au>, <benh@kernel.crashing.org>, <paulus@samba.org>, <npiggin@gmail.com>, <christophe.leroy@csgroup.eu>, <tglx@linutronix.de>, <mark.rutland@arm.com> Cc: <linuxppc-dev@lists.ozlabs.org>, <linux-kernel@vger.kernel.org>, <linux-hardening@vger.kernel.org> Subject: [PATCH -next] powerpc: add support for syscall stack randomization Date: Thu, 5 May 2022 19:19:32 +0800 [thread overview] Message-ID: <20220505111932.228814-1-xiujianfeng@huawei.com> (raw) Add support for adding a random offset to the stack while handling syscalls. This patch uses mftb() instead of get_random_int() for better performance. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- arch/powerpc/Kconfig | 1 + arch/powerpc/kernel/interrupt.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 5fc9153927ac..7e04c9f80cbc 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -192,6 +192,7 @@ config PPC select HAVE_ARCH_KASAN if PPC32 && PPC_PAGE_SHIFT <= 14 select HAVE_ARCH_KASAN_VMALLOC if PPC32 && PPC_PAGE_SHIFT <= 14 select HAVE_ARCH_KFENCE if PPC_BOOK3S_32 || PPC_8xx || 40x + select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET select HAVE_ARCH_KGDB select HAVE_ARCH_MMAP_RND_BITS select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT diff --git a/arch/powerpc/kernel/interrupt.c b/arch/powerpc/kernel/interrupt.c index 784ea3289c84..459385769721 100644 --- a/arch/powerpc/kernel/interrupt.c +++ b/arch/powerpc/kernel/interrupt.c @@ -4,6 +4,7 @@ #include <linux/err.h> #include <linux/compat.h> #include <linux/sched/debug.h> /* for show_regs */ +#include <linux/randomize_kstack.h> #include <asm/kup.h> #include <asm/cputime.h> @@ -82,6 +83,7 @@ notrace long system_call_exception(long r3, long r4, long r5, kuap_lock(); + add_random_kstack_offset(); regs->orig_gpr3 = r3; if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG)) @@ -405,6 +407,7 @@ interrupt_exit_user_prepare_main(unsigned long ret, struct pt_regs *regs) /* Restore user access locks last */ kuap_user_restore(regs); + choose_random_kstack_offset(mftb() & 0xFF); return ret; } -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Xiu Jianfeng <xiujianfeng@huawei.com> To: <mpe@ellerman.id.au>, <benh@kernel.crashing.org>, <paulus@samba.org>, <npiggin@gmail.com>, <christophe.leroy@csgroup.eu>, <tglx@linutronix.de>, <mark.rutland@arm.com> Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH -next] powerpc: add support for syscall stack randomization Date: Thu, 5 May 2022 19:19:32 +0800 [thread overview] Message-ID: <20220505111932.228814-1-xiujianfeng@huawei.com> (raw) Add support for adding a random offset to the stack while handling syscalls. This patch uses mftb() instead of get_random_int() for better performance. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- arch/powerpc/Kconfig | 1 + arch/powerpc/kernel/interrupt.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index 5fc9153927ac..7e04c9f80cbc 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -192,6 +192,7 @@ config PPC select HAVE_ARCH_KASAN if PPC32 && PPC_PAGE_SHIFT <= 14 select HAVE_ARCH_KASAN_VMALLOC if PPC32 && PPC_PAGE_SHIFT <= 14 select HAVE_ARCH_KFENCE if PPC_BOOK3S_32 || PPC_8xx || 40x + select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET select HAVE_ARCH_KGDB select HAVE_ARCH_MMAP_RND_BITS select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT diff --git a/arch/powerpc/kernel/interrupt.c b/arch/powerpc/kernel/interrupt.c index 784ea3289c84..459385769721 100644 --- a/arch/powerpc/kernel/interrupt.c +++ b/arch/powerpc/kernel/interrupt.c @@ -4,6 +4,7 @@ #include <linux/err.h> #include <linux/compat.h> #include <linux/sched/debug.h> /* for show_regs */ +#include <linux/randomize_kstack.h> #include <asm/kup.h> #include <asm/cputime.h> @@ -82,6 +83,7 @@ notrace long system_call_exception(long r3, long r4, long r5, kuap_lock(); + add_random_kstack_offset(); regs->orig_gpr3 = r3; if (IS_ENABLED(CONFIG_PPC_IRQ_SOFT_MASK_DEBUG)) @@ -405,6 +407,7 @@ interrupt_exit_user_prepare_main(unsigned long ret, struct pt_regs *regs) /* Restore user access locks last */ kuap_user_restore(regs); + choose_random_kstack_offset(mftb() & 0xFF); return ret; } -- 2.17.1
next reply other threads:[~2022-05-05 11:20 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-05-05 11:19 Xiu Jianfeng [this message] 2022-05-05 11:19 ` [PATCH -next] powerpc: add support for syscall stack randomization Xiu Jianfeng 2022-05-10 9:23 ` Nicholas Piggin 2022-05-10 9:23 ` Nicholas Piggin 2022-05-10 16:19 ` Kees Cook 2022-05-10 16:19 ` Kees Cook 2022-05-11 8:36 ` xiujianfeng 2022-05-11 8:36 ` xiujianfeng 2022-05-12 13:03 ` Michael Ellerman 2022-05-12 13:03 ` Michael Ellerman 2022-05-11 8:34 ` xiujianfeng 2022-05-11 8:34 ` xiujianfeng 2022-05-12 13:17 ` Michael Ellerman 2022-05-12 13:17 ` Michael Ellerman 2022-05-16 7:29 ` xiujianfeng 2022-05-16 7:29 ` xiujianfeng
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220505111932.228814-1-xiujianfeng@huawei.com \ --to=xiujianfeng@huawei.com \ --cc=benh@kernel.crashing.org \ --cc=christophe.leroy@csgroup.eu \ --cc=linux-hardening@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=mark.rutland@arm.com \ --cc=mpe@ellerman.id.au \ --cc=npiggin@gmail.com \ --cc=paulus@samba.org \ --cc=tglx@linutronix.de \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.