From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752905AbcJDHHE (ORCPT ); Tue, 4 Oct 2016 03:07:04 -0400 Received: from mail-pa0-f67.google.com ([209.85.220.67]:36643 "EHLO mail-pa0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752472AbcJDHHC (ORCPT ); Tue, 4 Oct 2016 03:07:02 -0400 Date: Tue, 04 Oct 2016 00:06:58 -0700 From: Raymond Jennings Subject: Re: [PATCH 0/3] ABI CHANGE!!! Remove questionable remote SP reads To: Linus Torvalds Cc: Andy Lutomirski , Andy Lutomirski , X86 ML , "linux-kernel@vger.kernel.org" , Brian Gerst , Borislav Petkov , Jann Horn , Linux API , Kees Cook , Tycho Andersen Message-Id: <1475564818.7361.12@smtp.gmail.com> In-Reply-To: References: X-Mailer: geary/0.11.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org My personal opinion is that even looking at esp/rsp is asking for trouble. The only reliable information is VM_STACK or another VM flag that makes the area expand in response to stack growth. Besides, userspace could always play funky trampoline games with the stack pointer, or even dynamically expand the stack by doing a malloc if a stack overflow draws near, which would put the stack in the data section temporarily. As long as esp is in the bounds of a valid VMA, my vote is that we should consider it undefined how the task uses it. On Mon, Oct 3, 2016 at 4:17 PM, Linus Torvalds wrote: > On Mon, Oct 3, 2016 at 4:08 PM, Andy Lutomirski > wrote: >> >> Ping! >> >> We need to decide fairly soon whether to apply these (or perhaps >> just >> patch 1 or just patches 2 and 3) for 4.9. For any parts that aren't >> applied, I'll send quick fixups to pin the stack in the offending >> code. > > I think we should apply it. Hopefully nothing uses it, and nobody will > notice. And if somebody *does* notice, the sooner we find out, the > better. > > Linus From mboxrd@z Thu Jan 1 00:00:00 1970 From: Raymond Jennings Subject: Re: [PATCH 0/3] ABI CHANGE!!! Remove questionable remote SP reads Date: Tue, 04 Oct 2016 00:06:58 -0700 Message-ID: <1475564818.7361.12@smtp.gmail.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Return-path: In-Reply-To: Sender: linux-api-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Linus Torvalds Cc: Andy Lutomirski , Andy Lutomirski , X86 ML , "linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org" , Brian Gerst , Borislav Petkov , Jann Horn , Linux API , Kees Cook , Tycho Andersen List-Id: linux-api@vger.kernel.org My personal opinion is that even looking at esp/rsp is asking for trouble. The only reliable information is VM_STACK or another VM flag that makes the area expand in response to stack growth. Besides, userspace could always play funky trampoline games with the stack pointer, or even dynamically expand the stack by doing a malloc if a stack overflow draws near, which would put the stack in the data section temporarily. As long as esp is in the bounds of a valid VMA, my vote is that we should consider it undefined how the task uses it. On Mon, Oct 3, 2016 at 4:17 PM, Linus Torvalds wrote: > On Mon, Oct 3, 2016 at 4:08 PM, Andy Lutomirski > wrote: >> >> Ping! >> >> We need to decide fairly soon whether to apply these (or perhaps >> just >> patch 1 or just patches 2 and 3) for 4.9. For any parts that aren't >> applied, I'll send quick fixups to pin the stack in the offending >> code. > > I think we should apply it. Hopefully nothing uses it, and nobody will > notice. And if somebody *does* notice, the sooner we find out, the > better. > > Linus