[PATCH v2 09/13] lkdtm/stackleak: rework boundary management
Kees Cook
keescook at chromium.org
Wed May 4 12:07:57 PDT 2022
On Wed, Apr 27, 2022 at 06:31:24PM +0100, Mark Rutland wrote:
> There are a few problems with the way the LKDTM STACKLEAK_ERASING test
> manipulates the stack pointer and boundary values:
>
> * It uses the address of a local variable to determine the current stack
> pointer, rather than using current_stack_pointer directly. As the
> local variable could be placed anywhere within the stack frame, this
> can be an over-estimate of the true stack pointer value.
>
> * Is uses an estiamte of the current stack pointer as the upper boundary
> when scanning for poison, even though prior functions could have used
> more stack (and may have updated current->lowest stack accordingly).
>
> * A pr_info() call is made in the middle of the test. As the printk()
> code is out-of-line and will make use of the stack, this could clobber
> poison and/or adjust current->lowest_stack. It would be better to log
> the metadata after the body of the test to avoid such problems.
Yeah, I noticed this too when I was testing the v1 series. I started
cleaning it up, but your version is much better. :)
--
Kees Cook
More information about the linux-arm-kernel
mailing list