On Mon, May 03, 2021 at 11:13:01AM +0200, Sven Schnelle wrote:
> Hi Kees,
>
> Sven Schnelle <svens@xxxxxxxxxxxxx> writes:
>
> > Kees Cook <keescook@xxxxxxxxxxxx> writes:
> >
> >> On Thu, Apr 29, 2021 at 11:14:51AM +0200, Sven Schnelle wrote:
> >>> enough and has much less performance penalty compared to using
> >>> get_random_int(). The patch also adds randomization in pgm_check_handler()
> >>> as the sigreturn/rt_sigreturn system calls might be called from there.
> >>
> >> Ah, interesting. Is this path to syscalls unique to s390? (As in, should
> >> x86 and arm64 gain coverage over a path that got missed?)
> >
> > Yes, it's unique to s390. So there should be no need to do anything
> > similar on other architectures.
>
> I was a bit short with my reponse, so let me explain this a bit
> further. On s390, when a signal handler needs to be called, we put a
> 'svc (system call) instruction on the Stack and set the address in the
> register holding the return address (r14) to that address. That worked
> fine until non-executable stacks where introduced. With non-executable
> stacks, we get a program check instead when trying to execute the svc.
> The kernel than checks whether the instruction that caused the fault
> is the svc instruction, and if yes, it will redirect to the systemm call
> code to execute the {rt_}sigreturn syscall. So we need to do the stack
> offset randomization also in the program check handler to cover that path.
Ah-ha; thanks for the details! I appreciate it. :)
> >>> +static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
> >>> + unsigned long ti_work)
> >>> +{
> >>> + choose_random_kstack_offset(get_tod_clock_fast() & 0xff);
> >>
> >> What's the stack alignment on s390? Or, better question, what's the
> >> expected number of entropy bits?
> >
> >
> > The stack alignement on s390 is 8 bytes, so this should give us 5 bits
> > of entropy.
Sounds good!
--
Kees Cook
