Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-04-18 Thread Andrew Morton
On Wed, 18 Apr 2018 09:38:07 -0700 Kees Cook wrote: > >> So some quite careful quantitative testing is needed here, methinks. > > > > Well, I did some more with perf and cycle counts on running 100,000 > > execs of /bin/true. > > > > before: > > Cycles: 218858861551

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-04-18 Thread Andrew Morton
On Wed, 18 Apr 2018 09:38:07 -0700 Kees Cook wrote: > >> So some quite careful quantitative testing is needed here, methinks. > > > > Well, I did some more with perf and cycle counts on running 100,000 > > execs of /bin/true. > > > > before: > > Cycles: 218858861551 218853036130 214727610969

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-04-18 Thread Kees Cook
On Wed, Feb 21, 2018 at 6:15 PM, Kees Cook wrote: > On Wed, Feb 21, 2018 at 12:59 PM, Andrew Morton > wrote: >> On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: >> >>> On Tue 20-02-18 18:16:59, Kees Cook wrote: >>> > One

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-04-18 Thread Kees Cook
On Wed, Feb 21, 2018 at 6:15 PM, Kees Cook wrote: > On Wed, Feb 21, 2018 at 12:59 PM, Andrew Morton > wrote: >> On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: >> >>> On Tue 20-02-18 18:16:59, Kees Cook wrote: >>> > One of the classes of kernel stack content leaks[1] is exposing the >>>

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-22 Thread Mel Gorman
On Wed, Feb 21, 2018 at 12:59:14PM -0800, Andrew Morton wrote: > On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > > > On Tue 20-02-18 18:16:59, Kees Cook wrote: > > > One of the classes of kernel stack content leaks[1] is exposing the > > > contents of prior heap or

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-22 Thread Mel Gorman
On Wed, Feb 21, 2018 at 12:59:14PM -0800, Andrew Morton wrote: > On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > > > On Tue 20-02-18 18:16:59, Kees Cook wrote: > > > One of the classes of kernel stack content leaks[1] is exposing the > > > contents of prior heap or stack contents when a

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Kees Cook
On Wed, Feb 21, 2018 at 12:59 PM, Andrew Morton wrote: > On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > >> On Tue 20-02-18 18:16:59, Kees Cook wrote: >> > One of the classes of kernel stack content leaks[1] is exposing the >> > contents of

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Kees Cook
On Wed, Feb 21, 2018 at 12:59 PM, Andrew Morton wrote: > On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > >> On Tue 20-02-18 18:16:59, Kees Cook wrote: >> > One of the classes of kernel stack content leaks[1] is exposing the >> > contents of prior heap or stack contents when a new

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Andrew Morton
On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > On Tue 20-02-18 18:16:59, Kees Cook wrote: > > One of the classes of kernel stack content leaks[1] is exposing the > > contents of prior heap or stack contents when a new process stack is > > allocated. Normally, those

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Andrew Morton
On Wed, 21 Feb 2018 11:29:33 +0100 Michal Hocko wrote: > On Tue 20-02-18 18:16:59, Kees Cook wrote: > > One of the classes of kernel stack content leaks[1] is exposing the > > contents of prior heap or stack contents when a new process stack is > > allocated. Normally, those stacks are not

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Michal Hocko
On Tue 20-02-18 18:16:59, Kees Cook wrote: > One of the classes of kernel stack content leaks[1] is exposing the > contents of prior heap or stack contents when a new process stack is > allocated. Normally, those stacks are not zeroed, and the old contents > remain in place. In the face of stack

Re: [PATCH v2] fork: Unconditionally clear stack on fork

2018-02-21 Thread Michal Hocko
On Tue 20-02-18 18:16:59, Kees Cook wrote: > One of the classes of kernel stack content leaks[1] is exposing the > contents of prior heap or stack contents when a new process stack is > allocated. Normally, those stacks are not zeroed, and the old contents > remain in place. In the face of stack

[PATCH v2] fork: Unconditionally clear stack on fork

2018-02-20 Thread Kees Cook
One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to

[PATCH v2] fork: Unconditionally clear stack on fork

2018-02-20 Thread Kees Cook
One of the classes of kernel stack content leaks[1] is exposing the contents of prior heap or stack contents when a new process stack is allocated. Normally, those stacks are not zeroed, and the old contents remain in place. In the face of stack content exposure flaws, those contents can leak to