From: Yann Droneaud <ydroneaud@opteya.com>
To: Florian Weimer <fweimer@redhat.com>,
Noah Goldstein <goldstein.w.n@gmail.com>
Cc: "Cristian Rodríguez" <crrodriguez@opensuse.org>,
"Wangyang Guo" <wangyang.guo@intel.com>,
"Adhemerval Zanella via Libc-alpha" <libc-alpha@sourceware.org>
Subject: Re: [PATCH v2] nptl: Add backoff mechanism to spinlock loop
Date: Tue, 26 Apr 2022 14:42:39 +0200 [thread overview]
Message-ID: <ee349175-54d4-d95b-ca9c-1668b9f3cc3a@opteya.com> (raw)
In-Reply-To: <874k2gkp4n.fsf@oldenburg.str.redhat.com>
Hi,
Le 26/04/2022 à 14:25, Florian Weimer a écrit :
> * Noah Goldstein:
>
>> On Fri, Apr 22, 2022 at 8:35 AM Cristian Rodríguez via Libc-alpha
>> <libc-alpha@sourceware.org> wrote:
>>> On Fri, Apr 22, 2022 at 9:32 AM Florian Weimer via Libc-alpha
>>> <libc-alpha@sourceware.org> wrote:
>>>
>>>>> As each running threads has its own stack, thread' stack address can
>>>>> be used as a seed for such PRNG.
>>>> We would broadcast the stack address though, which is generally fround
>>>> upon.
>> Why is that?
> Potential bypass of ASLR hardening.
The attack would be to monitor the behavior of multiple threads in a
process contending for a lock, and get precise timings to recover the
few bits of each thread stack address that leaked as part of the backoff
mechanism.
It may sound possible, but I find it unlikely possible without full
compromise of the running process ....
That said, using the stack address as the key in SipHash, it's
cryptographically unlikely to recover it from its output, thus no
exploitable leakage would happen.
Regards.
--
Yann Droneaud
OPTEYA
next prev parent reply other threads:[~2022-04-26 12:42 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 8:47 Wangyang Guo
2022-03-28 16:41 ` Noah Goldstein
2022-03-30 11:44 ` Guo, Wangyang
2022-03-30 19:39 ` Noah Goldstein
2022-03-30 11:53 ` Adhemerval Zanella
2022-03-30 17:07 ` Noah Goldstein
2022-03-30 17:21 ` Adhemerval Zanella
2022-04-12 11:53 ` Florian Weimer
2022-04-22 13:30 ` Yann Droneaud
2022-04-22 13:32 ` Florian Weimer
2022-04-22 13:35 ` Cristian Rodríguez
2022-04-22 15:25 ` Noah Goldstein
2022-04-26 12:25 ` Florian Weimer
2022-04-26 12:42 ` Yann Droneaud [this message]
2022-05-04 2:50 ` [PATCH v3] " Wangyang Guo
2022-05-04 2:58 ` Wangyang Guo
2022-05-04 3:17 ` [PATCH v4] " Wangyang Guo
2022-05-05 1:56 ` H.J. Lu
2022-05-05 2:52 ` Noah Goldstein
2022-05-05 2:59 ` Guo, Wangyang
2022-05-05 22:44 ` H.J. Lu
2022-05-06 1:52 ` Guo, Wangyang
2022-05-06 1:50 ` [PATCH v5] " Wangyang Guo
2022-05-06 3:06 ` H.J. Lu
2022-09-11 20:29 ` Sunil Pandey
2022-09-14 1:26 ` Noah Goldstein
2022-09-29 0:12 ` Noah Goldstein
2022-09-30 13:18 ` FUCKETY FUCK FUCK, PLEASE REMOVE ME FROM THESE EMAILS Darren Tristano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ee349175-54d4-d95b-ca9c-1668b9f3cc3a@opteya.com \
--to=ydroneaud@opteya.com \
--cc=crrodriguez@opensuse.org \
--cc=fweimer@redhat.com \
--cc=goldstein.w.n@gmail.com \
--cc=libc-alpha@sourceware.org \
--cc=wangyang.guo@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).