From: Alexander Popov <alex.popov@linux.com> To: Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>, Emese Revfy <re.emese@gmail.com>, Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>, Masahiro Yamada <masahiroy@kernel.org>, Michal Marek <michal.lkml@markovi.net>, Andrew Morton <akpm@linux-foundation.org>, Masahiro Yamada <yamada.masahiro@socionext.com>, Thiago Jung Bauermann <bauerman@linux.ibm.com>, Luis Chamberlain <mcgrof@kernel.org>, Jessica Yu <jeyu@kernel.org>, Sven Schnelle <svens@stackframe.org>, Iurii Zaikin <yzaikin@google.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Thomas Gleixner <tglx@linutronix.de>, Peter Collingbourne <pcc@google.com>, Naohiro Aota <naohiro.aota@wdc.com>, Alexander Monakov <amonakov@ispras.ru>, Mathias Krause <minipli@googlemail.com>, PaX Team <pageexec@freemail.hu>, Brad Spengler <spender@grsecurity.net>, Laura Abbott <labbott@redhat.com>, Florian Weimer <fweimer@redhat.com>, Alexander Popov <alex.popov@linux.com>, kernel-hardening@lists.openwall.com, linux-kbuild@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gcc@gcc.gnu.org Cc: notify@kernel.org Subject: [PATCH v2 0/5] Improvements of the stackleak gcc plugin Date: Wed, 24 Jun 2020 15:33:25 +0300 [thread overview] Message-ID: <20200624123330.83226-1-alex.popov@linux.com> (raw) This is the v2 of the patch series with various improvements of the stackleak gcc plugin. The first three patches disable unneeded gcc plugin instrumentation for some files. The fourth patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation performed by stackleak gcc plugin. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The final patch adds 'verbose' stackleak parameter for printing additional info about the kernel code instrumentation during kernel building. I would like to thank Alexander Monakov <amonakov@ispras.ru> for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Changes from v1: - rebase onto 5.8.0-rc2; - don't exclude alloca() from the instrumentation logic, because it will be used in kernel stack offset randomization; - reorder patches in the series; - don't use gcc plugins for building vgettimeofday.c in arm and arm64 vDSO; - follow alphabetic order in include/linux/compiler_attributes.h. Link to v1: https://lore.kernel.org/lkml/20200604134957.505389-1-alex.popov@linux.com/ Alexander Popov (5): gcc-plugins/stackleak: Don't instrument itself ARM: vdso: Don't use gcc plugins for building vgettimeofday.c arm64: vdso: Don't use gcc plugins for building vgettimeofday.c gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter arch/arm/vdso/Makefile | 2 +- arch/arm64/kernel/vdso/Makefile | 2 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 248 +++++++++++++++++++++---- 7 files changed, 239 insertions(+), 45 deletions(-) -- 2.25.4
WARNING: multiple messages have this Message-ID (diff)
From: Alexander Popov <alex.popov@linux.com> To: Kees Cook <keescook@chromium.org>, Jann Horn <jannh@google.com>, Emese Revfy <re.emese@gmail.com>, Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>, Masahiro Yamada <masahiroy@kernel.org>, Michal Marek <michal.lkml@markovi.net>, Andrew Morton <akpm@linux-foundation.org>, Masahiro Yamada <yamada.masahiro@socionext.com>, Thiago Jung Bauermann <bauerman@linux.ibm.com>, Luis Chamberlain <mcgrof@kernel.org>, Jessica Yu <jeyu@kernel.org>, Sven Schnelle <svens@stackframe.org>, Iurii Zaikin <yzaikin@google.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Vincenzo Frascino <vincenzo.frascino@arm.com>, Thomas Gleixner <tglx@linutronix.de>, Peter Collingbourne <pcc@google.com>, Naohiro Aota <naohiro.aota@wdc.com>, Alexander Monakov <amonakov@ispras.ru>, Mathias Krause <minipli@googlemail.com>, PaX Team <pageexec@freemail.hu>, Brad Spengler <spender@grsecurity.net>, Laura Abbott <labbott@redhat.com>, Florian Weimer <fweimer@redhat.com>, Alexander Popov <alex.popov@linux.com>, kernel-hardening@lists.openwall.com, linux-kbuild@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gcc@gcc.gnu.org Cc: notify@kernel.org Subject: [PATCH v2 0/5] Improvements of the stackleak gcc plugin Date: Wed, 24 Jun 2020 15:33:25 +0300 [thread overview] Message-ID: <20200624123330.83226-1-alex.popov@linux.com> (raw) This is the v2 of the patch series with various improvements of the stackleak gcc plugin. The first three patches disable unneeded gcc plugin instrumentation for some files. The fourth patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation performed by stackleak gcc plugin. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The final patch adds 'verbose' stackleak parameter for printing additional info about the kernel code instrumentation during kernel building. I would like to thank Alexander Monakov <amonakov@ispras.ru> for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Changes from v1: - rebase onto 5.8.0-rc2; - don't exclude alloca() from the instrumentation logic, because it will be used in kernel stack offset randomization; - reorder patches in the series; - don't use gcc plugins for building vgettimeofday.c in arm and arm64 vDSO; - follow alphabetic order in include/linux/compiler_attributes.h. Link to v1: https://lore.kernel.org/lkml/20200604134957.505389-1-alex.popov@linux.com/ Alexander Popov (5): gcc-plugins/stackleak: Don't instrument itself ARM: vdso: Don't use gcc plugins for building vgettimeofday.c arm64: vdso: Don't use gcc plugins for building vgettimeofday.c gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter arch/arm/vdso/Makefile | 2 +- arch/arm64/kernel/vdso/Makefile | 2 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 248 +++++++++++++++++++++---- 7 files changed, 239 insertions(+), 45 deletions(-) -- 2.25.4 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2020-06-24 12:34 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-06-24 12:33 Alexander Popov [this message] 2020-06-24 12:33 ` [PATCH v2 0/5] Improvements of the stackleak gcc plugin Alexander Popov 2020-06-24 12:33 ` [PATCH v2 1/5] gcc-plugins/stackleak: Don't instrument itself Alexander Popov 2020-06-24 12:33 ` Alexander Popov 2020-06-24 14:52 ` Kees Cook 2020-06-24 14:52 ` Kees Cook 2020-06-24 12:33 ` [PATCH v2 2/5] ARM: vdso: Don't use gcc plugins for building vgettimeofday.c Alexander Popov 2020-06-24 12:33 ` Alexander Popov 2020-06-24 12:52 ` Luis Chamberlain 2020-06-24 12:52 ` Luis Chamberlain 2020-06-24 12:56 ` Alexander Popov 2020-06-24 12:56 ` Alexander Popov 2020-06-24 14:52 ` Kees Cook 2020-06-24 14:52 ` Kees Cook 2020-06-24 12:33 ` [PATCH v2 3/5] arm64: " Alexander Popov 2020-06-24 12:33 ` Alexander Popov 2020-06-24 12:41 ` Will Deacon 2020-06-24 12:41 ` Will Deacon 2020-06-24 14:46 ` Kees Cook 2020-06-24 14:46 ` Kees Cook 2020-06-24 12:33 ` [PATCH v2 4/5] gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving Alexander Popov 2020-06-24 12:33 ` Alexander Popov 2020-06-24 12:33 ` [PATCH v2 5/5] gcc-plugins/stackleak: Add 'verbose' plugin parameter Alexander Popov 2020-06-24 12:33 ` Alexander Popov 2020-06-24 12:53 ` Luis Chamberlain 2020-06-24 12:53 ` Luis Chamberlain 2020-06-24 13:09 ` Alexander Popov 2020-06-24 13:09 ` Alexander Popov 2020-06-24 14:41 ` Kees Cook 2020-06-24 14:41 ` Kees Cook 2020-06-24 14:53 ` Kees Cook 2020-06-24 14:53 ` Kees Cook 2020-06-24 13:54 ` [PATCH v2 0/5] Improvements of the stackleak gcc plugin Will Deacon 2020-06-24 13:54 ` Will Deacon
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200624123330.83226-1-alex.popov@linux.com \ --to=alex.popov@linux.com \ --cc=akpm@linux-foundation.org \ --cc=amonakov@ispras.ru \ --cc=bauerman@linux.ibm.com \ --cc=catalin.marinas@arm.com \ --cc=fweimer@redhat.com \ --cc=gcc@gcc.gnu.org \ --cc=jannh@google.com \ --cc=jeyu@kernel.org \ --cc=keescook@chromium.org \ --cc=kernel-hardening@lists.openwall.com \ --cc=labbott@redhat.com \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-kbuild@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=masahiroy@kernel.org \ --cc=mcgrof@kernel.org \ --cc=michal.lkml@markovi.net \ --cc=miguel.ojeda.sandonis@gmail.com \ --cc=minipli@googlemail.com \ --cc=naohiro.aota@wdc.com \ --cc=notify@kernel.org \ --cc=pageexec@freemail.hu \ --cc=pcc@google.com \ --cc=re.emese@gmail.com \ --cc=spender@grsecurity.net \ --cc=svens@stackframe.org \ --cc=tglx@linutronix.de \ --cc=vincenzo.frascino@arm.com \ --cc=will@kernel.org \ --cc=x86@kernel.org \ --cc=yamada.masahiro@socionext.com \ --cc=yzaikin@google.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.