From: Kees Cook <keescook@chromium.org>
To: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Alexander Popov <alex.popov@linux.com>,
Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>,
Kernel Hardening <kernel-hardening@lists.openwall.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Ingo Molnar <mingo@kernel.org>, Tycho Andersen <tycho@tycho.ws>,
Laura Abbott <labbott@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Richard Sandiford <richard.sandiford@arm.com>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
"Dmitry V . Levin" <ldv@altlinux.org>,
Emese Revfy <re.emese@gmail.com>,
Jonathan Corbet <corbet@lwn.net>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Thomas Garnier <thgarnie@google.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexei Starovoitov <ast@kernel.org>, Josef Bacik <jbacik@fb.com>,
Masami Hiramatsu <mhiramat@kernel.org>,
Nicholas Piggin <npiggin@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"David S . Miller" <davem@davemloft.net>,
Ding Tianhong <dingtianhong@huawei.com>,
David Woodhouse <dwmw@amazon.co.uk>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Steven Rostedt <rostedt@goodmis.org>,
Dominik Brodowski <linux@dominikbrodowski.net>,
Juergen Gross <jgross@suse.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Dan Williams <dan.j.williams@intel.com>,
Mathias Krause <minipli@googlemail.com>,
Vikas Shivappa <vikas.shivappa@linux.intel.com>,
Kyle Huey <me@kylehuey.com>,
Dmitry Safonov <dsafonov@virtuozzo.com>,
Will Deacon <will.deacon@arm.com>, Arnd Bergmann <arnd@arndb.de>,
X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH RFC v9 0/7] Introduce the STACKLEAK feature and a test for it
Date: Mon, 5 Mar 2018 12:02:53 -0800 [thread overview]
Message-ID: <CAGXu5jK6REx=zhBVomt443pvW_BkyFjCjUnWjn0gu22ZG6fPeA@mail.gmail.com> (raw)
In-Reply-To: <39c52c1d-dba5-07f6-0838-2e8b368b40ed@linux.intel.com>
On Mon, Mar 5, 2018 at 11:42 AM, Dave Hansen
<dave.hansen@linux.intel.com> wrote:
> On 03/05/2018 11:34 AM, Kees Cook wrote:
>> Boris, Andy, and Dave (Hansen), you've all looked at this; would you
>> be willing to give an Ack on the x86 parts? (Though I do now see a new
>> comment from Dave was just sent.) And if not, what changes would you
>> like to see?
>
> I think it could definitely use another cleanup and de-#ifdef'ing pass.
> It seems to have inherited the style from the original code and it's a
> bit more than we're used to in mainline.
There are a few places it could be minimized, that's true. It looked
like it might not be worth it, but the places I see are:
include/linux/compiler.h:
+#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
+/* Poison value points to the unused hole in the virtual memory map */
+# define STACKLEAK_POISON -0xBEEF
+# define STACKLEAK_POISON_CHECK_DEPTH 128
+#endif
This doesn't need an #ifdef wrapper...
arch/x86/kernel/process_64.c and arch/x86/kernel/process_32.c:
+#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
+ p->thread.lowest_stack = (unsigned long)task_stack_page(p) +
+ 2 * sizeof(unsigned long);
+#endif
This could be made into a helper function, maybe, in processor.h? Like:
#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
# define record_lowest_stack(p) do { \
p->thread.lowest_stack = (unsigned long)task_stack_page(p) +
2 * sizeof(unsigned long);
} while (0)
#else
# define save_lowest_stack(p) do { } while (0)
#endif
And the uses in process_*.c would be:
save_lowest_stack(p);
?
And "fs/proc: Show STACKLEAK metrics in the /proc file system" could
maybe be adjusted too?
It doesn't seem like a lot of savings, but what do you think?
One new thing did pop out at me in this review, track_stack() likely
shouldn't live in fs/exec.c. It has nothing to do with exec(). There
aren't a lot of good places, but maybe a better place would be
mm/util.c. (A whole new source file seems like overkill.)
-Kees
--
Kees Cook
Pixel Security
prev parent reply other threads:[~2018-03-05 20:02 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-03 20:00 [PATCH RFC v9 0/7] Introduce the STACKLEAK feature and a test for it Alexander Popov
2018-03-03 20:00 ` [PATCH RFC v9 1/7] gcc-plugins: Clean up the cgraph_create_edge* macros Alexander Popov
2018-03-03 20:00 ` [PATCH RFC v9 2/7] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls Alexander Popov
2018-03-05 16:41 ` Dave Hansen
2018-03-05 19:43 ` Laura Abbott
2018-03-05 19:50 ` Dave Hansen
2018-03-05 20:25 ` Peter Zijlstra
2018-03-05 21:21 ` Alexander Popov
2018-03-05 21:36 ` Kees Cook
2018-03-21 11:04 ` Alexander Popov
2018-03-21 15:33 ` Dave Hansen
2018-03-22 20:56 ` Alexander Popov
2018-03-26 17:32 ` Kees Cook
2018-03-26 17:43 ` Andy Lutomirski
2018-03-03 20:00 ` [PATCH RFC v9 3/7] gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack Alexander Popov
2018-03-03 20:00 ` [PATCH RFC v9 4/7] x86/entry: Erase kernel stack in syscall_trace_enter() Alexander Popov
2018-03-05 19:40 ` Dave Hansen
2018-03-05 20:06 ` Kees Cook
2018-03-05 20:15 ` Linus Torvalds
2018-03-05 21:02 ` Alexander Popov
2018-03-05 21:02 ` Kees Cook
2018-03-05 21:40 ` Linus Torvalds
2018-03-05 22:07 ` Linus Torvalds
2018-03-06 0:56 ` Kees Cook
2018-03-06 4:30 ` Linus Torvalds
2018-03-06 17:58 ` Andy Lutomirski
2018-03-06 7:56 ` [OLD PATCH] net: recvmsg: Unconditionally zero struct sockaddr_storage " Ingo Molnar
2018-03-06 7:56 ` Ingo Molnar
2018-03-06 8:08 ` Ingo Molnar
2018-03-06 15:16 ` Daniel Micay
2018-03-06 15:28 ` Daniel Micay
2018-03-06 18:56 ` Linus Torvalds
2018-03-06 19:07 ` Peter Zijlstra
2018-03-06 19:07 ` Ard Biesheuvel
2018-03-06 19:16 ` Linus Torvalds
2018-03-06 20:42 ` Arnd Bergmann
2018-03-06 21:01 ` Linus Torvalds
2018-03-06 21:21 ` Arnd Bergmann
2018-03-06 21:29 ` Linus Torvalds
2018-03-06 22:09 ` Arnd Bergmann
2018-03-06 22:24 ` Linus Torvalds
2018-03-06 21:36 ` Steven Rostedt
2018-03-06 21:41 ` Linus Torvalds
2018-03-06 21:47 ` Linus Torvalds
2018-03-06 22:29 ` Steven Rostedt
2018-03-06 22:41 ` Linus Torvalds
2018-03-06 22:52 ` Steven Rostedt
2018-03-06 23:09 ` Linus Torvalds
2018-03-12 8:22 ` Ingo Molnar
2018-03-12 9:00 ` Ard Biesheuvel
2018-03-12 9:21 ` Ingo Molnar
2018-03-06 21:47 ` Arnd Bergmann
2018-03-06 22:19 ` Linus Torvalds
2018-03-05 20:26 ` Peter Zijlstra
2018-03-03 20:00 ` [PATCH RFC v9 5/7] lkdtm: Add a test for STACKLEAK Alexander Popov
2018-03-03 20:00 ` [PATCH RFC v9 6/7] fs/proc: Show STACKLEAK metrics in the /proc file system Alexander Popov
2018-03-03 20:00 ` [PATCH RFC v9 7/7] doc: self-protection: Add information about STACKLEAK feature Alexander Popov
2018-03-05 19:34 ` [PATCH RFC v9 0/7] Introduce the STACKLEAK feature and a test for it Kees Cook
2018-03-05 19:42 ` Dave Hansen
2018-03-05 20:02 ` Kees Cook [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5jK6REx=zhBVomt443pvW_BkyFjCjUnWjn0gu22ZG6fPeA@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=alex.popov@linux.com \
--cc=ard.biesheuvel@linaro.org \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dingtianhong@huawei.com \
--cc=dsafonov@virtuozzo.com \
--cc=dwmw@amazon.co.uk \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=jbacik@fb.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=labbott@redhat.com \
--cc=ldv@altlinux.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=me@kylehuey.com \
--cc=mhiramat@kernel.org \
--cc=mingo@kernel.org \
--cc=minipli@googlemail.com \
--cc=npiggin@gmail.com \
--cc=pageexec@freemail.hu \
--cc=re.emese@gmail.com \
--cc=richard.sandiford@arm.com \
--cc=rostedt@goodmis.org \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=thgarnie@google.com \
--cc=tycho@tycho.ws \
--cc=vikas.shivappa@linux.intel.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.