* [PATCH V2 0/3] arch: Cleanup ptrace_disable
@ 2022-09-03 16:23 guoren
2022-09-03 16:23 ` [PATCH V2 1/3] riscv: ptrace: Remove duplicate operation guoren
` (3 more replies)
0 siblings, 4 replies; 9+ messages in thread
From: guoren @ 2022-09-03 16:23 UTC (permalink / raw)
To: oleg, vgupta, linux, monstr, dinguyen, palmer, davem, arnd,
shorne, guoren
Cc: linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, Guo Ren
From: Guo Ren <guoren@linux.alibaba.com>
This series cleanup ptrace_disable() in arch/*. Some architectures
are duplicate clearing SYSCALL TRACE.
Changes in V2:
- Rebase on linux-6.0-rc3
- Add Reviewed-by tags.
Guo Ren (3):
riscv: ptrace: Remove duplicate operation
openrisc: ptrace: Remove duplicate operation
arch: ptrace: Cleanup ptrace_disable
arch/arc/kernel/ptrace.c | 4 ----
arch/arm/kernel/ptrace.c | 8 --------
arch/microblaze/kernel/ptrace.c | 5 -----
arch/nios2/kernel/ptrace.c | 5 -----
arch/openrisc/kernel/ptrace.c | 1 -
arch/riscv/kernel/ptrace.c | 5 -----
arch/sparc/kernel/ptrace_32.c | 10 ----------
arch/sparc/kernel/ptrace_64.c | 10 ----------
kernel/ptrace.c | 8 ++++++++
9 files changed, 8 insertions(+), 48 deletions(-)
--
2.36.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH V2 1/3] riscv: ptrace: Remove duplicate operation
2022-09-03 16:23 [PATCH V2 0/3] arch: Cleanup ptrace_disable guoren
@ 2022-09-03 16:23 ` guoren
2022-09-03 16:23 ` [PATCH V2 2/3] openrisc: " guoren
` (2 subsequent siblings)
3 siblings, 0 replies; 9+ messages in thread
From: guoren @ 2022-09-03 16:23 UTC (permalink / raw)
To: oleg, vgupta, linux, monstr, dinguyen, palmer, davem, arnd,
shorne, guoren
Cc: linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, Guo Ren
From: Guo Ren <guoren@linux.alibaba.com>
The TIF_SYSCALL_TRACE is controlled by a common code, see
kernel/ptrace.c and include/linux/thread.h.
clear_task_syscall_work(child, SYSCALL_TRACE);
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
---
arch/riscv/kernel/ptrace.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 2ae8280ae475..44f4b1ca315d 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -212,7 +212,6 @@ unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, unsigned int n)
void ptrace_disable(struct task_struct *child)
{
- clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
}
long arch_ptrace(struct task_struct *child, long request,
--
2.36.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH V2 2/3] openrisc: ptrace: Remove duplicate operation
2022-09-03 16:23 [PATCH V2 0/3] arch: Cleanup ptrace_disable guoren
2022-09-03 16:23 ` [PATCH V2 1/3] riscv: ptrace: Remove duplicate operation guoren
@ 2022-09-03 16:23 ` guoren
2022-09-03 16:23 ` [PATCH V2 3/3] arch: ptrace: Cleanup ptrace_disable guoren
[not found] ` <20220828135407.3897717-1-xianting.tian@linux.alibaba.com>
3 siblings, 0 replies; 9+ messages in thread
From: guoren @ 2022-09-03 16:23 UTC (permalink / raw)
To: oleg, vgupta, linux, monstr, dinguyen, palmer, davem, arnd,
shorne, guoren
Cc: linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, Guo Ren
From: Guo Ren <guoren@linux.alibaba.com>
The TIF_SYSCALL_TRACE is controlled by a common code, see
kernel/ptrace.c and include/linux/thread.h.
clear_task_syscall_work(child, SYSCALL_TRACE);
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Stafford Horne <shorne@gmail.com>
---
arch/openrisc/kernel/ptrace.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/arch/openrisc/kernel/ptrace.c b/arch/openrisc/kernel/ptrace.c
index b971740fc2aa..cc53fa676706 100644
--- a/arch/openrisc/kernel/ptrace.c
+++ b/arch/openrisc/kernel/ptrace.c
@@ -132,7 +132,6 @@ void ptrace_disable(struct task_struct *child)
pr_debug("ptrace_disable(): TODO\n");
user_disable_single_step(child);
- clear_tsk_thread_flag(child, TIF_SYSCALL_TRACE);
}
long arch_ptrace(struct task_struct *child, long request, unsigned long addr,
--
2.36.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH V2 3/3] arch: ptrace: Cleanup ptrace_disable
2022-09-03 16:23 [PATCH V2 0/3] arch: Cleanup ptrace_disable guoren
2022-09-03 16:23 ` [PATCH V2 1/3] riscv: ptrace: Remove duplicate operation guoren
2022-09-03 16:23 ` [PATCH V2 2/3] openrisc: " guoren
@ 2022-09-03 16:23 ` guoren
[not found] ` <20220828135407.3897717-1-xianting.tian@linux.alibaba.com>
3 siblings, 0 replies; 9+ messages in thread
From: guoren @ 2022-09-03 16:23 UTC (permalink / raw)
To: oleg, vgupta, linux, monstr, dinguyen, palmer, davem, arnd,
shorne, guoren
Cc: linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, Guo Ren
From: Guo Ren <guoren@linux.alibaba.com>
Add a weak empty function in common and remove architectures' duplicated
ones.
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
---
arch/arc/kernel/ptrace.c | 4 ----
arch/arm/kernel/ptrace.c | 8 --------
arch/microblaze/kernel/ptrace.c | 5 -----
arch/nios2/kernel/ptrace.c | 5 -----
arch/riscv/kernel/ptrace.c | 4 ----
arch/sparc/kernel/ptrace_32.c | 10 ----------
arch/sparc/kernel/ptrace_64.c | 10 ----------
kernel/ptrace.c | 8 ++++++++
8 files changed, 8 insertions(+), 46 deletions(-)
diff --git a/arch/arc/kernel/ptrace.c b/arch/arc/kernel/ptrace.c
index da7542cea0d8..c227e145fede 100644
--- a/arch/arc/kernel/ptrace.c
+++ b/arch/arc/kernel/ptrace.c
@@ -317,10 +317,6 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
return &user_arc_view;
}
-void ptrace_disable(struct task_struct *child)
-{
-}
-
long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c
index bfe88c6e60d5..b85f5bdc56ef 100644
--- a/arch/arm/kernel/ptrace.c
+++ b/arch/arm/kernel/ptrace.c
@@ -186,14 +186,6 @@ put_user_reg(struct task_struct *task, int offset, long data)
return ret;
}
-/*
- * Called by kernel/ptrace.c when detaching..
- */
-void ptrace_disable(struct task_struct *child)
-{
- /* Nothing to do. */
-}
-
/*
* Handle hitting a breakpoint.
*/
diff --git a/arch/microblaze/kernel/ptrace.c b/arch/microblaze/kernel/ptrace.c
index 5234d0c1dcaa..72e3eece72aa 100644
--- a/arch/microblaze/kernel/ptrace.c
+++ b/arch/microblaze/kernel/ptrace.c
@@ -162,8 +162,3 @@ asmlinkage void do_syscall_trace_leave(struct pt_regs *regs)
if (step || test_thread_flag(TIF_SYSCALL_TRACE))
ptrace_report_syscall_exit(regs, step);
}
-
-void ptrace_disable(struct task_struct *child)
-{
- /* nothing to do */
-}
diff --git a/arch/nios2/kernel/ptrace.c b/arch/nios2/kernel/ptrace.c
index cd62f310778b..de5f4199c45f 100644
--- a/arch/nios2/kernel/ptrace.c
+++ b/arch/nios2/kernel/ptrace.c
@@ -117,11 +117,6 @@ const struct user_regset_view *task_user_regset_view(struct task_struct *task)
return &nios2_user_view;
}
-void ptrace_disable(struct task_struct *child)
-{
-
-}
-
long arch_ptrace(struct task_struct *child, long request, unsigned long addr,
unsigned long data)
{
diff --git a/arch/riscv/kernel/ptrace.c b/arch/riscv/kernel/ptrace.c
index 44f4b1ca315d..19e4d8057e24 100644
--- a/arch/riscv/kernel/ptrace.c
+++ b/arch/riscv/kernel/ptrace.c
@@ -210,10 +210,6 @@ unsigned long regs_get_kernel_stack_nth(struct pt_regs *regs, unsigned int n)
return 0;
}
-void ptrace_disable(struct task_struct *child)
-{
-}
-
long arch_ptrace(struct task_struct *child, long request,
unsigned long addr, unsigned long data)
{
diff --git a/arch/sparc/kernel/ptrace_32.c b/arch/sparc/kernel/ptrace_32.c
index e7db48acb838..f6df84e12739 100644
--- a/arch/sparc/kernel/ptrace_32.c
+++ b/arch/sparc/kernel/ptrace_32.c
@@ -29,16 +29,6 @@
/* #define ALLOW_INIT_TRACING */
-/*
- * Called by kernel/ptrace.c when detaching..
- *
- * Make sure single step bits etc are not set.
- */
-void ptrace_disable(struct task_struct *child)
-{
- /* nothing to do */
-}
-
enum sparc_regset {
REGSET_GENERAL,
REGSET_FP,
diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c
index 86a7eb5c27ba..b20a16ebe533 100644
--- a/arch/sparc/kernel/ptrace_64.c
+++ b/arch/sparc/kernel/ptrace_64.c
@@ -83,16 +83,6 @@ static const struct pt_regs_offset regoffset_table[] = {
REG_OFFSET_END,
};
-/*
- * Called by kernel/ptrace.c when detaching..
- *
- * Make sure single step bits etc are not set.
- */
-void ptrace_disable(struct task_struct *child)
-{
- /* nothing to do */
-}
-
/* To get the necessary page struct, access_process_vm() first calls
* get_user_pages(). This has done a flush_dcache_page() on the
* accessed page. Then our caller (copy_{to,from}_user_page()) did
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 1893d909e45c..77299bb65d97 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -579,6 +579,14 @@ static bool __ptrace_detach(struct task_struct *tracer, struct task_struct *p)
return dead;
}
+__weak void ptrace_disable(struct task_struct *child)
+{
+ /*
+ * Nothing to do.., some architectures would replace it with
+ * their own function.
+ */
+}
+
static int ptrace_detach(struct task_struct *child, unsigned int data)
{
if (!valid_signal(data))
--
2.36.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
[not found] ` <20220828135407.3897717-1-xianting.tian@linux.alibaba.com>
@ 2022-09-06 17:35 ` Conor.Dooley
2022-09-07 1:51 ` Guo Ren
2022-10-07 2:31 ` Palmer Dabbelt
0 siblings, 2 replies; 9+ messages in thread
From: Conor.Dooley @ 2022-09-06 17:35 UTC (permalink / raw)
To: guoren, oleg, vgupta, linux, monstr, dinguyen, palmer, davem,
arnd, shorne, paul.walmsley, aou, ardb, heiko, daolu
Cc: linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, xianting.tian, linux-efi
On 03/09/2022 17:23, guoren@kernel.org wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> From: Xianting Tian <xianting.tian@linux.alibaba.com>
>
> This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> the plugin in EFI stub code, which is out of scope for the protection.
>
> For the benefits of STACKLEAK feature, please check the commit
> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
>
> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> hackbench -s 512 -l 200 -g 15 -f 25 -P
> 2.0% slowdown
>
> Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
What changed since Xianting posted it himself a week ago:
https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
There's an older patch from Du Lao adding STACKLEAK too:
https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
But since there's been no activity there since June...
> ---
> arch/riscv/Kconfig | 1 +
> arch/riscv/include/asm/processor.h | 4 ++++
> arch/riscv/kernel/entry.S | 3 +++
> drivers/firmware/efi/libstub/Makefile | 2 +-
> 4 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index ed66c31e4655..61fd0dad4463 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -85,6 +85,7 @@ config RISCV
> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
> + select HAVE_ARCH_STACKLEAK
> select HAVE_ASM_MODVERSIONS
> select HAVE_CONTEXT_TRACKING_USER
> select HAVE_DEBUG_KMEMLEAK
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index d0537573501e..5e1fc4f82883 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> -fno-builtin -fpic \
> $(call cc-option,-mno-single-pic-base)
> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> - -fpic
> + -fpic $(DISABLE_STACKLEAK_PLUGIN)
>
> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
>
> --
> 2.17.1
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
2022-09-06 17:35 ` [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls Conor.Dooley
@ 2022-09-07 1:51 ` Guo Ren
2022-10-07 2:31 ` Palmer Dabbelt
1 sibling, 0 replies; 9+ messages in thread
From: Guo Ren @ 2022-09-07 1:51 UTC (permalink / raw)
To: Conor.Dooley
Cc: oleg, vgupta, linux, monstr, dinguyen, palmer, davem, arnd,
shorne, paul.walmsley, aou, ardb, heiko, daolu, linux-arch,
linux-kernel, linux-riscv, linux-arm-kernel, linux-snps-arc,
sparclinux, openrisc, xianting.tian, linux-efi
Hi all,
How about the generic_entry version:
https://lore.kernel.org/lkml/20220907014809.919979-1-guoren@kernel.org/
On Wed, Sep 7, 2022 at 1:35 AM <Conor.Dooley@microchip.com> wrote:
>
> On 03/09/2022 17:23, guoren@kernel.org wrote:
> > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> >
> > From: Xianting Tian <xianting.tian@linux.alibaba.com>
> >
> > This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> > the plugin in EFI stub code, which is out of scope for the protection.
> >
> > For the benefits of STACKLEAK feature, please check the commit
> > afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
> >
> > Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> > hackbench -s 512 -l 200 -g 15 -f 25 -P
> > 2.0% slowdown
> >
> > Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
>
> What changed since Xianting posted it himself a week ago:
> https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
>
> There's an older patch from Du Lao adding STACKLEAK too:
> https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
>
> But since there's been no activity there since June...
>
> > ---
> > arch/riscv/Kconfig | 1 +
> > arch/riscv/include/asm/processor.h | 4 ++++
> > arch/riscv/kernel/entry.S | 3 +++
> > drivers/firmware/efi/libstub/Makefile | 2 +-
> > 4 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > index ed66c31e4655..61fd0dad4463 100644
> > --- a/arch/riscv/Kconfig
> > +++ b/arch/riscv/Kconfig
> > @@ -85,6 +85,7 @@ config RISCV
> > select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
> > select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> > select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
> > + select HAVE_ARCH_STACKLEAK
> > select HAVE_ASM_MODVERSIONS
> > select HAVE_CONTEXT_TRACKING_USER
> > select HAVE_DEBUG_KMEMLEAK
> > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> > index d0537573501e..5e1fc4f82883 100644
> > --- a/drivers/firmware/efi/libstub/Makefile
> > +++ b/drivers/firmware/efi/libstub/Makefile
> > @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> > -fno-builtin -fpic \
> > $(call cc-option,-mno-single-pic-base)
> > cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> > - -fpic
> > + -fpic $(DISABLE_STACKLEAK_PLUGIN)
> >
> > cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
> >
> > --
> > 2.17.1
> >
> >
> > _______________________________________________
> > linux-riscv mailing list
> > linux-riscv@lists.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-riscv
>
--
Best Regards
Guo Ren
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
2022-09-06 17:35 ` [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls Conor.Dooley
2022-09-07 1:51 ` Guo Ren
@ 2022-10-07 2:31 ` Palmer Dabbelt
2022-10-07 11:29 ` Mark Rutland
2022-10-08 0:00 ` Guo Ren
1 sibling, 2 replies; 9+ messages in thread
From: Palmer Dabbelt @ 2022-10-07 2:31 UTC (permalink / raw)
To: Conor.Dooley
Cc: guoren, oleg, vgupta, linux, monstr, dinguyen, davem,
Arnd Bergmann, shorne, Paul Walmsley, aou, ardb, heiko, daolu,
linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, xianting.tian, linux-efi
On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@microchip.com wrote:
> On 03/09/2022 17:23, guoren@kernel.org wrote:
>> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>>
>> From: Xianting Tian <xianting.tian@linux.alibaba.com>
>>
>> This adds support for the STACKLEAK gcc plugin to RISC-V and disables
>> the plugin in EFI stub code, which is out of scope for the protection.
>>
>> For the benefits of STACKLEAK feature, please check the commit
>> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
>>
>> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
>> hackbench -s 512 -l 200 -g 15 -f 25 -P
>> 2.0% slowdown
>>
>> Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
>
> What changed since Xianting posted it himself a week ago:
> https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
>
> There's an older patch from Du Lao adding STACKLEAK too:
> https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
>
> But since there's been no activity there since June...
Looks like the only issues were some commit log wording stuff, and that
there's a test suite that should be run. It's not clear from the
commits that anyone has done that, I'm fine with the patch if it passes
the tests but don't really know how to run them.
Has anyone run the tests?
>
>> ---
>> arch/riscv/Kconfig | 1 +
>> arch/riscv/include/asm/processor.h | 4 ++++
>> arch/riscv/kernel/entry.S | 3 +++
>> drivers/firmware/efi/libstub/Makefile | 2 +-
>> 4 files changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> index ed66c31e4655..61fd0dad4463 100644
>> --- a/arch/riscv/Kconfig
>> +++ b/arch/riscv/Kconfig
>> @@ -85,6 +85,7 @@ config RISCV
>> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
>> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
>> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
>> + select HAVE_ARCH_STACKLEAK
>> select HAVE_ASM_MODVERSIONS
>> select HAVE_CONTEXT_TRACKING_USER
>> select HAVE_DEBUG_KMEMLEAK
>> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
>> index d0537573501e..5e1fc4f82883 100644
>> --- a/drivers/firmware/efi/libstub/Makefile
>> +++ b/drivers/firmware/efi/libstub/Makefile
>> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>> -fno-builtin -fpic \
>> $(call cc-option,-mno-single-pic-base)
>> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>> - -fpic
>> + -fpic $(DISABLE_STACKLEAK_PLUGIN)
>>
>> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
>>
>> --
>> 2.17.1
>>
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
2022-10-07 2:31 ` Palmer Dabbelt
@ 2022-10-07 11:29 ` Mark Rutland
2022-10-08 0:00 ` Guo Ren
1 sibling, 0 replies; 9+ messages in thread
From: Mark Rutland @ 2022-10-07 11:29 UTC (permalink / raw)
To: Palmer Dabbelt
Cc: Conor.Dooley, guoren, oleg, vgupta, linux, monstr, dinguyen,
davem, Arnd Bergmann, shorne, Paul Walmsley, aou, ardb, heiko,
daolu, linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, xianting.tian, linux-efi
On Thu, Oct 06, 2022 at 07:31:01PM -0700, Palmer Dabbelt wrote:
> On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@microchip.com wrote:
> > On 03/09/2022 17:23, guoren@kernel.org wrote:
> > > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> > >
> > > From: Xianting Tian <xianting.tian@linux.alibaba.com>
> > >
> > > This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> > > the plugin in EFI stub code, which is out of scope for the protection.
> > >
> > > For the benefits of STACKLEAK feature, please check the commit
> > > afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
> > >
> > > Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> > > hackbench -s 512 -l 200 -g 15 -f 25 -P
> > > 2.0% slowdown
> > >
> > > Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
> >
> > What changed since Xianting posted it himself a week ago:
> > https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
> >
> > There's an older patch from Du Lao adding STACKLEAK too:
> > https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
> >
> > But since there's been no activity there since June...
>
> Looks like the only issues were some commit log wording stuff, and that
> there's a test suite that should be run. It's not clear from the commits
> that anyone has done that, I'm fine with the patch if it passes the tests
> but don't really know how to run them.
Enable CONFIG_LKDTM, and do:
echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
Example GOOD/BAD output below, taken from:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/misc/lkdtm/stackleak.c?id=72b61896f2b47fa4b98e86184bc0e6ddbd1a8db1
GOOD result on x86_64:
| # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
| lkdtm: Performing direct entry STACKLEAK_ERASING
| lkdtm: stackleak stack usage:
| high offset: 168 bytes
| current: 336 bytes
| lowest: 656 bytes
| tracked: 656 bytes
| untracked: 400 bytes
| poisoned: 15152 bytes
| low offset: 8 bytes
| lkdtm: OK: the rest of the thread stack is properly erased
GOOD result on arm64:
| # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
| lkdtm: Performing direct entry STACKLEAK_ERASING
| lkdtm: stackleak stack usage:
| high offset: 336 bytes
| current: 656 bytes
| lowest: 1232 bytes
| tracked: 1232 bytes
| untracked: 672 bytes
| poisoned: 14136 bytes
| low offset: 8 bytes
| lkdtm: OK: the rest of the thread stack is properly erased
BAD result on arm64:
| # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
| lkdtm: Performing direct entry STACKLEAK_ERASING
| lkdtm: FAIL: non-poison value 24 bytes below poison boundary: 0x0
| lkdtm: FAIL: non-poison value 32 bytes below poison boundary: 0xffff8000083dbc00
...
| lkdtm: FAIL: non-poison value 1912 bytes below poison boundary: 0x78b4b9999e8cb15
| lkdtm: FAIL: non-poison value 1920 bytes below poison boundary: 0xffff8000083db400
| lkdtm: stackleak stack usage:
| high offset: 336 bytes
| current: 688 bytes
| lowest: 1232 bytes
| tracked: 576 bytes
| untracked: 288 bytes
| poisoned: 15176 bytes
| low offset: 8 bytes
| lkdtm: FAIL: the thread stack is NOT properly erased!
| lkdtm: Unexpected! This kernel (5.18.0-rc1-00013-g1f7b1f1e29e0-dirty aarch64) was built with CONFIG_GCC_PLUGIN_STACKLEAK=y
Mark.
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
2022-10-07 2:31 ` Palmer Dabbelt
2022-10-07 11:29 ` Mark Rutland
@ 2022-10-08 0:00 ` Guo Ren
1 sibling, 0 replies; 9+ messages in thread
From: Guo Ren @ 2022-10-08 0:00 UTC (permalink / raw)
To: Palmer Dabbelt
Cc: Conor.Dooley, oleg, vgupta, linux, monstr, dinguyen, davem,
Arnd Bergmann, shorne, Paul Walmsley, aou, ardb, heiko, daolu,
linux-arch, linux-kernel, linux-riscv, linux-arm-kernel,
linux-snps-arc, sparclinux, openrisc, xianting.tian, linux-efi
On Fri, Oct 7, 2022 at 10:31 AM Palmer Dabbelt <palmer@dabbelt.com> wrote:
>
> On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@microchip.com wrote:
> > On 03/09/2022 17:23, guoren@kernel.org wrote:
> >> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> >>
> >> From: Xianting Tian <xianting.tian@linux.alibaba.com>
> >>
> >> This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> >> the plugin in EFI stub code, which is out of scope for the protection.
> >>
> >> For the benefits of STACKLEAK feature, please check the commit
> >> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
> >>
> >> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> >> hackbench -s 512 -l 200 -g 15 -f 25 -P
> >> 2.0% slowdown
> >>
> >> Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
> >
> > What changed since Xianting posted it himself a week ago:
> > https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
> >
> > There's an older patch from Du Lao adding STACKLEAK too:
> > https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
> >
> > But since there's been no activity there since June...
>
> Looks like the only issues were some commit log wording stuff, and that
> there's a test suite that should be run. It's not clear from the
> commits that anyone has done that, I'm fine with the patch if it passes
> the tests but don't really know how to run them.
>
> Has anyone run the tests?
I'm trying to do that with genric_entry.
https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
Mark Rutland has found an issue, and I'm solving it.
>
> >
> >> ---
> >> arch/riscv/Kconfig | 1 +
> >> arch/riscv/include/asm/processor.h | 4 ++++
> >> arch/riscv/kernel/entry.S | 3 +++
> >> drivers/firmware/efi/libstub/Makefile | 2 +-
> >> 4 files changed, 9 insertions(+), 1 deletion(-)
> >>
> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> >> index ed66c31e4655..61fd0dad4463 100644
> >> --- a/arch/riscv/Kconfig
> >> +++ b/arch/riscv/Kconfig
> >> @@ -85,6 +85,7 @@ config RISCV
> >> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
> >> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> >> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
> >> + select HAVE_ARCH_STACKLEAK
> >> select HAVE_ASM_MODVERSIONS
> >> select HAVE_CONTEXT_TRACKING_USER
> >> select HAVE_DEBUG_KMEMLEAK
> >> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> >> index d0537573501e..5e1fc4f82883 100644
> >> --- a/drivers/firmware/efi/libstub/Makefile
> >> +++ b/drivers/firmware/efi/libstub/Makefile
> >> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> >> -fno-builtin -fpic \
> >> $(call cc-option,-mno-single-pic-base)
> >> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> >> - -fpic
> >> + -fpic $(DISABLE_STACKLEAK_PLUGIN)
> >>
> >> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
> >>
> >> --
> >> 2.17.1
> >>
> >>
> >> _______________________________________________
> >> linux-riscv mailing list
> >> linux-riscv@lists.infradead.org
> >> http://lists.infradead.org/mailman/listinfo/linux-riscv
> >
--
Best Regards
Guo Ren
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-10-08 0:02 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-03 16:23 [PATCH V2 0/3] arch: Cleanup ptrace_disable guoren
2022-09-03 16:23 ` [PATCH V2 1/3] riscv: ptrace: Remove duplicate operation guoren
2022-09-03 16:23 ` [PATCH V2 2/3] openrisc: " guoren
2022-09-03 16:23 ` [PATCH V2 3/3] arch: ptrace: Cleanup ptrace_disable guoren
[not found] ` <20220828135407.3897717-1-xianting.tian@linux.alibaba.com>
2022-09-06 17:35 ` [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls Conor.Dooley
2022-09-07 1:51 ` Guo Ren
2022-10-07 2:31 ` Palmer Dabbelt
2022-10-07 11:29 ` Mark Rutland
2022-10-08 0:00 ` Guo Ren
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).