From: guoren@kernel.org
To: arnd@arndb.de, guoren@kernel.org, palmer@rivosinc.com,
tglx@linutronix.de, peterz@infradead.org, luto@kernel.org,
conor.dooley@microchip.com, heiko@sntech.de, jszhang@kernel.org,
lazyparser@gmail.com, falcon@tinylab.org, chenhuacai@kernel.org,
apatel@ventanamicro.com, atishp@atishpatra.org,
palmer@dabbelt.com, paul.walmsley@sifive.com,
mark.rutland@arm.com, zouyipeng@huawei.com,
bigeasy@linutronix.de, David.Laight@aculab.com,
chenzhongjin@huawei.com, greentime.hu@sifive.com,
andy.chiu@sifive.com
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org, Dao Lu <daolu@rivosinc.com>,
Xianting Tian <xianting.tian@linux.alibaba.com>,
Conor Dooley <Conor.Dooley@microchip.com>
Subject: [PATCH V7 09/12] riscv: Add support for STACKLEAK gcc plugin
Date: Sat, 15 Oct 2022 07:46:59 -0400 [thread overview]
Message-ID: <20221015114702.3489989-10-guoren@kernel.org> (raw)
In-Reply-To: <20221015114702.3489989-1-guoren@kernel.org>
From: Dao Lu <daolu@rivosinc.com>
Add support for STACKLEAK gcc plugin to riscv based heavily on the arm64
version, and modifying the entry.S. Additionally, this disables the
plugin for EFI stub code for riscv. All modifications base on
generic_entry.
The stackleak_erase_on_task_stack() is called in irq disabled context
before return to user space.
Here is the test result with LKDTM:
echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
[ 53.110405] lkdtm: Performing direct entry STACKLEAK_ERASING
[ 53.111630] lkdtm: stackleak stack usage:
[ 53.111630] high offset: 288 bytes
[ 53.111630] current: 592 bytes
[ 53.111630] lowest: 1136 bytes
[ 53.111630] tracked: 1136 bytes
[ 53.111630] untracked: 576 bytes
[ 53.111630] poisoned: 14376 bytes
[ 53.111630] low offset: 8 bytes
[ 53.115078] lkdtm: OK: the rest of the thread stack is properly
erased
Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
hackbench -s 512 -l 200 -g 15 -f 25 -P
2.0% slowdown
Signed-off-by: Dao Lu <daolu@rivosinc.com>
Co-developed-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Co-developed-by: Guo Ren <guoren@kernel.org>
Signed-off-by: Guo Ren <guoren@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Conor Dooley <Conor.Dooley@microchip.com>
---
Dao Lu gave the first patch at [1], and Xianting missed the previous
patch and gave the second one [2]. Guo Ren tried to move
stackleak into common generic entry codes [3], but Mark Rutland pointed
out the problem. Combine the Dao Lu's patch with the GENEIRC_ENTRY
patchset series, with some modifications (fit GENEIRC_ENTRY, directly
using stackleak_erase_on_task_stack).
[1] https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
[2] https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
[3] https://lore.kernel.org/lkml/20220907014809.919979-1-guoren@kernel.org/
---
arch/riscv/Kconfig | 1 +
arch/riscv/kernel/entry.S | 3 +++
drivers/firmware/efi/libstub/Makefile | 2 +-
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index 04d2d20fb0ab..7476ce9c72d5 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -83,6 +83,7 @@ config RISCV
select HAVE_ARCH_MMAP_RND_BITS if MMU
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
select HAVE_ARCH_SECCOMP_FILTER
+ select HAVE_ARCH_STACKLEAK
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE if 64BIT && MMU
select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
index 9864e784d6a6..167ae41ae4a8 100644
--- a/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@ -145,6 +145,9 @@ ENTRY(ret_from_exception)
andi s0, s0, SR_SPP
#endif
bnez s0, 1f
+#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
+ call stackleak_erase_on_task_stack
+#endif
/* Save unwound kernel stack pointer in thread_info */
addi s0, sp, PT_SIZE_ON_STACK
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index b1601aad7e1a..28170707fa6f 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
$(call cc-option,-mno-single-pic-base)
cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpic
+ -fpic $(DISABLE_STACKLEAK_PLUGIN)
cflags-$(CONFIG_LOONGARCH) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fpie
--
2.36.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
WARNING: multiple messages have this Message-ID (diff)
From: guoren@kernel.org
To: arnd@arndb.de, guoren@kernel.org, palmer@rivosinc.com,
tglx@linutronix.de, peterz@infradead.org, luto@kernel.org,
conor.dooley@microchip.com, heiko@sntech.de, jszhang@kernel.org,
lazyparser@gmail.com, falcon@tinylab.org, chenhuacai@kernel.org,
apatel@ventanamicro.com, atishp@atishpatra.org,
palmer@dabbelt.com, paul.walmsley@sifive.com,
mark.rutland@arm.com, zouyipeng@huawei.com,
bigeasy@linutronix.de, David.Laight@aculab.com,
chenzhongjin@huawei.com, greentime.hu@sifive.com,
andy.chiu@sifive.com
Cc: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-riscv@lists.infradead.org, Dao Lu <daolu@rivosinc.com>,
Xianting Tian <xianting.tian@linux.alibaba.com>,
Conor Dooley <Conor.Dooley@microchip.com>
Subject: [PATCH V7 09/12] riscv: Add support for STACKLEAK gcc plugin
Date: Sat, 15 Oct 2022 07:46:59 -0400 [thread overview]
Message-ID: <20221015114702.3489989-10-guoren@kernel.org> (raw)
In-Reply-To: <20221015114702.3489989-1-guoren@kernel.org>
From: Dao Lu <daolu@rivosinc.com>
Add support for STACKLEAK gcc plugin to riscv based heavily on the arm64
version, and modifying the entry.S. Additionally, this disables the
plugin for EFI stub code for riscv. All modifications base on
generic_entry.
The stackleak_erase_on_task_stack() is called in irq disabled context
before return to user space.
Here is the test result with LKDTM:
echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
[ 53.110405] lkdtm: Performing direct entry STACKLEAK_ERASING
[ 53.111630] lkdtm: stackleak stack usage:
[ 53.111630] high offset: 288 bytes
[ 53.111630] current: 592 bytes
[ 53.111630] lowest: 1136 bytes
[ 53.111630] tracked: 1136 bytes
[ 53.111630] untracked: 576 bytes
[ 53.111630] poisoned: 14376 bytes
[ 53.111630] low offset: 8 bytes
[ 53.115078] lkdtm: OK: the rest of the thread stack is properly
erased
Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
hackbench -s 512 -l 200 -g 15 -f 25 -P
2.0% slowdown
Signed-off-by: Dao Lu <daolu@rivosinc.com>
Co-developed-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Signed-off-by: Xianting Tian <xianting.tian@linux.alibaba.com>
Co-developed-by: Guo Ren <guoren@kernel.org>
Signed-off-by: Guo Ren <guoren@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Conor Dooley <Conor.Dooley@microchip.com>
---
Dao Lu gave the first patch at [1], and Xianting missed the previous
patch and gave the second one [2]. Guo Ren tried to move
stackleak into common generic entry codes [3], but Mark Rutland pointed
out the problem. Combine the Dao Lu's patch with the GENEIRC_ENTRY
patchset series, with some modifications (fit GENEIRC_ENTRY, directly
using stackleak_erase_on_task_stack).
[1] https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
[2] https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
[3] https://lore.kernel.org/lkml/20220907014809.919979-1-guoren@kernel.org/
---
arch/riscv/Kconfig | 1 +
arch/riscv/kernel/entry.S | 3 +++
drivers/firmware/efi/libstub/Makefile | 2 +-
3 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index 04d2d20fb0ab..7476ce9c72d5 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -83,6 +83,7 @@ config RISCV
select HAVE_ARCH_MMAP_RND_BITS if MMU
select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
select HAVE_ARCH_SECCOMP_FILTER
+ select HAVE_ARCH_STACKLEAK
select HAVE_ARCH_TRACEHOOK
select HAVE_ARCH_TRANSPARENT_HUGEPAGE if 64BIT && MMU
select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
index 9864e784d6a6..167ae41ae4a8 100644
--- a/arch/riscv/kernel/entry.S
+++ b/arch/riscv/kernel/entry.S
@@ -145,6 +145,9 @@ ENTRY(ret_from_exception)
andi s0, s0, SR_SPP
#endif
bnez s0, 1f
+#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
+ call stackleak_erase_on_task_stack
+#endif
/* Save unwound kernel stack pointer in thread_info */
addi s0, sp, PT_SIZE_ON_STACK
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index b1601aad7e1a..28170707fa6f 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
$(call cc-option,-mno-single-pic-base)
cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpic
+ -fpic $(DISABLE_STACKLEAK_PLUGIN)
cflags-$(CONFIG_LOONGARCH) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fpie
--
2.36.1
next prev parent reply other threads:[~2022-10-15 11:51 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-15 11:46 [PATCH V7 00/12] riscv: Add GENERIC_ENTRY support and related features guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 01/12] riscv: elf_kexec: Fixup compile warning guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 02/12] riscv: compat_syscall_table: " guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 03/12] riscv: ptrace: Remove duplicate operation guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 04/12] compiler_types.h: Add __noinstr_section() for noinstr guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 05/12] riscv: traps: Add noinstr to prevent instrumentation inserted guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 06/12] riscv: convert to generic entry guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 07/12] riscv: Support HAVE_IRQ_EXIT_ON_IRQ_STACK guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` [PATCH V7 08/12] riscv: Support HAVE_SOFTIRQ_ON_OWN_STACK guoren
2022-10-15 11:46 ` guoren
2022-10-15 11:46 ` guoren [this message]
2022-10-15 11:46 ` [PATCH V7 09/12] riscv: Add support for STACKLEAK gcc plugin guoren
2022-10-15 11:47 ` [PATCH V7 10/12] riscv: Add config of thread stack size guoren
2022-10-15 11:47 ` guoren
2022-10-15 11:47 ` [PATCH V7 11/12] riscv: remove extra level wrappers of trace_hardirqs_{on,off} guoren
2022-10-15 11:47 ` guoren
2022-10-15 11:47 ` [PATCH V7 12/12] riscv: Typo fixup for addi -> andi in comment guoren
2022-10-15 11:47 ` guoren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221015114702.3489989-10-guoren@kernel.org \
--to=guoren@kernel.org \
--cc=David.Laight@aculab.com \
--cc=andy.chiu@sifive.com \
--cc=apatel@ventanamicro.com \
--cc=arnd@arndb.de \
--cc=atishp@atishpatra.org \
--cc=bigeasy@linutronix.de \
--cc=chenhuacai@kernel.org \
--cc=chenzhongjin@huawei.com \
--cc=conor.dooley@microchip.com \
--cc=daolu@rivosinc.com \
--cc=falcon@tinylab.org \
--cc=greentime.hu@sifive.com \
--cc=heiko@sntech.de \
--cc=jszhang@kernel.org \
--cc=lazyparser@gmail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=palmer@dabbelt.com \
--cc=palmer@rivosinc.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=xianting.tian@linux.alibaba.com \
--cc=zouyipeng@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.