lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150513135109.GA28284@treble.redhat.com>
Date:	Wed, 13 May 2015 08:51:09 -0500
From:	Josh Poimboeuf <jpoimboe@...hat.com>
To:	Michal Marek <mmarek@...e.cz>
Cc:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>, x86@...nel.org,
	live-patching@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/3] x86, stackvalidate: Compile-time stack frame
 pointer validation

On Wed, May 13, 2015 at 12:39:14PM +0200, Michal Marek wrote:
> On 2015-05-11 18:38, Josh Poimboeuf wrote:
> > Frame pointer based stack traces aren't always reliable.  One big reason
> > is that most asm functions don't set up the frame pointer.
> > 
> > Fix that by enforcing that all asm functions honor CONFIG_FRAME_POINTER.
> > This is done with a new stackvalidate host tool which is automatically
> > run for every compiled .S file and which validates that every asm
> > function does the proper frame pointer setup.
> > 
> > Also, to make sure somebody didn't forget to annotate their callable asm code
> > as a function, flag an error for any return instructions which are hiding
> > outside of a function.  In almost all cases, return instructions are part of
> > callable functions and should be annotated as such so that we can validate
> > their frame pointer usage.  A whitelist mechanism exists for those few return
> > instructions which are not actually in callable code.
> > 
> > It currently only supports x86_64.  It *almost* supports x86_32, but the
> > stackvalidate code doesn't yet know how to deal with 32-bit REL
> > relocations for the return whitelists.  I tried to make the code generic
> > so that support for other architectures can be plugged in pretty easily.
> > 
> > As a first step, all reported non-compliances result in warnings.  Right
> > now I'm seeing 200+ warnings.  Once we get them all cleaned up, we can
> > change the warnings to build errors so the asm code can stay clean.
> > 
> > Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> > ---
> >  MAINTAINERS                           |   6 +
> >  arch/Kconfig                          |   4 +
> >  arch/x86/Kconfig                      |   1 +
> >  arch/x86/Makefile                     |   6 +-
> >  lib/Kconfig.debug                     |  11 ++
> >  scripts/Makefile                      |   1 +
> >  scripts/Makefile.build                |  22 ++-
> 
> For the kbuild parts: Acked-by: Michal Marek <mmarek@...e.cz>

Thanks!

> > +int main(int argc, char *argv[])
> > +{
> > +	struct args args;
> > +	struct elf *elf;
> > +	struct section *sec;
> > +	int ret, warnings = 0;
> > +
> > +	argp_parse(&argp, argc, argv, 0, 0, &args);
> > +
> > +	elf = elf_open(args.args[0]);
> > +	if (!elf) {
> > +		fprintf(stderr, "error reading elf file %s\n", args.args[0]);
> > +		return 1;
> > +	}
> > +
> > +	if (is_file_whitelisted(elf))
> > +		return 0;
> > +
> > +	list_for_each_entry(sec, &elf->sections, list) {
> > +		ret = validate_section(elf, sec);
> > +		if (ret < 0)
> > +			return -1;
> 
> return 1? Since this is the exit status of the program.

Ok, I'll change it to 1.

-- 
Josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ