| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 31 Oct 2019 20:55:03 -0700
From: Kees Cook <keescook@...omium.org>
To: samitolvanen@...gle.com
Cc: Will Deacon <will@...nel.org>,
Catalin Marinas <catalin.marinas@....com>,
Steven Rostedt <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Dave Martin <Dave.Martin@....com>,
Laura Abbott <labbott@...hat.com>,
Mark Rutland <mark.rutland@....com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Jann Horn <jannh@...gle.com>,
Miguel Ojeda <miguel.ojeda.sandonis@...il.com>,
Masahiro Yamada <yamada.masahiro@...ionext.com>,
clang-built-linux@...glegroups.com,
kernel-hardening@...ts.openwall.com,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 07/17] scs: add support for stack usage debugging
On Thu, Oct 31, 2019 at 09:46:27AM -0700, samitolvanen@...gle.com wrote:
> Implements CONFIG_DEBUG_STACK_USAGE for shadow stacks.
Did I miss it, or is there no Kconfig section for this? I just realized
I can't find it. I was going to say "this commit log should explain
why/when this option is used", but then figured it might be explained in
the Kconfig ... but I couldn't find it. ;)
-Kees
>
> Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com>
> ---
> kernel/scs.c | 39 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 39 insertions(+)
>
> diff --git a/kernel/scs.c b/kernel/scs.c
> index 7780fc4e29ac..67c43af627d1 100644
> --- a/kernel/scs.c
> +++ b/kernel/scs.c
> @@ -167,6 +167,44 @@ int scs_prepare(struct task_struct *tsk, int node)
> return 0;
> }
>
> +#ifdef CONFIG_DEBUG_STACK_USAGE
> +static inline unsigned long scs_used(struct task_struct *tsk)
> +{
> + unsigned long *p = __scs_base(tsk);
> + unsigned long *end = scs_magic(tsk);
> + uintptr_t s = (uintptr_t)p;
> +
> + while (p < end && *p)
> + p++;
> +
> + return (uintptr_t)p - s;
> +}
> +
> +static void scs_check_usage(struct task_struct *tsk)
> +{
> + static DEFINE_SPINLOCK(lock);
> + static unsigned long highest;
> + unsigned long used = scs_used(tsk);
> +
> + if (used <= highest)
> + return;
> +
> + spin_lock(&lock);
> +
> + if (used > highest) {
> + pr_info("%s: highest shadow stack usage %lu bytes\n",
> + __func__, used);
> + highest = used;
> + }
> +
> + spin_unlock(&lock);
> +}
> +#else
> +static inline void scs_check_usage(struct task_struct *tsk)
> +{
> +}
> +#endif
> +
> bool scs_corrupted(struct task_struct *tsk)
> {
> return *scs_magic(tsk) != SCS_END_MAGIC;
> @@ -181,6 +219,7 @@ void scs_release(struct task_struct *tsk)
> return;
>
> WARN_ON(scs_corrupted(tsk));
> + scs_check_usage(tsk);
>
> scs_account(tsk, -1);
> task_set_scs(tsk, NULL);
> --
> 2.24.0.rc0.303.g954a862665-goog
>
--
Kees Cook
Powered by blists - more mailing lists