| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Mar 2022 16:32:51 +0100
From: andrey.konovalov@...ux.dev
To: Marco Elver <elver@...gle.com>,
Alexander Potapenko <glider@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>
Cc: Andrey Konovalov <andreyknvl@...il.com>,
Dmitry Vyukov <dvyukov@...gle.com>,
Andrey Ryabinin <ryabinin.a.a@...il.com>,
kasan-dev@...glegroups.com, Mark Rutland <mark.rutland@....com>,
Vincenzo Frascino <vincenzo.frascino@....com>,
Sami Tolvanen <samitolvanen@...gle.com>,
Peter Collingbourne <pcc@...gle.com>,
Evgenii Stepanov <eugenis@...gle.com>,
Florian Mayer <fmayer@...gle.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org,
Andrey Konovalov <andreyknvl@...gle.com>
Subject: [PATCH v2 0/4] kasan, arm64, scs, stacktrace: collect stack traces from Shadow Call Stack
From: Andrey Konovalov <andreyknvl@...gle.com>
kasan, arm64, scs, stacktrace: collect stack traces from Shadow Call Stack
Currently, KASAN always uses the normal stack trace collection routines,
which rely on the unwinder, when saving alloc and free stack traces.
Instead of invoking the unwinder, collect the stack trace by copying
frames from the Shadow Call Stack whenever it is enabled. This reduces
boot time by 30% for all KASAN modes when Shadow Call Stack is enabled.
Stack staces are collected from the Shadow Call Stack via a new
stack_trace_save_shadow() interface.
Note that the frame of the interrupted function is not included into
the stack trace, as it is not yet saved on the SCS when an interrupt
happens.
---
To deal with this last thing, we could save the interrupted frame address
in another per-CPU variable. I'll look into implementing this for v3.
I decided to postpone the changes to stack depot that avoid copying
frames twice until a planned upcoming update for stack depot.
Changes v1->v2:
- Provide a kernel-wide stack_trace_save_shadow() interface for collecting
stack traces from shadow stack.
- Use ptrauth_strip_insn_pac() and READ_ONCE_NOCHECK, see the comments.
- Get SCS pointer from x18, as per-task value is meant to save the SCS
value on CPU switches.
- Collect stack frames from SDEI and IRQ contexts.
Andrey Konovalov (4):
stacktrace: add interface based on shadow call stack
arm64, scs: save scs_sp values per-cpu when switching stacks
arm64: implement stack_trace_save_shadow
kasan: use stack_trace_save_shadow
arch/Kconfig | 6 +++
arch/arm64/Kconfig | 1 +
arch/arm64/include/asm/assembler.h | 12 +++++
arch/arm64/include/asm/scs.h | 13 ++++-
arch/arm64/kernel/entry.S | 28 ++++++++--
arch/arm64/kernel/irq.c | 4 +-
arch/arm64/kernel/sdei.c | 5 +-
arch/arm64/kernel/stacktrace.c | 83 ++++++++++++++++++++++++++++++
include/linux/stacktrace.h | 15 ++++++
kernel/stacktrace.c | 21 ++++++++
mm/kasan/common.c | 9 ++--
11 files changed, 183 insertions(+), 14 deletions(-)
--
2.25.1
Powered by blists - more mailing lists