| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2022 17:35:10 +0000
From: <Conor.Dooley@...rochip.com>
To: <guoren@...nel.org>, <oleg@...hat.com>, <vgupta@...nel.org>,
<linux@...linux.org.uk>, <monstr@...str.eu>, <dinguyen@...nel.org>,
<palmer@...belt.com>, <davem@...emloft.net>, <arnd@...db.de>,
<shorne@...il.com>, <paul.walmsley@...ive.com>,
<aou@...s.berkeley.edu>, <ardb@...nel.org>, <heiko@...ech.de>,
<daolu@...osinc.com>
CC: <linux-arch@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-riscv@...ts.infradead.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-snps-arc@...ts.infradead.org>, <sparclinux@...r.kernel.org>,
<openrisc@...ts.librecores.org>, <xianting.tian@...ux.alibaba.com>,
<linux-efi@...r.kernel.org>
Subject: Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end
of syscalls
On 03/09/2022 17:23, guoren@...nel.org wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> From: Xianting Tian <xianting.tian@...ux.alibaba.com>
>
> This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> the plugin in EFI stub code, which is out of scope for the protection.
>
> For the benefits of STACKLEAK feature, please check the commit
> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
>
> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> hackbench -s 512 -l 200 -g 15 -f 25 -P
> 2.0% slowdown
>
> Signed-off-by: Xianting Tian <xianting.tian@...ux.alibaba.com>
What changed since Xianting posted it himself a week ago:
https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
There's an older patch from Du Lao adding STACKLEAK too:
https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
But since there's been no activity there since June...
> ---
> arch/riscv/Kconfig | 1 +
> arch/riscv/include/asm/processor.h | 4 ++++
> arch/riscv/kernel/entry.S | 3 +++
> drivers/firmware/efi/libstub/Makefile | 2 +-
> 4 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index ed66c31e4655..61fd0dad4463 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -85,6 +85,7 @@ config RISCV
> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
> + select HAVE_ARCH_STACKLEAK
> select HAVE_ASM_MODVERSIONS
> select HAVE_CONTEXT_TRACKING_USER
> select HAVE_DEBUG_KMEMLEAK
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index d0537573501e..5e1fc4f82883 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> -fno-builtin -fpic \
> $(call cc-option,-mno-single-pic-base)
> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> - -fpic
> + -fpic $(DISABLE_STACKLEAK_PLUGIN)
>
> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
>
> --
> 2.17.1
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists