| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220907014809.919979-1-guoren@kernel.org>
Date: Tue, 6 Sep 2022 21:48:09 -0400
From: guoren@...nel.org
To: tglx@...utronix.de, peterz@...radead.org, luto@...nel.org,
Conor.Dooley@...rochip.com, xianting.tian@...ux.alibaba.com,
daolu@...osinc.com, arnd@...db.de
Cc: linux-kernel@...r.kernel.org, linux-efi@...r.kernel.org,
linux-security-module@...r.kernel.org,
Guo Ren <guoren@...ux.alibaba.com>, Guo Ren <guoren@...nel.org>
Subject: [RFC PATCH] generic_entry: Add stackleak support
From: Guo Ren <guoren@...ux.alibaba.com>
Make generic_entry supports basic STACKLEAK, and no arch custom
code is needed.
Signed-off-by: Guo Ren <guoren@...ux.alibaba.com>
Signed-off-by: Guo Ren <guoren@...nel.org>
---
drivers/firmware/efi/libstub/Makefile | 4 +++-
include/linux/stackleak.h | 3 +++
kernel/entry/common.c | 5 +++++
security/Kconfig.hardening | 2 +-
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index d0537573501e..bb6ad37a9690 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -19,7 +19,7 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ \
# arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly
# disable the stackleak plugin
cflags-$(CONFIG_ARM64) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpie $(DISABLE_STACKLEAK_PLUGIN) \
+ -fpie \
$(call cc-option,-mbranch-protection=none)
cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
@@ -27,6 +27,8 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fpic
+cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) += $(DISABLE_STACKLEAK_PLUGIN)
+
cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
KBUILD_CFLAGS := $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \
diff --git a/include/linux/stackleak.h b/include/linux/stackleak.h
index c36e7a3b45e7..9890802a5868 100644
--- a/include/linux/stackleak.h
+++ b/include/linux/stackleak.h
@@ -76,8 +76,11 @@ static inline void stackleak_task_init(struct task_struct *t)
# endif
}
+void noinstr stackleak_erase(void);
+
#else /* !CONFIG_GCC_PLUGIN_STACKLEAK */
static inline void stackleak_task_init(struct task_struct *t) { }
+static inline void stackleak_erase(void) {}
#endif
#endif
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index 063068a9ea9b..6acb1d6a1396 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -8,6 +8,7 @@
#include <linux/livepatch.h>
#include <linux/audit.h>
#include <linux/tick.h>
+#include <linux/stackleak.h>
#include "common.h"
@@ -194,6 +195,10 @@ static void exit_to_user_mode_prepare(struct pt_regs *regs)
lockdep_assert_irqs_disabled();
+#ifndef CONFIG_HAVE_ARCH_STACKLEAK
+ stackleak_erase();
+#endif
+
/* Flush pending rcuog wakeup before the last need_resched() check */
tick_nohz_user_enter_prepare();
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index bd2aabb2c60f..3329482beb8d 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -152,7 +152,7 @@ config GCC_PLUGIN_STRUCTLEAK_VERBOSE
config GCC_PLUGIN_STACKLEAK
bool "Poison kernel stack before returning from syscalls"
depends on GCC_PLUGINS
- depends on HAVE_ARCH_STACKLEAK
+ depends on HAVE_ARCH_STACKLEAK || GENERIC_ENTRY
help
This option makes the kernel erase the kernel stack before
returning from system calls. This has the effect of leaving
--
2.36.1
Powered by blists - more mailing lists