| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Sep 2022 09:51:36 +0800
From: Guo Ren <guoren@...nel.org>
To: Conor.Dooley@...rochip.com
Cc: oleg@...hat.com, vgupta@...nel.org, linux@...linux.org.uk,
monstr@...str.eu, dinguyen@...nel.org, palmer@...belt.com,
davem@...emloft.net, arnd@...db.de, shorne@...il.com,
paul.walmsley@...ive.com, aou@...s.berkeley.edu, ardb@...nel.org,
heiko@...ech.de, daolu@...osinc.com, linux-arch@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org,
linux-snps-arc@...ts.infradead.org, sparclinux@...r.kernel.org,
openrisc@...ts.librecores.org, xianting.tian@...ux.alibaba.com,
linux-efi@...r.kernel.org
Subject: Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end
of syscalls
Hi all,
How about the generic_entry version:
https://lore.kernel.org/lkml/20220907014809.919979-1-guoren@kernel.org/
On Wed, Sep 7, 2022 at 1:35 AM <Conor.Dooley@...rochip.com> wrote:
>
> On 03/09/2022 17:23, guoren@...nel.org wrote:
> > EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
> >
> > From: Xianting Tian <xianting.tian@...ux.alibaba.com>
> >
> > This adds support for the STACKLEAK gcc plugin to RISC-V and disables
> > the plugin in EFI stub code, which is out of scope for the protection.
> >
> > For the benefits of STACKLEAK feature, please check the commit
> > afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
> >
> > Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
> > hackbench -s 512 -l 200 -g 15 -f 25 -P
> > 2.0% slowdown
> >
> > Signed-off-by: Xianting Tian <xianting.tian@...ux.alibaba.com>
>
> What changed since Xianting posted it himself a week ago:
> https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
>
> There's an older patch from Du Lao adding STACKLEAK too:
> https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
>
> But since there's been no activity there since June...
>
> > ---
> > arch/riscv/Kconfig | 1 +
> > arch/riscv/include/asm/processor.h | 4 ++++
> > arch/riscv/kernel/entry.S | 3 +++
> > drivers/firmware/efi/libstub/Makefile | 2 +-
> > 4 files changed, 9 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> > index ed66c31e4655..61fd0dad4463 100644
> > --- a/arch/riscv/Kconfig
> > +++ b/arch/riscv/Kconfig
> > @@ -85,6 +85,7 @@ config RISCV
> > select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
> > select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> > select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
> > + select HAVE_ARCH_STACKLEAK
> > select HAVE_ASM_MODVERSIONS
> > select HAVE_CONTEXT_TRACKING_USER
> > select HAVE_DEBUG_KMEMLEAK
> > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> > index d0537573501e..5e1fc4f82883 100644
> > --- a/drivers/firmware/efi/libstub/Makefile
> > +++ b/drivers/firmware/efi/libstub/Makefile
> > @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> > -fno-builtin -fpic \
> > $(call cc-option,-mno-single-pic-base)
> > cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
> > - -fpic
> > + -fpic $(DISABLE_STACKLEAK_PLUGIN)
> >
> > cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
> >
> > --
> > 2.17.1
> >
> >
> > _______________________________________________
> > linux-riscv mailing list
> > linux-riscv@...ts.infradead.org
> > http://lists.infradead.org/mailman/listinfo/linux-riscv
>
--
Best Regards
Guo Ren
Powered by blists - more mailing lists