| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 06 Oct 2022 19:31:01 -0700 (PDT)
From: Palmer Dabbelt <palmer@...belt.com>
To: Conor.Dooley@...rochip.com
CC: guoren@...nel.org, oleg@...hat.com, vgupta@...nel.org,
linux@...linux.org.uk, monstr@...str.eu, dinguyen@...nel.org,
davem@...emloft.net, Arnd Bergmann <arnd@...db.de>,
shorne@...il.com, Paul Walmsley <paul.walmsley@...ive.com>,
aou@...s.berkeley.edu, ardb@...nel.org, heiko@...ech.de,
daolu@...osinc.com, linux-arch@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org,
linux-arm-kernel@...ts.infradead.org,
linux-snps-arc@...ts.infradead.org, sparclinux@...r.kernel.org,
openrisc@...ts.librecores.org, xianting.tian@...ux.alibaba.com,
linux-efi@...r.kernel.org
Subject: Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls
On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@...rochip.com wrote:
> On 03/09/2022 17:23, guoren@...nel.org wrote:
>> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>>
>> From: Xianting Tian <xianting.tian@...ux.alibaba.com>
>>
>> This adds support for the STACKLEAK gcc plugin to RISC-V and disables
>> the plugin in EFI stub code, which is out of scope for the protection.
>>
>> For the benefits of STACKLEAK feature, please check the commit
>> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")
>>
>> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
>> hackbench -s 512 -l 200 -g 15 -f 25 -P
>> 2.0% slowdown
>>
>> Signed-off-by: Xianting Tian <xianting.tian@...ux.alibaba.com>
>
> What changed since Xianting posted it himself a week ago:
> https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/
>
> There's an older patch from Du Lao adding STACKLEAK too:
> https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/
>
> But since there's been no activity there since June...
Looks like the only issues were some commit log wording stuff, and that
there's a test suite that should be run. It's not clear from the
commits that anyone has done that, I'm fine with the patch if it passes
the tests but don't really know how to run them.
Has anyone run the tests?
>
>> ---
>> arch/riscv/Kconfig | 1 +
>> arch/riscv/include/asm/processor.h | 4 ++++
>> arch/riscv/kernel/entry.S | 3 +++
>> drivers/firmware/efi/libstub/Makefile | 2 +-
>> 4 files changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
>> index ed66c31e4655..61fd0dad4463 100644
>> --- a/arch/riscv/Kconfig
>> +++ b/arch/riscv/Kconfig
>> @@ -85,6 +85,7 @@ config RISCV
>> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
>> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
>> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
>> + select HAVE_ARCH_STACKLEAK
>> select HAVE_ASM_MODVERSIONS
>> select HAVE_CONTEXT_TRACKING_USER
>> select HAVE_DEBUG_KMEMLEAK
>> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
>> index d0537573501e..5e1fc4f82883 100644
>> --- a/drivers/firmware/efi/libstub/Makefile
>> +++ b/drivers/firmware/efi/libstub/Makefile
>> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>> -fno-builtin -fpic \
>> $(call cc-option,-mno-single-pic-base)
>> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
>> - -fpic
>> + -fpic $(DISABLE_STACKLEAK_PLUGIN)
>>
>> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt
>>
>> --
>> 2.17.1
>>
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>
Powered by blists - more mailing lists