Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp7177739imm; Tue, 24 Jul 2018 09:37:43 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcgsUrvK6YWdo6Xz2Ag/U6w3oHwm7CYW4ALOVVn3j8TEF+oN6l8/Q6SakosQV/jdehS4YDW X-Received: by 2002:a62:cd3:: with SMTP id 80-v6mr18621404pfm.184.1532450263356; Tue, 24 Jul 2018 09:37:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532450263; cv=none; d=google.com; s=arc-20160816; b=ssdc6WaNO447utjyiR/nmpcsaZAEJsQ5Reea/B7utcIey88gqnz/YXuSWFayFSEsME P8F/H44zBlzT4wHpOt4xPMvq3E9wtKoCHRw/BAVrBw1OlOu9+/bF22fNQt2uDyg11LWC MgF6k0GDocBe6Ro5So9ixfV+dD84ntwV+YfVaOEDUXxfwVLTnvAZl6B4tpCnHIsC2930 guTU+g2DcXMGuhrZwIFmt1imOAqHqHjInDkdhnbeW/cz9Ou+pdtSFwtjV7RKolurQYZC fxIn0fddycaAd+zRA/unHiA8JbDbcSYAb6dR0k40QHZnBmjOIjAiq9U+qplr6lEubrUe Lblw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=7BoaocFlvYA47CWjuzT1cFj4ouWxckE4kDx1hGC1pj0=; b=QItHs02S8svXNA43qrY1Ax1TqhW0TC1bDx/+Wcg4NXI8L7WtwyECvZ9PZIADbc0P79 2oVUDqoJRcF71f26XS9jyY/yeSZkBJS6/2wfBMMHs0AQI5tFYNSpROmMwsS2RI8PA6k7 P5D4ruhSFeN8+n9TwHTX9P/9GZCgpYCLYJ1QDJLUtwFx035aBp0lmh0Sx0Q78FnA+zz1 jqusH6PcGlA6FfQdaSDoZBwlWROA+kRQY/WVDC3XtW3sbHX+aWftYrIJZTHkxeIP1jvd F7SJtMp+s8KxA0RHxUmG/oWE43DVpDuwxR7EtQGLQhxbh+LkinAsiC5JT94VHGf7C4RT ye1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=nf0W3edE; dkim=fail header.i=@chromium.org header.s=google header.b=k+6jl9Qb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a8-v6si11918125pgl.568.2018.07.24.09.37.28; Tue, 24 Jul 2018 09:37:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=nf0W3edE; dkim=fail header.i=@chromium.org header.s=google header.b=k+6jl9Qb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388529AbeGXRnP (ORCPT + 99 others); Tue, 24 Jul 2018 13:43:15 -0400 Received: from mail-yw0-f193.google.com ([209.85.161.193]:34196 "EHLO mail-yw0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388324AbeGXRnO (ORCPT ); Tue, 24 Jul 2018 13:43:14 -0400 Received: by mail-yw0-f193.google.com with SMTP id j68-v6so1765778ywg.1 for ; Tue, 24 Jul 2018 09:35:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7BoaocFlvYA47CWjuzT1cFj4ouWxckE4kDx1hGC1pj0=; b=nf0W3edEcCvjozeZjiMeELVksYsP+BgKcL/R4arjh7m+oCNWReAOeG7QJZ2Pqn16iR tdz8MPllHz+O8DtK2kG8MHcgRhxLvB+i2NM4t8GiwyVgIt4dAKAHJUNeL+6QiH4+2aud xjbcWMQcAZlQTGic5J7neO0NXZv7DlJRrzOUcHypSOy+uYGjahcvS4WH612Ra4YH50d5 zQZIa+jntjDu1fMv/tPwbiWwZNmh5mLk5ZMjFV1MzpUAtv8/sUlxKqQd7Y+jJlLxVqLP bxRc/xY1tjIhEc7VsobKND3JorvvyZ5y/luYplR62anVVwxsS+ypocWCqhCs8JAgWJb2 oobQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7BoaocFlvYA47CWjuzT1cFj4ouWxckE4kDx1hGC1pj0=; b=k+6jl9Qb7TDecmpIGC26n9j884v3WxC/e5KfWXabEsCEUYVyOBqpwEoLG6aAhaFwSI y2jA2eHWvbWVZx4+fR/MzWv7xfxaptmYPIxM/YexKwQtK/wjXlRhzF6Pdvd1M68E1Phl meC8FygLK4EvpVj4B799gZ7UsuJ/weLB9E+Lg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=7BoaocFlvYA47CWjuzT1cFj4ouWxckE4kDx1hGC1pj0=; b=slmX7YMLLUOwqsSooz8Uq1Sq383WqrKruuzF02ExjHlqoM8AJgs3QQLspX5AN6g//p VpBM0GaQR+aLB8o0XSWSWbzOCEseHp9FHv2Z9Wov8E1c9ekZ504W1WJa3UsxKipi/yVz sHCefxOX54UxXXCSvev+wZrZz6q+A2PTRxy16R47Cj7ZnM3/9+pGCxGBtFKZFtWWqRwa 34g9H063yw0dsPovX0I3MMZJPqBbeI5OUyKOvPdccpsGO2NRpBNaDU4mr61dyu3FaZ7g kj7DercLd29cNwDEUOHhA+hLmpau9L4bJedU947UgJmlRgWz9qDC854pxYhmxuDykA7v EZIQ== X-Gm-Message-State: AOUpUlHIsc5iDiFrTqBNAIP73qKf3K/BgO9rbXdTNQ6Ci4n6Ol30iazO 7JnVBXwJwz6oK2ZqsLtePmeiz18ptP4vl4wsWjmx8Q== X-Received: by 2002:a81:8742:: with SMTP id x63-v6mr9305595ywf.129.1532450156293; Tue, 24 Jul 2018 09:35:56 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:6602:0:0:0:0:0 with HTTP; Tue, 24 Jul 2018 09:35:55 -0700 (PDT) In-Reply-To: References: <20180720214154.2940-1-labbott@redhat.com> <20180720214154.2940-3-labbott@redhat.com> From: Kees Cook Date: Tue, 24 Jul 2018 09:35:55 -0700 X-Google-Sender-Auth: 1W8yZiPZetVanBeOtZLqLC-67cI Message-ID: Subject: Re: [PATCHv3 2/2] arm64: Add support for STACKLEAK gcc plugin To: Alexander Popov Cc: Laura Abbott , Mark Rutland , Ard Biesheuvel , Kernel Hardening , linux-arm-kernel , LKML , Will Deacon , Catalin Marinas Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 24, 2018 at 5:44 AM, Alexander Popov wrote: > On 21.07.2018 00:41, Laura Abbott wrote: >> This adds support for the STACKLEAK gcc plugin to arm64 by implementing >> stackleak_check_alloca(), based heavily on the x86 version, and adding the >> two helpers used by the stackleak common code: current_top_of_stack() and >> on_thread_stack(). The stack erasure calls are made at syscall returns. >> Additionally, this disables the plugin in hypervisor and EFI stub code, >> which are out of scope for the protection. >> >> Reviewed-by: Mark Rutland >> Reviewed-by: Kees Cook >> Signed-off-by: Laura Abbott >> --- >> v3: Actual commit text courtesy of Kees. A comment explaining why we >> panic >> --- >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/processor.h | 15 +++++++++++++++ >> arch/arm64/kernel/entry.S | 7 +++++++ >> arch/arm64/kernel/process.c | 22 ++++++++++++++++++++++ >> arch/arm64/kvm/hyp/Makefile | 3 ++- >> drivers/firmware/efi/libstub/Makefile | 3 ++- >> 6 files changed, 49 insertions(+), 2 deletions(-) > > Laura, thanks for your work! > > I've reviewed and tested this patch on my LeMaker HiKey board (HiSilicon Kirin > 620 SoC). The lkdtm tests for STACKLEAK work fine. > > Acked-by: Alexander Popov > > For testing I applied your patches above Kees' for-next/kspp: > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=for-next/kspp > > I've had one trouble with building CONFIG_STACKLEAK_RUNTIME_DISABLE on arm64. > Kees, could you please fold this into the 7th patch of the series? Sure thing! -Kees > > ---- >8 ---- > > diff --git a/kernel/stackleak.c b/kernel/stackleak.c > index f731c9a..03031f7a 100644 > --- a/kernel/stackleak.c > +++ b/kernel/stackleak.c > @@ -16,6 +16,7 @@ > > #ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE > #include > +#include > > static DEFINE_STATIC_KEY_FALSE(stack_erasing_bypass); > -- Kees Cook Pixel Security