Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp1518919ybg; Thu, 4 Jun 2020 11:43:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxEB1wnFT/nl2wvqHgGEaqrZEHvDUU8NBAZXi3+huSvidN94NjorQqyO82wn6czaf/KcRDq X-Received: by 2002:a17:906:2484:: with SMTP id e4mr5322516ejb.155.1591296189800; Thu, 04 Jun 2020 11:43:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591296189; cv=none; d=google.com; s=arc-20160816; b=BlsPN0CSnHvhH0YRBH9qdWrXLDjM17sGLowwihEcsf1P71KthVesgWi+TtpHvkr4xj 4c7T4/uytguiNfOjJIwc1bw1eSAWy7OBgHYC4ocOB8RbZBmsVspR2XWV0uz1zZ9N+kPr hB10bURYQT4IXsul1lLCu5GiYAwpXYb3Aeq1j4GkR3rTci2NDGYePUXOJQC3CLCnDcEf DTpOlcpif+uNT3QICp2rqx/pjHfSCUtYWsA6lkBp8driKIcKST4dEpLeHTToEFGVC2BJ 8L0c6p3hzYQT8ulxQUNPXYTW590NAjH6ElJQ5W5ksd9gdUCLxgDdszLuFWKFR5B1WnaI KOHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=9/mS/crSG/SbKgPicMind4lrkGlCDOUOSlUrNN+bfdo=; b=CvPfK4JobFgaNJPcScfL4jtDMtTrkaCiUi3KoZCBx+GdwrAoiO6TVwovWGkET/ayHf oK79B4QcDcxRqscWuB0aOfrn0A1h2djfulZlZF23m8CsFxJNltJ1TzDejOBp0/urqBTD 7NEDmt7fo6H1cnaK1WJsE9fIyopwPA/veuExJWHLrKTZOUoDckBDBVl/CmEtTC4NAmZF NeBc/XqYIxH0a5RXmLXWmZ2hCjA9lgTL1G7JJZObakSo0Ty8V5USbgw5o6zkeBwIcIUD l/GxtdDSO+wxqDivhtty8h4Yav6wKc0l6P2E5PCHiEBnQ27jB7vACtgE3FsHKiw1w8Q5 VWxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f1si2199359edl.533.2020.06.04.11.42.43; Thu, 04 Jun 2020 11:43:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728667AbgFDNuk (ORCPT + 99 others); Thu, 4 Jun 2020 09:50:40 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:43459 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728337AbgFDNuk (ORCPT ); Thu, 4 Jun 2020 09:50:40 -0400 Received: by mail-lf1-f65.google.com with SMTP id c12so3631740lfc.10; Thu, 04 Jun 2020 06:50:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=9/mS/crSG/SbKgPicMind4lrkGlCDOUOSlUrNN+bfdo=; b=PSK1YejsJgXfe2XYxbsgFP7Ka63S0ZMXy2Xva+kS1Mrnsj1USFa3KHkX9+ICOMro9W TQxEzs5DpLM268+yoXKixRbPWzTLPLnQTRkGoErzwvXU8TzfV7jCzlPPJE3h232e/RwH xf9kgNBNzgISQ0IGRdxbu9cm9GBPPOwSPLLffyq638cB2IVuM80j2YQSDhffWbCTgWXT 6JGj++0QYtaqHB2YY96uH3K5/wQre5RReORFx0ro4nfQ+QlwLbOPE640AiVtZ26+0nRL ylpgUQEfHHQuSGrJpwpZF20vjMgto6PA4KH6bX4I5yvnm7aaWqeuYfcrHR/Ol0tujZP+ y2eA== X-Gm-Message-State: AOAM530Koi5yJBKRa4RPTviDDu3OZtzToQ7eIiejWY18iUuEG2mktZJ4 ahhBUguKNpDfqU57Kaluunk= X-Received: by 2002:a05:6512:20d:: with SMTP id a13mr2649191lfo.36.1591278637579; Thu, 04 Jun 2020 06:50:37 -0700 (PDT) Received: from localhost.localdomain ([185.248.161.177]) by smtp.gmail.com with ESMTPSA id u16sm1202140lji.58.2020.06.04.06.50.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jun 2020 06:50:36 -0700 (PDT) From: Alexander Popov To: Kees Cook , Emese Revfy , Miguel Ojeda , Masahiro Yamada , Michal Marek , Andrew Morton , Masahiro Yamada , Thiago Jung Bauermann , Luis Chamberlain , Jessica Yu , Sven Schnelle , Iurii Zaikin , Catalin Marinas , Will Deacon , Vincenzo Frascino , Thomas Gleixner , Peter Collingbourne , Naohiro Aota , Alexander Monakov , Mathias Krause , PaX Team , Brad Spengler , Laura Abbott , Florian Weimer , Alexander Popov , kernel-hardening@lists.openwall.com, linux-kbuild@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gcc@gcc.gnu.org Cc: notify@kernel.org Subject: [PATCH 0/5] Improvements of the stackleak gcc plugin Date: Thu, 4 Jun 2020 16:49:52 +0300 Message-Id: <20200604134957.505389-1-alex.popov@linux.com> X-Mailer: git-send-email 2.25.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In this patch series I collected various improvements of the stackleak gcc plugin. The first patch excludes alloca() from the stackleak instrumentation logic to make it simpler. The second patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The third patch adds 'verbose' plugin parameter for printing additional info about the kernel code instrumentation. Two other patches disable unneeded stackleak instrumentation for some files. I would like to thank Alexander Monakov for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Alexander Popov (5): gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter gcc-plugins/stackleak: Don't instrument itself gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO arch/arm64/kernel/vdso/Makefile | 3 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 260 ++++++++++++++++++++----- 6 files changed, 232 insertions(+), 63 deletions(-) -- 2.25.2