Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp513557ybg; Wed, 10 Jun 2020 06:44:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqqZNsRb4zLhrpu8ry0pjSiiCsDpI+bnKmX+3/Nk3F1fRaScbGVJ5Uk35ymJdAPV2W53Rs X-Received: by 2002:a17:906:454b:: with SMTP id s11mr3619425ejq.546.1591796680343; Wed, 10 Jun 2020 06:44:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591796680; cv=none; d=google.com; s=arc-20160816; b=ugE7Ek2GzN4Z6oFXo9X0Z44i+Au7431uMMowxWsVlM73NYsE5eUjxo1jp3bH0i7+mW DK7IVrEI0sY1wHiV3bjYsRVIWAKTYAwZT/FeHioagwQ2TTzncJF4zF9Pl4dbrwHSGOSp /FFGqXp8LN97/be14o3zvMoqD2WmE5TpI8SmHT0Ns+kHD3KQGXMISC91BOGOGxf/Rulf eX02SJBn5XgODdPmlVnx5VXYT8HW1AO+x+kk506Ohh6Yn+VSlRYZ1HhhsM+uac5pSZGP awF/41h7NfzRnJ23zSv30rN8sEwkHMI5vWSAPBk0C8Fb3DnSSKRjASxT0Mzoa01u+OjF 6ncQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ur1juGx5Qcp+x75YHXUCoNRPYuhkEt5FnB/F7b5WQow=; b=oqD+8Oc9Hq8Mo3gdkTuoQP48nG4oew3TjQeSx6mfofcbPQkP8r78T1Q3mmcDXuCr2J oxeB5KWdRJtIFJ73nVmuz7TIfv8fHQ4p72chAf4bQj7HXXFiaHDXs+JT567UAcZ2/wzI nNTb89RCh4KShB/+sRKZuSjGrkrpGg5ac3nCqzgDt0PgZ24N82CgdLP3P8Il2A+ltq1x VrBoUX5D/wsaiBDVR4WxIE3rwDSUb/OhXxUf23oElraBhOVDalcR9tyZr/uJ1nOmS0uK RdybcUExw7036goa6aK/R2pTMZUFXGLDjWqFdzoQPKhK9H7jzK6z2vqyN074kiABbaMX jVBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kurjwS8f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b6si31896ejb.100.2020.06.10.06.44.16; Wed, 10 Jun 2020 06:44:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=kurjwS8f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726441AbgFJHa4 (ORCPT + 99 others); Wed, 10 Jun 2020 03:30:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:57466 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbgFJHa4 (ORCPT ); Wed, 10 Jun 2020 03:30:56 -0400 Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BE19D2064C; Wed, 10 Jun 2020 07:30:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591774255; bh=IH/VSuSEAGvCmDHtwWjVeUZ11F3kkh8B0kP5JWifwc8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=kurjwS8fwiw8EGn0jbytoas/wrEj4xJkUEgxJkvcozH24JD2dlC5y+a4nJD0My3sq ul+wjivjzSARUMXtVw/lGNKsv6f0Tp7jqRq/C1+iXJ6YGLS7CKEkCCFlbDtWNARzK4 Peuog3YYkCA20WJGXvYxTvu65RcFJjBDad24TU9U= Date: Wed, 10 Jun 2020 08:30:47 +0100 From: Will Deacon To: Kees Cook Cc: Alexander Popov , Emese Revfy , Miguel Ojeda , Masahiro Yamada , Michal Marek , Andrew Morton , Masahiro Yamada , Thiago Jung Bauermann , Luis Chamberlain , Jessica Yu , Sven Schnelle , Iurii Zaikin , Catalin Marinas , Vincenzo Frascino , Thomas Gleixner , Peter Collingbourne , Naohiro Aota , Alexander Monakov , Mathias Krause , PaX Team , Brad Spengler , Laura Abbott , Florian Weimer , kernel-hardening@lists.openwall.com, linux-kbuild@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gcc@gcc.gnu.org, notify@kernel.org Subject: Re: [PATCH 5/5] gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO Message-ID: <20200610073046.GA15939@willie-the-truck> References: <20200604134957.505389-1-alex.popov@linux.com> <20200604134957.505389-6-alex.popov@linux.com> <20200604135806.GA3170@willie-the-truck> <202006091149.6C78419@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202006091149.6C78419@keescook> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 09, 2020 at 12:09:27PM -0700, Kees Cook wrote: > On Thu, Jun 04, 2020 at 02:58:06PM +0100, Will Deacon wrote: > > On Thu, Jun 04, 2020 at 04:49:57PM +0300, Alexander Popov wrote: > > > Don't try instrumenting functions in arch/arm64/kernel/vdso/vgettimeofday.c. > > > Otherwise that can cause issues if the cleanup pass of stackleak gcc plugin > > > is disabled. > > > > > > Signed-off-by: Alexander Popov > > > --- > > > arch/arm64/kernel/vdso/Makefile | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile > > > index 3862cad2410c..9b84cafbd2da 100644 > > > --- a/arch/arm64/kernel/vdso/Makefile > > > +++ b/arch/arm64/kernel/vdso/Makefile > > > @@ -32,7 +32,8 @@ UBSAN_SANITIZE := n > > > OBJECT_FILES_NON_STANDARD := y > > > KCOV_INSTRUMENT := n > > > > > > -CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables > > > +CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables \ > > > + $(DISABLE_STACKLEAK_PLUGIN) > > > > I can pick this one up via arm64, thanks. Are there any other plugins we > > should be wary of? It looks like x86 filters out $(GCC_PLUGINS_CFLAGS) > > when building the vDSO. > > I didn't realize/remember that arm64 retained the kernel build flags for > vDSO builds. (I'm used to x86 throwing all its flags away for its vDSO.) > > How does 32-bit ARM do its vDSO? > > My quick run-through on plugins: > > arm_ssp_per_task_plugin.c > 32-bit ARM only (but likely needs disabling for 32-bit ARM vDSO?) On arm64, the 32-bit toolchain is picked up via CC_COMPAT -- does that still get the plugins? > cyc_complexity_plugin.c > compile-time reporting only > > latent_entropy_plugin.c > this shouldn't get triggered for the vDSO (no __latent_entropy > nor __init attributes in vDSO), but perhaps explicitly disabling > it would be a sensible thing to do, just for robustness? > > randomize_layout_plugin.c > this shouldn't get triggered (again, lacking attributes), but > should likely be disabled too. > > sancov_plugin.c > This should be tracking the KCOV directly (see > scripts/Makefile.kcov), which is already disabled here. > > structleak_plugin.c > This should be fine in the vDSO, but there's not security > boundary here, so it wouldn't be important to KEEP it enabled. Thanks for going through these. In general though, it seems like an opt-in strategy would make more sense, as it doesn't make an awful lot of sense to me for the plugins to be used to build the vDSO. So I would prefer that this patch filters out $(GCC_PLUGINS_CFLAGS). Will