Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp540950ybt; Wed, 24 Jun 2020 05:34:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzyQNq5gx+LWFz30mC96/iKICyG5BbDvpjYYxYNNAZMEWmFDF+SBmUD6nBKjly4skl5YJju X-Received: by 2002:a17:906:7283:: with SMTP id b3mr25747073ejl.163.1593002096179; Wed, 24 Jun 2020 05:34:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593002096; cv=none; d=google.com; s=arc-20160816; b=FLIyiqRJ5BuI81qGu2BXOEY2H96Ny7D/P75J+0BQhGtDuE9zkZaWP3sOZ2vOeEUmWI OlEh//FuS/isjLxP6MyaQcmylp5QlK5jNG9pLMDD6Lg96fWfhR36sJn8pJi/rpki8gJv 0Vt9R891NjblUoFSZJjSZI5L0R1QFCH4LyQqkp5rlBrwdMuYn/aHUl9o08AaL/6jUHKu mN7dYcAv90Ys/6zmT0437TjFEk4zJxdYJIiz67PVHT/2QUalqVZv+oKLwjtaMeNoYbWB QrRebtYMIWdwU0TZYpGGYqwToHoYoZzCGM6ZYJJonRWh0Y2YOBZcdlAurO6xeeoil6QH VCKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=8sHQzOYVDYH3ZNMAFgn6qFPgIIglqtoHHBWYdYcv8aA=; b=V2Y/S9CgLswOsLrbZ27mO6P5REtOwln3elQziZS6UGDs8AmsX8azZTISkq229JL7ax k4+bj5/KE2gBsTxHCk5uNbqunPVRBlWyCfRDa/DjlTjMFA5GzrHQ/ZoM2ZVycYb7eF4D SZ2KeZX33lRqEaoIzaZb2/ASfXgMxe2VI9QZRfWT06FwCVbjAQuJ774GPrObX7fwrjE7 rxcezD0YLk/f2VYgiIj80BO4fvisGsFADx3p6bv35Bz3+TywFa8/pIwgpIUxR4TZNOQh NgEiu4FSEbkIUO+p4q93rfrWB341s8cKezXe8C99QAtDJi5hQtvi/lCpuaxF2W6bK/Ls a0wg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d20si13461266edr.177.2020.06.24.05.34.32; Wed, 24 Jun 2020 05:34:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390448AbgFXMd7 (ORCPT + 99 others); Wed, 24 Jun 2020 08:33:59 -0400 Received: from mail-qt1-f196.google.com ([209.85.160.196]:43251 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388761AbgFXMdz (ORCPT ); Wed, 24 Jun 2020 08:33:55 -0400 Received: by mail-qt1-f196.google.com with SMTP id v19so1464870qtq.10; Wed, 24 Jun 2020 05:33:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=8sHQzOYVDYH3ZNMAFgn6qFPgIIglqtoHHBWYdYcv8aA=; b=syuE55D0mXEdb/fxaAmKcNrq0ep91sscASWL5UeF055ScIwGCOWrHKh0oBZjhqqPgI WlSsuDqxkM5y9Z1Q9GXxD38eHuNDOGHncTvW+ZoEFXakXdM/j0/0LyvuXJoJHFk472cu iwmA6dJI9WChsd2TzgeQZKEAi+3rn4x4zNBFbSnZziFnoVvde/Vlgds60tFIKsS3/oUh H/H3lurQElJ0Qvtl5t/9LgM8XPD2e/AfcHR8KB3rOnd66GuyiyxsFjQTMv/7DQIEjilf jJy4hhDyqz6C82vqQa38ZeuwGFvK8/Lfnonmk50XMd1Zp0yebpbZAQf8qJ1PJZYCwQmU 7aPw== X-Gm-Message-State: AOAM531XMax1JvIBWITwoI+h5642Tvk1AIKqU/Jh6B33FYoKXITQChAd r74x4zZamnkg7xc1gSC7Cew= X-Received: by 2002:ac8:22e5:: with SMTP id g34mr27227271qta.227.1593002033880; Wed, 24 Jun 2020 05:33:53 -0700 (PDT) Received: from localhost.localdomain ([185.248.161.177]) by smtp.gmail.com with ESMTPSA id x26sm3354512qtr.4.2020.06.24.05.33.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jun 2020 05:33:53 -0700 (PDT) From: Alexander Popov To: Kees Cook , Jann Horn , Emese Revfy , Miguel Ojeda , Masahiro Yamada , Michal Marek , Andrew Morton , Masahiro Yamada , Thiago Jung Bauermann , Luis Chamberlain , Jessica Yu , Sven Schnelle , Iurii Zaikin , Catalin Marinas , Will Deacon , Vincenzo Frascino , Thomas Gleixner , Peter Collingbourne , Naohiro Aota , Alexander Monakov , Mathias Krause , PaX Team , Brad Spengler , Laura Abbott , Florian Weimer , Alexander Popov , kernel-hardening@lists.openwall.com, linux-kbuild@vger.kernel.org, x86@kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, gcc@gcc.gnu.org Cc: notify@kernel.org Subject: [PATCH v2 0/5] Improvements of the stackleak gcc plugin Date: Wed, 24 Jun 2020 15:33:25 +0300 Message-Id: <20200624123330.83226-1-alex.popov@linux.com> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is the v2 of the patch series with various improvements of the stackleak gcc plugin. The first three patches disable unneeded gcc plugin instrumentation for some files. The fourth patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation performed by stackleak gcc plugin. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The final patch adds 'verbose' stackleak parameter for printing additional info about the kernel code instrumentation during kernel building. I would like to thank Alexander Monakov for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Changes from v1: - rebase onto 5.8.0-rc2; - don't exclude alloca() from the instrumentation logic, because it will be used in kernel stack offset randomization; - reorder patches in the series; - don't use gcc plugins for building vgettimeofday.c in arm and arm64 vDSO; - follow alphabetic order in include/linux/compiler_attributes.h. Link to v1: https://lore.kernel.org/lkml/20200604134957.505389-1-alex.popov@linux.com/ Alexander Popov (5): gcc-plugins/stackleak: Don't instrument itself ARM: vdso: Don't use gcc plugins for building vgettimeofday.c arm64: vdso: Don't use gcc plugins for building vgettimeofday.c gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter arch/arm/vdso/Makefile | 2 +- arch/arm64/kernel/vdso/Makefile | 2 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 248 +++++++++++++++++++++---- 7 files changed, 239 insertions(+), 45 deletions(-) -- 2.25.4