Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp348733rwb; Thu, 6 Oct 2022 20:01:52 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4KM6rS/WkTg7k99AmfTDcCnnf55vtoKDGgfTMfJFpN6tTdhMNwelOQmiCe/CuTlwh4vwNK X-Received: by 2002:a17:907:a0c7:b0:787:f13b:5533 with SMTP id hw7-20020a170907a0c700b00787f13b5533mr2342040ejc.50.1665111711773; Thu, 06 Oct 2022 20:01:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665111711; cv=none; d=google.com; s=arc-20160816; b=X+zAhq+KXAIQ077oIXPLtEqe+Gpx5N1AvH6xrLJikTDndMa2RPrrf+Qz/s8cG2AbiB r/MtOIgUlnEJ/NckYHVQ/AEL2oO8g5ViMJtuT8iyI+41KSWrBfvuNOpNNep+flhHfsIj 9jNdBeoFWBdRkC/ggPOMNvnpeXF2oifXeKe1obdjooV3yEtvGZzJACygmP8fgLeqXS63 mTMJ8bNhecgXAUdEN2QnK9uHYJ/L4GA1iOWebQNd9EI4LTeTimeJcIxEwpBKl2VThnFH uESt+kHf6plaTLjOYXDpjhyOtD7aICVwkGurm5GH/xRS8p8/SIC+rc8J4ubw/RgMahTf Wyog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:to:from:cc:in-reply-to:subject:date:dkim-signature; bh=9oXX1ToddAdjCT7RrejoF1gtgX9gXH4OgxAoTE01pKk=; b=jLhW8wnFKKgdfPDXW5qdZy9OJ6KbGqlIr8BvVS41PJgKdGcq/0xu1nyjgtlgytUmyp CP+DutP4I4PlZX2If5bl8Uq24DAM9+Wi71jrQ4o7evP0ikkK12IB3a6OF2xja0V1G1/i fhT9eHz6ndCq7lXLcIsym9j2864sAj4khxyH3WpL8whGecDohUj24TzbPoxwgVvT+RZ5 IMgXH24936TULw2E5Bbd09jcyjyEBUGzim/2pPJy/l7wiJJuJeL5VTXwDvrvFKE8BhcZ J6OVCqhEIdoBvHqMApE3Ki2pCR8CLwuqlTMk4xJ3Uh683fqzAHxjm8tiH1H8w0psRQo4 Md/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dabbelt-com.20210112.gappssmtp.com header.s=20210112 header.b="CoIUIlp/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s2-20020a056402036200b004590cba55fbsi820512edw.397.2022.10.06.20.01.24; Thu, 06 Oct 2022 20:01:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@dabbelt-com.20210112.gappssmtp.com header.s=20210112 header.b="CoIUIlp/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232071AbiJGCbG (ORCPT + 99 others); Thu, 6 Oct 2022 22:31:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231589AbiJGCbE (ORCPT ); Thu, 6 Oct 2022 22:31:04 -0400 Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E08EC4C00 for ; Thu, 6 Oct 2022 19:31:02 -0700 (PDT) Received: by mail-pj1-x1033.google.com with SMTP id fw14so3262039pjb.3 for ; Thu, 06 Oct 2022 19:31:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dabbelt-com.20210112.gappssmtp.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:to:from:cc :in-reply-to:subject:date:from:to:cc:subject:date:message-id :reply-to; bh=9oXX1ToddAdjCT7RrejoF1gtgX9gXH4OgxAoTE01pKk=; b=CoIUIlp/l30nI9b/o2YjTZvVwciHUnvYi5SK6ywag4/a/mcM6KppbWz3KG3F4//vFl bMqA96n9dGXj+ileOiyC3XdJ68h6UoSjqU1idAlEXpkIchHHXywDqsIilE6dXFxDNARW NtBLKvxwl4fxQfXNrre7UJChNy6Vo3bE4ijrP3epqwzH/YL+htGdUQOR96BxodrCR6KT 2al3u4KWt/1aPXEAVWZlplrfopo19Tgye9BhgGJO/02xU5IU1lGy0sQR1+uWJ3xx/ysr 2wfcfGs4Gp4y2Rb8LNxGCkrhQNTDlj3PSjiC8+7t3cjcArXERmYuC/zhL0RuJOgLcqLO TinA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:to:from:cc :in-reply-to:subject:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9oXX1ToddAdjCT7RrejoF1gtgX9gXH4OgxAoTE01pKk=; b=K2tOfoJXsM397vNN5XEKoDnF+SLyazXXBavkm7AG6siOd2LqlLoYVtMQaqMiqIisyh 9IsBNYM3F/lbzENrPYxlGJciSseCLeLvFq4BS/EhcpXsMt3rVmMeHQrZnh0axWhFu3ak spiCXLso+gozFdlNn2sqC3uVjQfX9NWmg54xGvRQNVOVNpUXKhhP8ZqPAhgpQFMkEKC9 2AbsrT8ZsznpOrDlNZEOZ+zyIlAC6BxXxraSPCFRRbK3IfqZmCewM8VxGbZny3nOAg2K DpUZsQ0Hwvmm4oQmsGyUxdMMpHsAF3RPKD0EUermvEwHMX/QP5O1fe2fNTZwvPyTfwHZ j+vw== X-Gm-Message-State: ACrzQf0hnxsfFxij5BD1zJA6nddjyCsmQkksFwq46D/Te+m0y7umcUCQ Dtd7FUDr5jdSYwI4S8fDZq1l2A== X-Received: by 2002:a17:902:c950:b0:178:4544:55c1 with SMTP id i16-20020a170902c95000b00178454455c1mr2537890pla.168.1665109862049; Thu, 06 Oct 2022 19:31:02 -0700 (PDT) Received: from localhost (76-210-143-223.lightspeed.sntcca.sbcglobal.net. [76.210.143.223]) by smtp.gmail.com with ESMTPSA id p8-20020a170902780800b001743ba85d39sm318593pll.110.2022.10.06.19.31.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Oct 2022 19:31:01 -0700 (PDT) Date: Thu, 06 Oct 2022 19:31:01 -0700 (PDT) X-Google-Original-Date: Thu, 06 Oct 2022 19:30:58 PDT (-0700) Subject: Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls In-Reply-To: <6c48657c-04df-132d-6167-49ed293dea44@microchip.com> CC: guoren@kernel.org, oleg@redhat.com, vgupta@kernel.org, linux@armlinux.org.uk, monstr@monstr.eu, dinguyen@kernel.org, davem@davemloft.net, Arnd Bergmann , shorne@gmail.com, Paul Walmsley , aou@eecs.berkeley.edu, ardb@kernel.org, heiko@sntech.de, daolu@rivosinc.com, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, linux-arm-kernel@lists.infradead.org, linux-snps-arc@lists.infradead.org, sparclinux@vger.kernel.org, openrisc@lists.librecores.org, xianting.tian@linux.alibaba.com, linux-efi@vger.kernel.org From: Palmer Dabbelt To: Conor.Dooley@microchip.com Message-ID: Mime-Version: 1.0 (MHng) Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@microchip.com wrote: > On 03/09/2022 17:23, guoren@kernel.org wrote: >> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe >> >> From: Xianting Tian >> >> This adds support for the STACKLEAK gcc plugin to RISC-V and disables >> the plugin in EFI stub code, which is out of scope for the protection. >> >> For the benefits of STACKLEAK feature, please check the commit >> afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls") >> >> Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem) >> hackbench -s 512 -l 200 -g 15 -f 25 -P >> 2.0% slowdown >> >> Signed-off-by: Xianting Tian > > What changed since Xianting posted it himself a week ago: > https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@linux.alibaba.com/ > > There's an older patch from Du Lao adding STACKLEAK too: > https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@rivosinc.com/ > > But since there's been no activity there since June... Looks like the only issues were some commit log wording stuff, and that there's a test suite that should be run. It's not clear from the commits that anyone has done that, I'm fine with the patch if it passes the tests but don't really know how to run them. Has anyone run the tests? > >> --- >> arch/riscv/Kconfig | 1 + >> arch/riscv/include/asm/processor.h | 4 ++++ >> arch/riscv/kernel/entry.S | 3 +++ >> drivers/firmware/efi/libstub/Makefile | 2 +- >> 4 files changed, 9 insertions(+), 1 deletion(-) >> >> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig >> index ed66c31e4655..61fd0dad4463 100644 >> --- a/arch/riscv/Kconfig >> +++ b/arch/riscv/Kconfig >> @@ -85,6 +85,7 @@ config RISCV >> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE >> select HAVE_ARCH_THREAD_STRUCT_WHITELIST >> select HAVE_ARCH_VMAP_STACK if MMU && 64BIT >> + select HAVE_ARCH_STACKLEAK >> select HAVE_ASM_MODVERSIONS >> select HAVE_CONTEXT_TRACKING_USER >> select HAVE_DEBUG_KMEMLEAK >> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile >> index d0537573501e..5e1fc4f82883 100644 >> --- a/drivers/firmware/efi/libstub/Makefile >> +++ b/drivers/firmware/efi/libstub/Makefile >> @@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ >> -fno-builtin -fpic \ >> $(call cc-option,-mno-single-pic-base) >> cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \ >> - -fpic >> + -fpic $(DISABLE_STACKLEAK_PLUGIN) >> >> cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt >> >> -- >> 2.17.1 >> >> >> _______________________________________________ >> linux-riscv mailing list >> linux-riscv@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-riscv >