| Message ID | 20200604134957.505389-1-alex.popov@linux.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Improvements of the stackleak gcc plugin | expand |
On Thu, Jun 04, 2020 at 04:49:52PM +0300, Alexander Popov wrote: > In this patch series I collected various improvements of the stackleak > gcc plugin. Great; thank you! I'll take a closer look at this shortly!
On Thu, Jun 04, 2020 at 04:49:52PM +0300, Alexander Popov wrote: > In this patch series I collected various improvements of the stackleak > gcc plugin. Thanks! > Alexander Popov (5): > gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic > gcc-plugins/stackleak: Use asm instrumentation to avoid useless > register saving These look like they might need tweaks (noted in their separate replies). > gcc-plugins/stackleak: Add 'verbose' plugin parameter > gcc-plugins/stackleak: Don't instrument itself If you wanted to reorder the series and move these first, I could take these into my tree right away (they're logically separate from the other fixes). > gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO This seems good -- though I'm curious about 32-bit ARM and the other HAVE_GCC_PLUGINS architectures with vDSOs (which appears to be all of them except um).
On 09.06.2020 22:15, Kees Cook wrote: > On Thu, Jun 04, 2020 at 04:49:52PM +0300, Alexander Popov wrote: >> In this patch series I collected various improvements of the stackleak >> gcc plugin. > > Thanks! > >> Alexander Popov (5): >> gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic >> gcc-plugins/stackleak: Use asm instrumentation to avoid useless >> register saving > > These look like they might need tweaks (noted in their separate > replies). Thanks for the review, Kees. >> gcc-plugins/stackleak: Add 'verbose' plugin parameter >> gcc-plugins/stackleak: Don't instrument itself > > If you wanted to reorder the series and move these first, I could take > these into my tree right away (they're logically separate from the other > fixes). Ok, I will put "don't instrument itself" at the beginning of v2. The patch adding 'verbose' plugin parameter depends on the previous patches, so I will not move it. >> gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO > > This seems good -- though I'm curious about 32-bit ARM and the other > HAVE_GCC_PLUGINS architectures with vDSOs (which appears to be all of > them except um). (going to reply in a separate email) Best regards, Alexander
In this patch series I collected various improvements of the stackleak gcc plugin. The first patch excludes alloca() from the stackleak instrumentation logic to make it simpler. The second patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The third patch adds 'verbose' plugin parameter for printing additional info about the kernel code instrumentation. Two other patches disable unneeded stackleak instrumentation for some files. I would like to thank Alexander Monakov <amonakov@ispras.ru> for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Alexander Popov (5): gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter gcc-plugins/stackleak: Don't instrument itself gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO arch/arm64/kernel/vdso/Makefile | 3 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 260 ++++++++++++++++++++----- 6 files changed, 232 insertions(+), 63 deletions(-)