From patchwork Fri Apr 6 14:22:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Popov X-Patchwork-Id: 10326775 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 70EE56053F for ; Fri, 6 Apr 2018 14:24:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 60AC32953A for ; Fri, 6 Apr 2018 14:24:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 54C702953E; Fri, 6 Apr 2018 14:24:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1BE362953A for ; Fri, 6 Apr 2018 14:24:08 +0000 (UTC) Received: (qmail 9556 invoked by uid 550); 6 Apr 2018 14:23:24 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 9494 invoked from network); 6 Apr 2018 14:23:21 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=Sn35T9eTXr+h9RyzAiLb9W4JKH6P7wHj47nG+gbXBTE=; b=jxb/EQLRv1EakdRA1ZyX5fnwdjerp77t1Jpmj0w+uVdx5TegFhASJfIHO14y8QkQsF qjR0b7wghNO++FreCFJkpuTcm6aH7imsKA7d/nk2rkFMWn292Van/uP2ob0q1r4RMs/b ccFxu4wxtW5nbPn3dsUt/IoqXdVocVc0HLhXVCUHjHyAN14ZrOnnQ03by8nBt/dL+kZt iBAtZbXj5UUqDAvvtP4L378S+4GwpkqPuWMdktaO7HPjCykb4qJnsvV+qzBEvuXfkp7E XjPHuLQuGHmpva+OJbHJFZH4uTFQoqsnxhWVAd9eFU03aZ52nbKFXjpwLKZcpkGI8z/R rg/g== X-Gm-Message-State: ALQs6tB4TzasOu1DRLlQzHtrgv/NtSfCAi5LfGsGVEEIJwJCnBFWwTIo 0bWNL6rqxqV+4KNyJQehQGf52y0KOkA= X-Google-Smtp-Source: AIpwx4//QS3OfcyBOCGyyw+Old2CxQDQeKxqMC2FHsQnJMWilCFak1EQw5Ee67n3fg4PU4brgnifSA== X-Received: by 2002:a19:1619:: with SMTP id m25-v6mr16945414lfi.17.1523024590096; Fri, 06 Apr 2018 07:23:10 -0700 (PDT) From: Alexander Popov To: kernel-hardening@lists.openwall.com, Kees Cook , PaX Team , Brad Spengler , Ingo Molnar , Andy Lutomirski , Tycho Andersen , Laura Abbott , Mark Rutland , Ard Biesheuvel , Borislav Petkov , Richard Sandiford , Thomas Gleixner , "H . Peter Anvin" , Peter Zijlstra , "Dmitry V . Levin" , Emese Revfy , Jonathan Corbet , Andrey Ryabinin , "Kirill A . Shutemov" , Thomas Garnier , Andrew Morton , Alexei Starovoitov , Josef Bacik , Masami Hiramatsu , Nicholas Piggin , Al Viro , "David S . Miller" , Ding Tianhong , David Woodhouse , Josh Poimboeuf , Steven Rostedt , Dominik Brodowski , Juergen Gross , Linus Torvalds , Greg Kroah-Hartman , Dan Williams , Dave Hansen , Mathias Krause , Vikas Shivappa , Kyle Huey , Dmitry Safonov , Will Deacon , Arnd Bergmann , Florian Weimer , Boris Lukashev , x86@kernel.org, linux-kernel@vger.kernel.org, alex.popov@linux.com Subject: [PATCH v11 5/6] fs/proc: Show STACKLEAK metrics in the /proc file system Date: Fri, 6 Apr 2018 17:22:25 +0300 Message-Id: <1523024546-6150-6-git-send-email-alex.popov@linux.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1523024546-6150-1-git-send-email-alex.popov@linux.com> References: <1523024546-6150-1-git-send-email-alex.popov@linux.com> X-Virus-Scanned: ClamAV using ClamSMTP Introduce CONFIG_STACKLEAK_METRICS providing STACKLEAK information about tasks via the /proc file system. In particular, /proc//stack_depth shows the maximum kernel stack consumption for the current and previous syscalls. Although this information is not precise, it can be useful for estimating the STACKLEAK performance impact for your workloads. Signed-off-by: Alexander Popov --- arch/Kconfig | 12 ++++++++++++ arch/x86/entry/erase.c | 4 ++++ arch/x86/include/asm/processor.h | 3 +++ arch/x86/kernel/process_32.c | 3 +++ arch/x86/kernel/process_64.c | 3 +++ fs/proc/base.c | 18 ++++++++++++++++++ 6 files changed, 43 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index a4a8fba..42ebfb9 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -572,6 +572,18 @@ config STACKLEAK_TRACK_MIN_SIZE frame size greater than or equal to this parameter. If unsure, leave the default value 100. +config STACKLEAK_METRICS + bool "Show STACKLEAK metrics in the /proc file system" + depends on GCC_PLUGIN_STACKLEAK + depends on PROC_FS + help + If this is set, STACKLEAK metrics for every task are available in + the /proc file system. In particular, /proc//stack_depth + shows the maximum kernel stack consumption for the current and + previous syscalls. Although this information is not precise, it + can be useful for estimating the STACKLEAK performance impact for + your workloads. + config HAVE_CC_STACKPROTECTOR bool help diff --git a/arch/x86/entry/erase.c b/arch/x86/entry/erase.c index 4892335..be09cc6 100644 --- a/arch/x86/entry/erase.c +++ b/arch/x86/entry/erase.c @@ -32,6 +32,10 @@ asmlinkage void erase_kstack(void) if (p == boundary) p += sizeof(unsigned long); +#ifdef CONFIG_STACKLEAK_METRICS + current->thread.prev_lowest_stack = p; +#endif + /* * So let's write the poison value to the kernel stack. * Start from the address in p and move up till the new boundary. diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 0c87813..bca1074 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -496,6 +496,9 @@ struct thread_struct { #ifdef CONFIG_GCC_PLUGIN_STACKLEAK unsigned long lowest_stack; +# ifdef CONFIG_STACKLEAK_METRICS + unsigned long prev_lowest_stack; +# endif #endif unsigned int sig_on_uaccess_err:1; diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c index 1b0892e..577c104 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -139,6 +139,9 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, #ifdef CONFIG_GCC_PLUGIN_STACKLEAK p->thread.lowest_stack = (unsigned long)task_stack_page(p) + sizeof(unsigned long); +# ifdef CONFIG_STACKLEAK_METRICS + p->thread.prev_lowest_stack = p->thread.lowest_stack; +# endif #endif if (unlikely(p->flags & PF_KTHREAD)) { diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c index 82122af..7a82f0d 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -284,6 +284,9 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, #ifdef CONFIG_GCC_PLUGIN_STACKLEAK p->thread.lowest_stack = (unsigned long)task_stack_page(p) + sizeof(unsigned long); +# ifdef CONFIG_STACKLEAK_METRICS + p->thread.prev_lowest_stack = p->thread.lowest_stack; +# endif #endif savesegment(gs, p->thread.gsindex); diff --git a/fs/proc/base.c b/fs/proc/base.c index 9298324..6a7f9bd 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2914,6 +2914,21 @@ static int proc_pid_patch_state(struct seq_file *m, struct pid_namespace *ns, } #endif /* CONFIG_LIVEPATCH */ +#ifdef CONFIG_STACKLEAK_METRICS +static int proc_stack_depth(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) +{ + unsigned long prev_depth = THREAD_SIZE - + (task->thread.prev_lowest_stack & (THREAD_SIZE - 1)); + unsigned long depth = THREAD_SIZE - + (task->thread.lowest_stack & (THREAD_SIZE - 1)); + + seq_printf(m, "previous stack depth: %lu\nstack depth: %lu\n", + prev_depth, depth); + return 0; +} +#endif /* CONFIG_STACKLEAK_METRICS */ + /* * Thread groups */ @@ -3018,6 +3033,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_LIVEPATCH ONE("patch_state", S_IRUSR, proc_pid_patch_state), #endif +#ifdef CONFIG_STACKLEAK_METRICS + ONE("stack_depth", S_IRUGO, proc_stack_depth), +#endif }; static int proc_tgid_base_readdir(struct file *file, struct dir_context *ctx)