From: Kees Cook <keescook@chromium.org>
To: Will Deacon <will@kernel.org>
Cc: Alexander Popov <alex.popov@linux.com>,
Emese Revfy <re.emese@gmail.com>,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
Andrew Morton <akpm@linux-foundation.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Jessica Yu <jeyu@kernel.org>,
Sven Schnelle <svens@stackframe.org>,
Iurii Zaikin <yzaikin@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Collingbourne <pcc@google.com>,
Naohiro Aota <naohiro.aota@wdc.com>,
Alexander Monakov <amonakov@ispras.ru>,
Mathias Krause <minipli@googlemail.com>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Laura Abbott <labbott@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
kernel-hardening@lists.openwall.com,
linux-kbuild@vger.kernel.org, x86@kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, gcc@gcc.gnu.org, notify@kernel.org
Subject: Re: [PATCH 5/5] gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO
Date: Tue, 9 Jun 2020 12:09:27 -0700 [thread overview]
Message-ID: <202006091149.6C78419@keescook> (raw)
In-Reply-To: <20200604135806.GA3170@willie-the-truck>
On Thu, Jun 04, 2020 at 02:58:06PM +0100, Will Deacon wrote:
> On Thu, Jun 04, 2020 at 04:49:57PM +0300, Alexander Popov wrote:
> > Don't try instrumenting functions in arch/arm64/kernel/vdso/vgettimeofday.c.
> > Otherwise that can cause issues if the cleanup pass of stackleak gcc plugin
> > is disabled.
> >
> > Signed-off-by: Alexander Popov <alex.popov@linux.com>
> > ---
> > arch/arm64/kernel/vdso/Makefile | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
> > index 3862cad2410c..9b84cafbd2da 100644
> > --- a/arch/arm64/kernel/vdso/Makefile
> > +++ b/arch/arm64/kernel/vdso/Makefile
> > @@ -32,7 +32,8 @@ UBSAN_SANITIZE := n
> > OBJECT_FILES_NON_STANDARD := y
> > KCOV_INSTRUMENT := n
> >
> > -CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables
> > +CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables \
> > + $(DISABLE_STACKLEAK_PLUGIN)
>
> I can pick this one up via arm64, thanks. Are there any other plugins we
> should be wary of? It looks like x86 filters out $(GCC_PLUGINS_CFLAGS)
> when building the vDSO.
I didn't realize/remember that arm64 retained the kernel build flags for
vDSO builds. (I'm used to x86 throwing all its flags away for its vDSO.)
How does 32-bit ARM do its vDSO?
My quick run-through on plugins:
arm_ssp_per_task_plugin.c
32-bit ARM only (but likely needs disabling for 32-bit ARM vDSO?)
cyc_complexity_plugin.c
compile-time reporting only
latent_entropy_plugin.c
this shouldn't get triggered for the vDSO (no __latent_entropy
nor __init attributes in vDSO), but perhaps explicitly disabling
it would be a sensible thing to do, just for robustness?
randomize_layout_plugin.c
this shouldn't get triggered (again, lacking attributes), but
should likely be disabled too.
sancov_plugin.c
This should be tracking the KCOV directly (see
scripts/Makefile.kcov), which is already disabled here.
structleak_plugin.c
This should be fine in the vDSO, but there's not security
boundary here, so it wouldn't be important to KEEP it enabled.
--
Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Kees Cook <keescook@chromium.org>
To: Will Deacon <will@kernel.org>
Cc: kernel-hardening@lists.openwall.com,
Catalin Marinas <catalin.marinas@arm.com>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Sven Schnelle <svens@stackframe.org>,
Naohiro Aota <naohiro.aota@wdc.com>,
Masahiro Yamada <masahiroy@kernel.org>,
x86@kernel.org, Emese Revfy <re.emese@gmail.com>,
Iurii Zaikin <yzaikin@google.com>,
PaX Team <pageexec@freemail.hu>,
Laura Abbott <labbott@redhat.com>,
Mathias Krause <minipli@googlemail.com>,
Alexander Popov <alex.popov@linux.com>,
linux-kbuild@vger.kernel.org,
Alexander Monakov <amonakov@ispras.ru>,
Michal Marek <michal.lkml@markovi.net>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Collingbourne <pcc@google.com>,
linux-arm-kernel@lists.infradead.org, notify@kernel.org,
Florian Weimer <fweimer@redhat.com>,
gcc@gcc.gnu.org, Brad Spengler <spender@grsecurity.net>,
linux-kernel@vger.kernel.org,
Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Jessica Yu <jeyu@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Thiago Jung Bauermann <bauerman@linux.ibm.com>
Subject: Re: [PATCH 5/5] gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO
Date: Tue, 9 Jun 2020 12:09:27 -0700 [thread overview]
Message-ID: <202006091149.6C78419@keescook> (raw)
In-Reply-To: <20200604135806.GA3170@willie-the-truck>
On Thu, Jun 04, 2020 at 02:58:06PM +0100, Will Deacon wrote:
> On Thu, Jun 04, 2020 at 04:49:57PM +0300, Alexander Popov wrote:
> > Don't try instrumenting functions in arch/arm64/kernel/vdso/vgettimeofday.c.
> > Otherwise that can cause issues if the cleanup pass of stackleak gcc plugin
> > is disabled.
> >
> > Signed-off-by: Alexander Popov <alex.popov@linux.com>
> > ---
> > arch/arm64/kernel/vdso/Makefile | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile
> > index 3862cad2410c..9b84cafbd2da 100644
> > --- a/arch/arm64/kernel/vdso/Makefile
> > +++ b/arch/arm64/kernel/vdso/Makefile
> > @@ -32,7 +32,8 @@ UBSAN_SANITIZE := n
> > OBJECT_FILES_NON_STANDARD := y
> > KCOV_INSTRUMENT := n
> >
> > -CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables
> > +CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables \
> > + $(DISABLE_STACKLEAK_PLUGIN)
>
> I can pick this one up via arm64, thanks. Are there any other plugins we
> should be wary of? It looks like x86 filters out $(GCC_PLUGINS_CFLAGS)
> when building the vDSO.
I didn't realize/remember that arm64 retained the kernel build flags for
vDSO builds. (I'm used to x86 throwing all its flags away for its vDSO.)
How does 32-bit ARM do its vDSO?
My quick run-through on plugins:
arm_ssp_per_task_plugin.c
32-bit ARM only (but likely needs disabling for 32-bit ARM vDSO?)
cyc_complexity_plugin.c
compile-time reporting only
latent_entropy_plugin.c
this shouldn't get triggered for the vDSO (no __latent_entropy
nor __init attributes in vDSO), but perhaps explicitly disabling
it would be a sensible thing to do, just for robustness?
randomize_layout_plugin.c
this shouldn't get triggered (again, lacking attributes), but
should likely be disabled too.
sancov_plugin.c
This should be tracking the KCOV directly (see
scripts/Makefile.kcov), which is already disabled here.
structleak_plugin.c
This should be fine in the vDSO, but there's not security
boundary here, so it wouldn't be important to KEEP it enabled.
--
Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-06-09 19:09 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-04 13:49 [PATCH 0/5] Improvements of the stackleak gcc plugin Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-04 13:49 ` [PATCH 1/5] gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-04 14:01 ` Jann Horn
2020-06-04 14:01 ` Jann Horn
2020-06-04 15:23 ` Alexander Popov
2020-06-04 15:23 ` Alexander Popov
2020-06-09 18:39 ` Kees Cook
2020-06-09 18:39 ` Kees Cook
2020-06-10 15:24 ` Alexander Popov
2020-06-10 15:24 ` Alexander Popov
2020-06-04 13:49 ` [PATCH 2/5] gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-04 15:05 ` Miguel Ojeda
2020-06-04 15:05 ` Miguel Ojeda
2020-06-09 18:46 ` Kees Cook
2020-06-09 18:46 ` Kees Cook
2020-06-10 15:47 ` Alexander Popov
2020-06-10 15:47 ` Alexander Popov
2020-06-10 20:03 ` Kees Cook
2020-06-10 20:03 ` Kees Cook
2020-06-11 23:45 ` Alexander Popov
2020-06-11 23:45 ` Alexander Popov
2020-06-04 13:49 ` [PATCH 3/5] gcc-plugins/stackleak: Add 'verbose' plugin parameter Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-09 18:47 ` Kees Cook
2020-06-09 18:47 ` Kees Cook
2020-06-10 15:52 ` Alexander Popov
2020-06-10 15:52 ` Alexander Popov
2020-06-10 20:04 ` Kees Cook
2020-06-10 20:04 ` Kees Cook
2020-06-04 13:49 ` [PATCH 4/5] gcc-plugins/stackleak: Don't instrument itself Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-09 18:48 ` Kees Cook
2020-06-09 18:48 ` Kees Cook
2020-06-04 13:49 ` [PATCH 5/5] gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO Alexander Popov
2020-06-04 13:49 ` Alexander Popov
2020-06-04 13:58 ` Will Deacon
2020-06-04 13:58 ` Will Deacon
2020-06-04 14:14 ` Jann Horn
2020-06-04 14:14 ` Jann Horn
2020-06-04 14:20 ` Alexander Popov
2020-06-04 14:20 ` Alexander Popov
2020-06-04 14:25 ` Jann Horn
2020-06-04 14:25 ` Jann Horn
2020-06-04 14:44 ` Alexander Popov
2020-06-04 14:44 ` Alexander Popov
2020-06-09 19:09 ` Kees Cook [this message]
2020-06-09 19:09 ` Kees Cook
2020-06-10 7:30 ` Will Deacon
2020-06-10 7:30 ` Will Deacon
2020-06-10 15:18 ` Alexander Popov
2020-06-10 15:18 ` Alexander Popov
2020-06-23 10:16 ` Alexander Popov
2020-06-04 21:39 ` [PATCH 0/5] Improvements of the stackleak gcc plugin Kees Cook
2020-06-04 21:39 ` Kees Cook
2020-06-09 19:15 ` Kees Cook
2020-06-09 19:15 ` Kees Cook
2020-06-10 15:14 ` Alexander Popov
2020-06-10 15:14 ` Alexander Popov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202006091149.6C78419@keescook \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=alex.popov@linux.com \
--cc=amonakov@ispras.ru \
--cc=bauerman@linux.ibm.com \
--cc=catalin.marinas@arm.com \
--cc=fweimer@redhat.com \
--cc=gcc@gcc.gnu.org \
--cc=jeyu@kernel.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=miguel.ojeda.sandonis@gmail.com \
--cc=minipli@googlemail.com \
--cc=naohiro.aota@wdc.com \
--cc=notify@kernel.org \
--cc=pageexec@freemail.hu \
--cc=pcc@google.com \
--cc=re.emese@gmail.com \
--cc=spender@grsecurity.net \
--cc=svens@stackframe.org \
--cc=tglx@linutronix.de \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=yamada.masahiro@socionext.com \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.