From: Alexander Popov <alex.popov@linux.com>
To: Laura Abbott <labbott@redhat.com>,
kernel-hardening@lists.openwall.com,
Kees Cook <keescook@chromium.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Ingo Molnar <mingo@kernel.org>, Andy Lutomirski <luto@kernel.org>,
Tycho Andersen <tycho@tycho.ws>,
Mark Rutland <mark.rutland@arm.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
x86@kernel.org, "Tobin C. Harding" <me@tobin.cc>
Subject: [kernel-hardening] Re: [PATCH RFC v6 5/6] fs/proc: Show STACKLEAK metrics in the /proc file system
Date: Thu, 7 Dec 2017 10:09:27 +0300 [thread overview]
Message-ID: <5fb044ec-cf1e-6281-01a9-c845b738914e@linux.com> (raw)
In-Reply-To: <f7c64050-bbb6-be37-ec09-cb757bad116a@redhat.com>
Hello Laura and Kees,
[adding Tobin C. Harding]
On 06.12.2017 22:22, Laura Abbott wrote:
> On 12/05/2017 03:33 PM, Alexander Popov wrote:
>> Introduce CONFIG_STACKLEAK_METRICS providing STACKLEAK information about
>> tasks via the /proc file system. In particular, /proc/<pid>/lowest_stack
>> shows the current lowest_stack value and its final value from the previous
>> syscall. That information can be useful for estimating the STACKLEAK
>> performance impact for different workloads.
>>
>> Signed-off-by: Alexander Popov <alex.popov@linux.com>
>> ---
>> arch/Kconfig | 11 +++++++++++
>> arch/x86/entry/entry_32.S | 4 ++++
>> arch/x86/entry/entry_64.S | 4 ++++
>> arch/x86/include/asm/processor.h | 3 +++
>> arch/x86/kernel/asm-offsets.c | 3 +++
>> arch/x86/kernel/process_32.c | 3 +++
>> arch/x86/kernel/process_64.c | 3 +++
>> fs/proc/base.c | 14 ++++++++++++++
>> 8 files changed, 45 insertions(+)
[...]
>> +#ifdef CONFIG_STACKLEAK_METRICS
>> +static int proc_lowest_stack(struct seq_file *m, struct pid_namespace *ns,
>> + struct pid *pid, struct task_struct *task)
>> +{
>> + seq_printf(m, "prev_lowest_stack: %pK\nlowest_stack: %pK\n",
>> + (void *)task->thread.prev_lowest_stack,
>> + (void *)task->thread.lowest_stack);
>> + return 0;
>> +}
>> +#endif /* CONFIG_STACKLEAK_METRICS */
>> +
>
> This just prints the hashed value with the new pointer leak work.
> I don't think we want to print the fully exposed value via %px so
> it's not clear how valuable this proc file is now.
Yes, I tested that before sending the patch. I was confused when I saw the
hashed values. But setting kptr_restrict to 1 fixed that for me:
root@hobbit:~# cat /proc/2627/lowest_stack
prev_lowest_stack: 00000000ed8ca991
lowest_stack: 0000000040579d76
root@hobbit:~# echo 1 > /proc/sys/kernel/kptr_restrict
root@hobbit:~# cat /proc/2627/lowest_stack
prev_lowest_stack: ffffc9000094fdb8
lowest_stack: ffffc9000094f9e0
However, Documentation/printk-formats.txt and Documentation/sysctl/kernel.txt
don't specify that behaviour.
Best regards,
Alexander
next prev parent reply other threads:[~2017-12-07 7:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-05 23:33 [kernel-hardening] [PATCH RFC v6 0/6] Introduce the STACKLEAK feature and a test for it Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 1/6] x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls Alexander Popov
2017-12-08 11:44 ` [kernel-hardening] " Peter Zijlstra
2017-12-08 21:54 ` Alexander Popov
2017-12-11 9:26 ` Peter Zijlstra
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 2/6] gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack Alexander Popov
2017-12-06 18:57 ` [kernel-hardening] " Laura Abbott
2017-12-07 23:05 ` Alexander Popov
2017-12-12 0:09 ` [kernel-hardening] " Dmitry V. Levin
2017-12-15 15:28 ` Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 3/6] x86/entry: Erase kernel stack in syscall_trace_enter() Alexander Popov
2017-12-06 21:12 ` Dmitry V. Levin
2017-12-11 22:38 ` Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 4/6] lkdtm: Add a test for STACKLEAK Alexander Popov
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 5/6] fs/proc: Show STACKLEAK metrics in the /proc file system Alexander Popov
2017-12-06 19:22 ` [kernel-hardening] " Laura Abbott
2017-12-06 20:40 ` Kees Cook
2017-12-06 23:06 ` Laura Abbott
2017-12-07 22:58 ` Alexander Popov
2017-12-07 7:09 ` Alexander Popov [this message]
2017-12-07 20:47 ` Tobin C. Harding
2017-12-05 23:33 ` [kernel-hardening] [PATCH RFC v6 6/6] doc: self-protection: Add information about STACKLEAK feature Alexander Popov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5fb044ec-cf1e-6281-01a9-c845b738914e@linux.com \
--to=alex.popov@linux.com \
--cc=a.p.zijlstra@chello.nl \
--cc=ard.biesheuvel@linaro.org \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=labbott@redhat.com \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=me@tobin.cc \
--cc=mingo@kernel.org \
--cc=pageexec@freemail.hu \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=tycho@tycho.ws \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.