From: Laura Abbott <labbott@redhat.com>
To: Kees Cook <keescook@chromium.org>, kernel-hardening@lists.openwall.com
Cc: linux-kernel@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Emese Revfy <re.emese@gmail.com>,
Josh Triplett <josh@joshtriplett.org>,
pageexec@freemail.hu, spender@grsecurity.net, mmarek@suse.com,
yamada.masahiro@socionext.com, linux-kbuild@vger.kernel.org,
minipli@ld-linux.so, linux@armlinux.org.uk,
catalin.marinas@arm.com, linux@rasmusvillemoes.dk,
david.brown@linaro.org, benh@kernel.crashing.org,
tglx@linutronix.de, akpm@linux-foundation.org,
jlayton@poochiereds.net, sam@ravnborg.org
Subject: [kernel-hardening] Re: [PATCH v4 0/4] Introduce the initify gcc plugin
Date: Mon, 19 Dec 2016 10:24:05 -0800 [thread overview]
Message-ID: <2b452e83-d74a-8d41-1f00-1764b2c767f1@redhat.com> (raw)
In-Reply-To: <1481925984-98605-1-git-send-email-keescook@chromium.org>
On 12/16/2016 02:06 PM, Kees Cook wrote:
> Hi,
>
> This is a continuation of Emese Revfy's initify plugin upstreaming. This
> is based on her v3, but updated with various fixes from her github tree.
> Additionally, I split off the printf attribute fixes and sent those
> separately.
>
> This is the initify gcc plugin. The kernel already has a mechanism to
> free up code and data memory that is only used during kernel or module
> initialization. This plugin will teach the compiler to find more such
> code and data that can be freed after initialization. It reduces memory
> usage. The initify gcc plugin can be useful for embedded systems.
>
> Originally it was a CII project supported by the Linux Foundation.
>
> This plugin is the part of grsecurity/PaX.
>
> The plugin supports all gcc versions from 4.5 to 7.0.
>
> Changes on top of the PaX version (since March 6.). These are the important
> ones:
> * move all local strings to init.rodata.str and exit.rodata.str
> (not just __func__)
> * report all initified strings and functions
> (GCC_PLUGIN_INITIFY_VERBOSE config option)
> * automatically discover init/exit functions and apply the __init or
> __exit attributes on them
>
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
>
> This patch set is based on v4.9-rc2.
>
> Some build statistics about the plugin:
>
> On allyes config (amd64, gcc-6):
> * 8412 initified strings
> * 167 initified functions
>
> On allmod config (i386, gcc-6):
> * 8597 initified strings
> * 159 initified functions
>
> On allyes config (amd64, gcc-6):
>
> section vanilla vanilla + initify change
> -----------------------------------------------------------------------
> .rodata 21746728 (0x14bd428) 21488680 (0x147e428) -258048
> .init.data 1338376 (0x146c08) 1683016 (0x19ae48) +344640
> .text 78270904 (0x4aa51b8) 78228280 (0x4a9ab38) -42624
> .init.text 1184725 (0x1213d5) 1223257 (0x12aa59) +38532
> .exit.data 104 (0x000068) 17760 (0x004560) +17656
> .exit.text 174473 (0x02a989) 175763 (0x02ae93) +1290
>
> FileSiz (vanilla) FileSiz (vanilla + initify) change
> ------------------------------------------------------------------------
> 00 102936576 (0x622b000) 102678528 (0x61ec000) -258048
> 03 28680192 (0x1b5a000) 29081600 (0x1bbc000) +401408
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
> .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
> __param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
> .parainstructions .altinstructions .altinstr_replacement
> .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
>
> On defconfig (amd64, gcc-6):
> * 1957 initified strings
> * 29 initified functions
>
> On defconfig (amd64, gcc-6):
>
> section vanilla vanilla + initify change
> -----------------------------------------------------------------------
> .rodata 2524240 (0x268450) 2462800 (0x259450) -61440
> .init.data 560256 (0x088c80) 644000 (0x09d3a0) +83744
> .text 9377367 (0x8f1657) 9373079 (0x8f0597) -4288
> .init.text 438586 (0x06b13a) 441828 (0x06bde4) +3242
> .exit.data 0 832 (0x000340) +832
> .exit.text 8857 (0x002299) 8857 (0x002299) 0
>
> FileSiz (vanilla) FileSiz (vanilla + initify) change
> ------------------------------------------------------------------------
> 00 13398016 (0xcc7000) 13336576 (0xcb8000) -61440
> 03 2203648 (0x21a000) 2293760 (0x230000) +90112
>
> 00 .text .notes __ex_table .rodata __bug_table .pci_fixup .builtin_fw
> .tracedata __ksymtab __ksymtab_gpl __ksymtab_strings __init_rodata
> __param __modver
> 03 .init.text .altinstr_aux .init.data .x86_cpu_dev.init
> .parainstructions .altinstructions .altinstr_replacement
> .iommu_table .apicdrivers .exit.text .exit.data .smp_locks .bss .brk
>
> One thing of note is that this plugin triggers false positive warnings
> from the modpost section mismatch detector. Further work is needed to
> deal with this.
>
>
> Changed from v3:
> * Refresh from Emese's latest version.
>
> Changed from v2:
> * Check all uses when walking a use-def chain.
> * Check all uses of initialized local variables and initify them if they
> have only nocapture uses. Previously only uses in call arguments
> determined whether the initializer value could be initified.
> * Handle the format gcc attribute from the plugin too.
> * Verify nocapture parameters of calls. Track uses of these parameters
> and verify that all uses are not captured. Verify only the nocapture
> attribute (The format attribute should be verified too.).
> * Fixed wrong indexing of function arguments.
> * Fixed decl comparison. When comparing two decls the tree codes must be
> the same.
> * Search capture uses of the return value. Use negative nocapture
> attribute parameter on a function argument to verify that the return
> value is not captured.
> * Stop the search for capture uses if there is a cast to integer type.
> * Removed unnecessary duplication hook.
> * Handle cloned functions with a changed argument list.
> * Check visited tree nodes to avoid an infinite loop.
> * Add a new initify plugin option: enable_init_to_exit_moves. Move a
> function to the exit section if it is called by __init and __exit
> functions too.
> * Added plugin option to disable the search of capture uses in nocapture
> functions. We must be able to disable verification of nocapture
> functions because there is a lot of asm code in the str* and mem*
> functions on i386.
> * Added some more nocapture attributes.
> * Added some more printf attributes.
> * Added some unverified_nocapture attributes.
> * Make is_kernel_rodata() nocapture.
> * Added comment for the nocapture attribute from Kees.
>
> Changes from v1:
> * Removed unnecessary nocapture attributes from boot code
> (Reported-by: PaX Team <pageexec@freemail.hu>)
> * Removed nocapture attributes from functions that return
> the marked parameter
> (Reported-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>)
> * Added nocapture attribute to strlen()
> * Updated gcc-common.h from PaX
> * Don't forcibly constify initified string types
> this caused the size reduction of the .data section
> (initify_plugin.c)
> * Added the section mismatch problem in the commit message
>
I gave this a spin on arm64 and it seems to boot up and run okay
with just the "select HAVE_GCC_PLUGIN_INITIFY_INIT_EXIT if GCC_PLUGINS"
added for arm64. The patches could probably use more review but
I think it would be good to just fold this in for arm64 for ease of
testing.
Thanks,
Laura
next prev parent reply other threads:[~2016-12-19 18:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-16 22:06 [kernel-hardening] [PATCH v4 0/4] Introduce the initify gcc plugin Kees Cook
2016-12-16 22:06 ` [kernel-hardening] [PATCH v4 1/4] gcc-plugins: Add " Kees Cook
2016-12-16 22:45 ` [kernel-hardening] " PaX Team
2016-12-16 23:02 ` Kees Cook
2016-12-16 23:15 ` PaX Team
2016-12-16 22:06 ` [kernel-hardening] [PATCH v4 2/4] util: Move type casts into is_kernel_rodata Kees Cook
2016-12-16 22:06 ` [kernel-hardening] [PATCH v4 3/4] initify: Mark functions with the __nocapture attribute Kees Cook
2016-12-16 22:06 ` [kernel-hardening] [PATCH v4 4/4] initify: Mark functions with the __unverified_nocapture attribute Kees Cook
2016-12-16 22:19 ` [kernel-hardening] Re: [PATCH v4 0/4] Introduce the initify gcc plugin Kees Cook
2016-12-19 11:10 ` Emese Revfy
2017-01-04 0:23 ` Kees Cook
2017-01-11 0:24 ` Emese Revfy
2017-01-11 1:09 ` Kees Cook
2017-01-12 21:41 ` Emese Revfy
2017-01-12 23:27 ` Kees Cook
2017-01-12 23:40 ` Kees Cook
2017-01-17 20:31 ` Emese Revfy
2017-01-19 1:22 ` Kees Cook
2017-02-15 0:23 ` Emese Revfy
2017-02-15 19:27 ` Kees Cook
2017-02-20 21:42 ` Emese Revfy
2016-12-19 18:24 ` Laura Abbott [this message]
2017-01-04 0:23 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2b452e83-d74a-8d41-1f00-1764b2c767f1@redhat.com \
--to=labbott@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=benh@kernel.crashing.org \
--cc=catalin.marinas@arm.com \
--cc=david.brown@linaro.org \
--cc=jlayton@poochiereds.net \
--cc=josh@joshtriplett.org \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=linux@rasmusvillemoes.dk \
--cc=minipli@ld-linux.so \
--cc=mmarek@suse.com \
--cc=pageexec@freemail.hu \
--cc=re.emese@gmail.com \
--cc=sam@ravnborg.org \
--cc=spender@grsecurity.net \
--cc=tglx@linutronix.de \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox