Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls

From: Palmer Dabbelt
Date: Thu Oct 06 2022 - 22:31:21 EST

Next message: Darrick J. Wong: "Re: [man-pages PATCH v3] statx.2, open.2: document STATX_DIOALIGN"
Previous message: Palmer Dabbelt: "Re: [PATCH] drivers/perf: riscv_pmu_sbi: add perf_user_access sysctl"
Next in thread: Mark Rutland: "Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 06 Sep 2022 10:35:10 PDT (-0700), Conor.Dooley@xxxxxxxxxxxxx wrote:

On 03/09/2022 17:23, guoren@xxxxxxxxxx wrote:

EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe

From: Xianting Tian <xianting.tian@xxxxxxxxxxxxxxxxx>

This adds support for the STACKLEAK gcc plugin to RISC-V and disables
the plugin in EFI stub code, which is out of scope for the protection.

For the benefits of STACKLEAK feature, please check the commit
afaef01c0015 ("x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls")

Performance impact (tested on qemu env with 1 riscv64 hart, 1GB mem)
hackbench -s 512 -l 200 -g 15 -f 25 -P
2.0% slowdown

Signed-off-by: Xianting Tian <xianting.tian@xxxxxxxxxxxxxxxxx>

What changed since Xianting posted it himself a week ago:
https://lore.kernel.org/linux-riscv/20220828135407.3897717-1-xianting.tian@xxxxxxxxxxxxxxxxx/

There's an older patch from Du Lao adding STACKLEAK too:
https://lore.kernel.org/linux-riscv/20220615213834.3116135-1-daolu@xxxxxxxxxxxx/

But since there's been no activity there since June...

Looks like the only issues were some commit log wording stuff, and that there's a test suite that should be run. It's not clear from the commits that anyone has done that, I'm fine with the patch if it passes the tests but don't really know how to run them.

Has anyone run the tests?

---
arch/riscv/Kconfig | 1 +
arch/riscv/include/asm/processor.h | 4 ++++
arch/riscv/kernel/entry.S | 3 +++
drivers/firmware/efi/libstub/Makefile | 2 +-
4 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
index ed66c31e4655..61fd0dad4463 100644
--- a/arch/riscv/Kconfig
+++ b/arch/riscv/Kconfig
@@ -85,6 +85,7 @@ config RISCV
select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
select HAVE_ARCH_THREAD_STRUCT_WHITELIST
select HAVE_ARCH_VMAP_STACK if MMU && 64BIT
+ select HAVE_ARCH_STACKLEAK
select HAVE_ASM_MODVERSIONS
select HAVE_CONTEXT_TRACKING_USER
select HAVE_DEBUG_KMEMLEAK
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index d0537573501e..5e1fc4f82883 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -25,7 +25,7 @@ cflags-$(CONFIG_ARM) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
-fno-builtin -fpic \
$(call cc-option,-mno-single-pic-base)
cflags-$(CONFIG_RISCV) := $(subst $(CC_FLAGS_FTRACE),,$(KBUILD_CFLAGS)) \
- -fpic
+ -fpic $(DISABLE_STACKLEAK_PLUGIN)

cflags-$(CONFIG_EFI_GENERIC_STUB) += -I$(srctree)/scripts/dtc/libfdt

--
2.17.1

_______________________________________________
linux-riscv mailing list
linux-riscv@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/linux-riscv

Next message: Darrick J. Wong: "Re: [man-pages PATCH v3] statx.2, open.2: document STATX_DIOALIGN"
Previous message: Palmer Dabbelt: "Re: [PATCH] drivers/perf: riscv_pmu_sbi: add perf_user_access sysctl"
Next in thread: Mark Rutland: "Re: [PATCH] RISC-V: Add STACKLEAK erasing the kernel stack at the end of syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]