|
Revision tags: v5.8, v5.8-rc7, v5.8-rc6, v5.8-rc5, v5.8-rc4, v5.8-rc3 |
|
| #
feee1b8c |
| 24-Jun-2020 |
Alexander Popov <alex.popov@linux.com> |
gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving
The kernel code instrumentation in stackleak gcc plugin works in two stages.
At first, stack tracking is added to GIMP
gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving
The kernel code instrumentation in stackleak gcc plugin works in two stages.
At first, stack tracking is added to GIMPLE representation of every function
(except some special cases). And later, when stack frame size info is
available, stack tracking is removed from the RTL representation of the
functions with small stack frame. There is an unwanted side-effect for these
functions: some of them do useless work with caller-saved registers.
As an example of such case, proc_sys_write without() instrumentation:
55 push %rbp
41 b8 01 00 00 00 mov $0x1,%r8d
48 89 e5 mov %rsp,%rbp
e8 11 ff ff ff callq ffffffff81284610 <proc_sys_call_handler>
5d pop %rbp
c3 retq
0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
00 00 00
proc_sys_write() with instrumentation:
55 push %rbp
48 89 e5 mov %rsp,%rbp
41 56 push %r14
41 55 push %r13
41 54 push %r12
53 push %rbx
49 89 f4 mov %rsi,%r12
48 89 fb mov %rdi,%rbx
49 89 d5 mov %rdx,%r13
49 89 ce mov %rcx,%r14
4c 89 f1 mov %r14,%rcx
4c 89 ea mov %r13,%rdx
4c 89 e6 mov %r12,%rsi
48 89 df mov %rbx,%rdi
41 b8 01 00 00 00 mov $0x1,%r8d
e8 f2 fe ff ff callq ffffffff81298e80 <proc_sys_call_handler>
5b pop %rbx
41 5c pop %r12
41 5d pop %r13
41 5e pop %r14
5d pop %rbp
c3 retq
66 0f 1f 84 00 00 00 nopw 0x0(%rax,%rax,1)
00 00
Let's improve the instrumentation to avoid this:
1. Make stackleak_track_stack() save all register that it works with.
Use no_caller_saved_registers attribute for that function. This attribute
is available for x86_64 and i386 starting from gcc-7.
2. Insert calling stackleak_track_stack() in asm:
asm volatile("call stackleak_track_stack" :: "r" (current_stack_pointer))
Here we use ASM_CALL_CONSTRAINT trick from arch/x86/include/asm/asm.h.
The input constraint is taken into account during gcc shrink-wrapping
optimization. It is needed to be sure that stackleak_track_stack() call is
inserted after the prologue of the containing function, when the stack
frame is prepared.
This work is a deep reengineering of the idea described on grsecurity blog
https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Acked-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
Link: https://lore.kernel.org/r/20200624123330.83226-5-alex.popov@linux.com
Signed-off-by: Kees Cook <keescook@chromium.org>
show more ...
|
|
Revision tags: v5.8-rc2, v5.8-rc1, v5.7, v5.7-rc7, v5.7-rc6, v5.7-rc5, v5.7-rc4, v5.7-rc3, v5.7-rc2, v5.7-rc1, v5.6, v5.6-rc7, v5.6-rc6, v5.6-rc5, v5.6-rc4, v5.6-rc3, v5.6-rc2, v5.6-rc1, v5.5, v5.5-rc7, v5.5-rc6, v5.5-rc5, v5.5-rc4, v5.5-rc3, v5.5-rc2, v5.5-rc1, v5.4, v5.4-rc8, v5.4-rc7, v5.4-rc6, v5.4-rc5, v5.4-rc4, v5.4-rc3, v5.4-rc2, v5.4-rc1, v5.3, v5.3-rc8, v5.3-rc7, v5.3-rc6, v5.3-rc5, v5.3-rc4, v5.3-rc3, v5.3-rc2, v5.3-rc1 |
|
| #
59747372 |
| 11-Jul-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge branch 'next' into for-linus
Prepare input updates for 5.3 merge window.
|
|
Revision tags: v5.2, v5.2-rc7, v5.2-rc6, v5.2-rc5, v5.2-rc4, v5.2-rc3, v5.2-rc2, v5.2-rc1 |
|
| #
2a267e7c |
| 10-May-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v5.1' into next
Sync up with mainline to bring in the latest APIs.
|
| #
63b6f0b8 |
| 06-May-2019 |
Jiri Kosina <jkosina@suse.cz> |
Merge branches 'for-5.1/upstream-fixes', 'for-5.2/core', 'for-5.2/ish', 'for-5.2/logitech', 'for-5.2/macally', 'for-5.2/picolcd', 'for-5.2/sensor' and 'for-5.2/u2fzero' into for-linus
|
|
Revision tags: v5.1, v5.1-rc7 |
|
| #
c3bdd5e6 |
| 23-Apr-2019 |
Saeed Mahameed <saeedm@mellanox.com> |
Merge tag 'v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into mlx5-next
Linux 5.1-rc1
We forgot to reset the branch last merge window thus mlx5-next is outdated
and stil
Merge tag 'v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into mlx5-next
Linux 5.1-rc1
We forgot to reset the branch last merge window thus mlx5-next is outdated
and still based on 5.0-rc2. This merge commit is needed to sync mlx5-next
branch with 5.1-rc1.
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
show more ...
|
|
Revision tags: v5.1-rc6 |
|
| #
95d002e0 |
| 16-Apr-2019 |
Zhenyu Wang <zhenyuw@linux.intel.com> |
Merge tag 'drm-intel-next-2019-04-04' into gvt-next
Merge back drm-intel-next for engine name definition refinement
and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses")
tha
Merge tag 'drm-intel-next-2019-04-04' into gvt-next
Merge back drm-intel-next for engine name definition refinement
and 54939ea0bd85 ("drm/i915: Switch to use HWS indices rather than addresses")
that would need gvt fixes to depend on.
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
show more ...
|
|
Revision tags: v5.1-rc5 |
|
| #
9b0dcd0e |
| 11-Apr-2019 |
Takashi Iwai <tiwai@suse.de> |
Merge tag 'asoc-fix-v5.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v5.1
A few core fixes along with the driver specific ones, mainly fixing
Merge tag 'asoc-fix-v5.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v5.1
A few core fixes along with the driver specific ones, mainly fixing
small issues that only affect x86 platforms for various reasons (their
unusual machine enumeration mechanisms mainly, plus a fix for error
handling in topology).
There's some of the driver fixes that look larger than they are, like
the hdmi-codec changes which resulted in an indentation change, and most
of the other large changes are for new drivers like the STM32 changes.
show more ...
|
| #
3bfaf1f7 |
| 10-Apr-2019 |
Sean Paul <seanpaul@chromium.org> |
Merge drm/drm-next into drm-misc-next
Finally have a reason for a backmerge other than "it's been a while"!
Backmerging drm-next to -misc-next to facilitate Rob Herring's work on
Panfrost.
Signed-
Merge drm/drm-next into drm-misc-next
Finally have a reason for a backmerge other than "it's been a while"!
Backmerging drm-next to -misc-next to facilitate Rob Herring's work on
Panfrost.
Signed-off-by: Sean Paul <seanpaul@chromium.org>
show more ...
|
|
Revision tags: v5.1-rc4 |
|
| #
df768610 |
| 01-Apr-2019 |
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> |
Merge tag 'v5.1-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.1-rc3
Sync with upstream (which now contains fbdev-v5.1 changes) to
prepare a base
Merge tag 'v5.1-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.1-rc3
Sync with upstream (which now contains fbdev-v5.1 changes) to
prepare a base for fbdev-v5.2 changes.
show more ...
|
|
Revision tags: v5.1-rc3 |
|
| #
0e2f54f8 |
| 27-Mar-2019 |
Joonas Lahtinen <joonas.lahtinen@linux.intel.com> |
Merge drm/drm-next into drm-intel-next-queued
This is needed to get the fourcc code merged without conflicts.
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
|
| #
9d7b7bfb |
| 27-Mar-2019 |
James Morris <james.morris@microsoft.com> |
Merge tag 'v5.1-rc2' into next-general
Merge to Linux 5.1-rc2 for subsystems to work with.
|
|
Revision tags: v5.1-rc2 |
|
| #
86008304 |
| 19-Mar-2019 |
Stefan Schmidt <stefan@datenfreihafen.org> |
Merge remote-tracking branch 'net/master'
|
| #
249acb5f |
| 19-Mar-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.1-rc1' into spi-5.2
Linux 5.1-rc1
|
| #
c9e48084 |
| 19-Mar-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.1-rc1' into regulator-5.2
Linux 5.1-rc1
|
| #
12747059 |
| 18-Mar-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.1-rc1' into asoc-5.2
Linux 5.1-rc1
|
| #
22d91ed3 |
| 18-Mar-2019 |
Mark Brown <broonie@kernel.org> |
Merge tag 'v5.1-rc1' into asoc-5.1
Linux 5.1-rc1
|
|
Revision tags: v5.1-rc1 |
|
| #
2bb99540 |
| 09-Mar-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Merge tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc-plugins updates from Kees Cook:
"This adds additional type coverage to the existing structleak
Merge tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc-plugins updates from Kees Cook:
"This adds additional type coverage to the existing structleak plugin
and adds a large set of selftests to help evaluate stack variable
zero-initialization coverage.
That can be used to test whatever instrumentation might be performing
zero-initialization: either with the structleak plugin or with Clang's
coming "-ftrivial-auto-var-init=zero" option.
Summary:
- Add scalar and array initialization coverage
- Refactor Kconfig to make options more clear
- Add self-test module for testing automatic initialization"
* tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
lib: Introduce test_stackinit module
gcc-plugins: structleak: Generalize to all variable types
show more ...
|
|
Revision tags: v5.0, v5.0-rc8, v5.0-rc7, v5.0-rc6, v5.0-rc5, v5.0-rc4 |
|
| #
81a56f6d |
| 24-Jan-2019 |
Kees Cook <keescook@chromium.org> |
gcc-plugins: structleak: Generalize to all variable types
This adjusts structleak to also work with non-struct types when they
are passed by reference, since those variables may leak just like
anyth
gcc-plugins: structleak: Generalize to all variable types
This adjusts structleak to also work with non-struct types when they
are passed by reference, since those variables may leak just like
anything else. This is exposed via an improved set of Kconfig options.
(This does mean structleak is slightly misnamed now.)
Building with CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL should give the
kernel complete initialization coverage of all stack variables passed
by reference, including padding (see lib/test_stackinit.c).
Using CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE to count added initializations
under defconfig:
..._BYREF: 5945 added initializations
..._BYREF_ALL: 16606 added initializations
There is virtually no change to text+data size (both have less than 0.05%
growth):
text data bss dec hex filename
19502103 5051456 1917000 26470559 193e89f vmlinux.stock
19513412 5051456 1908808 26473676 193f4cc vmlinux.byref
19516974 5047360 1900616 26464950 193d2b6 vmlinux.byref_all
The measured performance difference is in the noise for hackbench and
kernel build benchmarks:
Stock:
5x hackbench -g 20 -l 1000
Mean: 10.649s
Std Dev: 0.339
5x kernel build (4-way parallel)
Mean: 261.98s
Std Dev: 1.53
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF:
5x hackbench -g 20 -l 1000
Mean: 10.540s
Std Dev: 0.233
5x kernel build (4-way parallel)
Mean: 260.52s
Std Dev: 1.31
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL:
5x hackbench -g 20 -l 1000
Mean: 10.320
Std Dev: 0.413
5x kernel build (4-way parallel)
Mean: 260.10
Std Dev: 0.86
This does not yet solve missing padding initialization for structures
on the stack that are never passed by reference (which should be a tiny
minority). Hopefully this will be more easily addressed by upstream
compiler fixes after clarifying the C11 padding initialization
specification.
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
show more ...
|
| #
82ffd045 |
| 07-Feb-2019 |
Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> |
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a
Merge tag 'v5.0-rc5' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into fbdev-for-next
Linux 5.0-rc5
Sync with upstream (which now contains fbdev-v5.0-rc3 changes) to
prepare a base for fbdev-v5.1 changes.
show more ...
|
|
Revision tags: v5.0-rc3 |
|
| #
3eb66e91 |
| 15-Jan-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v4.20' into for-linus
Sync with mainline to get linux/overflow.h among other things.
|
| #
4116941b |
| 14-Jan-2019 |
Dmitry Torokhov <dmitry.torokhov@gmail.com> |
Merge tag 'v4.20' into next
Merge with mainline to bring in the new APIs.
|
|
Revision tags: v5.0-rc2 |
|
| #
23d19ba0 |
| 11-Jan-2019 |
Maxime Ripard <maxime.ripard@bootlin.com> |
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.
Merge drm/drm-next into drm-misc-next
drm-next has been forwarded to 5.0-rc1, and we need it to apply the damage
helper for dirtyfb series from Noralf Trønnes.
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
show more ...
|
| #
49e41801 |
| 10-Jan-2019 |
James Morris <james.morris@microsoft.com> |
Merge tag 'v5.0-rc1' into next-general
Linux 5.0-rc1
Sync to pick up LSM stacking work (which is based on -rc1).
|
| #
3eb0930a |
| 08-Jan-2019 |
Jani Nikula <jani.nikula@intel.com> |
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i91
Merge drm/drm-next into drm-intel-next-queued
Generally catch up with 5.0-rc1, and specifically get the changes:
96d4f267e40f ("Remove 'type' argument from access_ok() function")
0b2c8f8b6b0c ("i915: fix missing user_access_end() in page fault exception case")
594cc251fdd0 ("make 'user_access_begin()' do 'access_ok()'")
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
show more ...
|
|
Revision tags: v5.0-rc1 |
|
| #
d538d94f |
| 04-Jan-2019 |
Michael Ellerman <mpe@ellerman.id.au> |
Merge branch 'master' into fixes
We have a fix to apply on top of commit 96d4f267e40f ("Remove 'type'
argument from access_ok() function"), so merge master to get it.
|