xref: /linux/include/linux/stackleak.h (revision 0ea5c948cb64bab5bc7a5516774eb8536f05aa0d)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_STACKLEAK_H
3 #define _LINUX_STACKLEAK_H
4 
5 #include <linux/sched.h>
6 #include <linux/sched/task_stack.h>
7 
8 /*
9  * Check that the poison value points to the unused hole in the
10  * virtual memory map for your platform.
11  */
12 #define STACKLEAK_POISON -0xBEEF
13 #define STACKLEAK_SEARCH_DEPTH 128
14 
15 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK
16 #include <asm/stacktrace.h>
17 #include <linux/linkage.h>
18 
19 /*
20  * The lowest address on tsk's stack which we can plausibly erase.
21  */
22 static __always_inline unsigned long
stackleak_task_low_bound(const struct task_struct * tsk)23 stackleak_task_low_bound(const struct task_struct *tsk)
24 {
25 	/*
26 	 * The lowest unsigned long on the task stack contains STACK_END_MAGIC,
27 	 * which we must not corrupt.
28 	 */
29 	return (unsigned long)end_of_stack(tsk) + sizeof(unsigned long);
30 }
31 
32 /*
33  * The address immediately after the highest address on tsk's stack which we
34  * can plausibly erase.
35  */
36 static __always_inline unsigned long
stackleak_task_high_bound(const struct task_struct * tsk)37 stackleak_task_high_bound(const struct task_struct *tsk)
38 {
39 	/*
40 	 * The task's pt_regs lives at the top of the task stack and will be
41 	 * overwritten by exception entry, so there's no need to erase them.
42 	 */
43 	return (unsigned long)task_pt_regs(tsk);
44 }
45 
46 /*
47  * Find the address immediately above the poisoned region of the stack, where
48  * that region falls between 'low' (inclusive) and 'high' (exclusive).
49  */
50 static __always_inline unsigned long
stackleak_find_top_of_poison(const unsigned long low,const unsigned long high)51 stackleak_find_top_of_poison(const unsigned long low, const unsigned long high)
52 {
53 	const unsigned int depth = STACKLEAK_SEARCH_DEPTH / sizeof(unsigned long);
54 	unsigned int poison_count = 0;
55 	unsigned long poison_high = high;
56 	unsigned long sp = high;
57 
58 	while (sp > low && poison_count < depth) {
59 		sp -= sizeof(unsigned long);
60 
61 		if (*(unsigned long *)sp == STACKLEAK_POISON) {
62 			poison_count++;
63 		} else {
64 			poison_count = 0;
65 			poison_high = sp;
66 		}
67 	}
68 
69 	return poison_high;
70 }
71 
stackleak_task_init(struct task_struct * t)72 static inline void stackleak_task_init(struct task_struct *t)
73 {
74 	t->lowest_stack = stackleak_task_low_bound(t);
75 # ifdef CONFIG_STACKLEAK_METRICS
76 	t->prev_lowest_stack = t->lowest_stack;
77 # endif
78 }
79 
80 asmlinkage void noinstr stackleak_erase(void);
81 asmlinkage void noinstr stackleak_erase_on_task_stack(void);
82 asmlinkage void noinstr stackleak_erase_off_task_stack(void);
83 void __no_caller_saved_registers noinstr stackleak_track_stack(void);
84 
85 #else /* !CONFIG_GCC_PLUGIN_STACKLEAK */
stackleak_task_init(struct task_struct * t)86 static inline void stackleak_task_init(struct task_struct *t) { }
87 #endif
88 
89 #endif
90