Re: [PATCH] ARM: Add support for STACKLEAK gcc plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 2024/6/21 2:38, Kees Cook wrote:
> On Thu, Jun 20, 2024 at 09:16:49PM +0800, Jinjie Ruan wrote:
>> Add the STACKLEAK gcc plugin to arm32 by adding the helper used by
>> stackleak common code: on_thread_stack(). It initialize the stack with the
>> poison value before returning from system calls which improves the kernel
>> security. Additionally, this disables the plugin in EFI stub code and
>> decompress code, which are out of scope for the protection.
> 
> Oh very cool! Thanks for sending this!
> 
>> Before the test on Qemu versatilepb board:
>> 	# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
>> 	lkdtm: Performing direct entry STACKLEAK_ERASING
>> 	lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)
>>
>> After:
>> 	# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
>> 	lkdtm: Performing direct entry STACKLEAK_ERASING
>> 	lkdtm: stackleak stack usage:
>> 	  high offset: 80 bytes
>> 	  current:     280 bytes
>> 	  lowest:      696 bytes
>> 	  tracked:     696 bytes
>> 	  untracked:   192 bytes
>> 	  poisoned:    7220 bytes
>> 	  low offset:  4 bytes
>> 	lkdtm: OK: the rest of the thread stack is properly erased
>>
>> Signed-off-by: Jinjie Ruan <ruanjinjie@xxxxxxxxxx>
>> ---
>>  arch/arm/Kconfig                      | 1 +
>>  arch/arm/boot/compressed/Makefile     | 1 +
>>  arch/arm/include/asm/stacktrace.h     | 5 +++++
>>  arch/arm/kernel/entry-common.S        | 3 +++
>>  drivers/firmware/efi/libstub/Makefile | 3 ++-
>>  5 files changed, 12 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
>> index 036381c5d42f..b211b7f5a138 100644
>> --- a/arch/arm/Kconfig
>> +++ b/arch/arm/Kconfig
>> @@ -86,6 +86,7 @@ config ARM
>>  	select HAVE_ARCH_PFN_VALID
>>  	select HAVE_ARCH_SECCOMP
>>  	select HAVE_ARCH_SECCOMP_FILTER if AEABI && !OABI_COMPAT
>> +	select HAVE_ARCH_STACKLEAK
>>  	select HAVE_ARCH_THREAD_STRUCT_WHITELIST
>>  	select HAVE_ARCH_TRACEHOOK
>>  	select HAVE_ARCH_TRANSPARENT_HUGEPAGE if ARM_LPAE
>> diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
>> index 6bca03c0c7f0..945b5975fce2 100644
>> --- a/arch/arm/boot/compressed/Makefile
>> +++ b/arch/arm/boot/compressed/Makefile
>> @@ -9,6 +9,7 @@ OBJS		=
>>  
>>  HEAD	= head.o
>>  OBJS	+= misc.o decompress.o
>> +CFLAGS_decompress.o += $(DISABLE_STACKLEAK_PLUGIN)
>>  ifeq ($(CONFIG_DEBUG_UNCOMPRESS),y)
>>  OBJS	+= debug.o
>>  AFLAGS_head.o += -DDEBUG
>> diff --git a/arch/arm/include/asm/stacktrace.h b/arch/arm/include/asm/stacktrace.h
>> index 360f0d2406bf..a9b4b72ed241 100644
>> --- a/arch/arm/include/asm/stacktrace.h
>> +++ b/arch/arm/include/asm/stacktrace.h
>> @@ -26,6 +26,11 @@ struct stackframe {
>>  #endif
>>  };
>>  
>> +static inline bool on_thread_stack(void)
>> +{
>> +	return !(((unsigned long)(current->stack) ^ current_stack_pointer) & ~(THREAD_SIZE - 1));
>> +}
>> +
>>  static __always_inline
>>  void arm_get_current_stackframe(struct pt_regs *regs, struct stackframe *frame)
>>  {
>> diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
>> index 5c31e9de7a60..f379c852dcb7 100644
>> --- a/arch/arm/kernel/entry-common.S
>> +++ b/arch/arm/kernel/entry-common.S
>> @@ -119,6 +119,9 @@ no_work_pending:
>>  
>>  	ct_user_enter save = 0
>>  
>> +#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
>> +	bl	stackleak_erase_on_task_stack
>> +#endif
>>  	restore_user_regs fast = 0, offset = 0
>>  ENDPROC(ret_to_user_from_irq)
>>  ENDPROC(ret_to_user)
>> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
>> index 06f0428a723c..20d8a491f25f 100644
>> --- a/drivers/firmware/efi/libstub/Makefile
>> +++ b/drivers/firmware/efi/libstub/Makefile
>> @@ -27,7 +27,8 @@ cflags-$(CONFIG_ARM64)		+= -fpie $(DISABLE_STACKLEAK_PLUGIN) \
>>  cflags-$(CONFIG_ARM)		+= -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \
>>  				   -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \
>>  				   -DEFI_HAVE_STRCMP -fno-builtin -fpic \
>> -				   $(call cc-option,-mno-single-pic-base)
>> +				   $(call cc-option,-mno-single-pic-base) \
>> +				   $(DISABLE_STACKLEAK_PLUGIN)
>>  cflags-$(CONFIG_RISCV)		+= -fpic -DNO_ALTERNATIVE -mno-relax
>>  cflags-$(CONFIG_LOONGARCH)	+= -fpie
> 
> This looks very straight forward! If an ARM person can Ack this, I could
> carry it via the hardening tree. Otherwise, it should probably go via
> rmk's patch tracker?

Thank you for your attention and reply.

> 
> -Kees
> 




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux