On Mon, Jun 17, 2024 at 08:30:29PM +0800, Jisheng Zhang wrote:
> Add support for the stackleak feature. Whenever the kernel returns to user
> space the kernel stack is filled with a poison value.
>
> At the same time, disables the plugin in EFI stub code because EFI stub
> is out of scope for the protection.
>
> Tested on qemu and milkv duo:
> / # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT
> [ 38.675575] lkdtm: Performing direct entry STACKLEAK_ERASING
> [ 38.678448] lkdtm: stackleak stack usage:
> [ 38.678448] high offset: 288 bytes
> [ 38.678448] current: 496 bytes
> [ 38.678448] lowest: 1328 bytes
> [ 38.678448] tracked: 1328 bytes
> [ 38.678448] untracked: 448 bytes
> [ 38.678448] poisoned: 14312 bytes
> [ 38.678448] low offset: 8 bytes
> [ 38.689887] lkdtm: OK: the rest of the thread stack is properly erased
>
> Signed-off-by: Jisheng Zhang <jszhang@xxxxxxxxxx>
> ---
> arch/riscv/Kconfig | 1 +
> arch/riscv/kernel/entry.S | 4 ++++
> drivers/firmware/efi/libstub/Makefile | 3 ++-
> 3 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
> index 0525ee2d63c7..9cbfdffec96c 100644
> --- a/arch/riscv/Kconfig
> +++ b/arch/riscv/Kconfig
> @@ -118,6 +118,7 @@ config RISCV
> select HAVE_ARCH_MMAP_RND_COMPAT_BITS if COMPAT
> select HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET
> select HAVE_ARCH_SECCOMP_FILTER
> + select HAVE_ARCH_STACKLEAK
When this is selected, stackleak.h include
arch/riscv/include/asm/thread_info.h without sizes.h and I hit:
./arch/riscv/include/asm/thread_info.h:30:33: error: ‘SZ_4K’ undeclared here (not in a function)
30 | #define OVERFLOW_STACK_SIZE SZ_4K
| ^~~~~
Adding "#include <linux/sizes.h>" to thread_info.h resolves the issue.
I am testing this based on 6.10-rc4. Did you encounter this?
- Charlie
> select HAVE_ARCH_THREAD_STRUCT_WHITELIST
> select HAVE_ARCH_TRACEHOOK
> select HAVE_ARCH_TRANSPARENT_HUGEPAGE if 64BIT && MMU
> diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
> index 68a24cf9481a..80ff55a26d13 100644
> --- a/arch/riscv/kernel/entry.S
> +++ b/arch/riscv/kernel/entry.S
> @@ -130,6 +130,10 @@ SYM_CODE_START_NOALIGN(ret_from_exception)
> #endif
> bnez s0, 1f
>
> +#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
> + call stackleak_erase_on_task_stack
> +#endif
> +
> /* Save unwound kernel stack pointer in thread_info */
> addi s0, sp, PT_SIZE_ON_STACK
> REG_S s0, TASK_TI_KERNEL_SP(tp)
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index 06f0428a723c..3a9521c57641 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -28,7 +28,8 @@ cflags-$(CONFIG_ARM) += -DEFI_HAVE_STRLEN -DEFI_HAVE_STRNLEN \
> -DEFI_HAVE_MEMCHR -DEFI_HAVE_STRRCHR \
> -DEFI_HAVE_STRCMP -fno-builtin -fpic \
> $(call cc-option,-mno-single-pic-base)
> -cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax
> +cflags-$(CONFIG_RISCV) += -fpic -DNO_ALTERNATIVE -mno-relax \
> + $(DISABLE_STACKLEAK_PLUGIN)
> cflags-$(CONFIG_LOONGARCH) += -fpie
>
> cflags-$(CONFIG_EFI_PARAMS_FROM_FDT) += -I$(srctree)/scripts/dtc/libfdt
> --
> 2.43.0
>
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-riscv
