forked from luck/tmp_suning_uos_patched
afaef01c00
The STACKLEAK feature (initially developed by PaX Team) has the following benefits: 1. Reduces the information that can be revealed through kernel stack leak bugs. The idea of erasing the thread stack at the end of syscalls is similar to CONFIG_PAGE_POISONING and memzero_explicit() in kernel crypto, which all comply with FDP_RIP.2 (Full Residual Information Protection) of the Common Criteria standard. 2. Blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712, CVE-2010-2963). That kind of bugs should be killed by improving C compilers in future, which might take a long time. This commit introduces the code filling the used part of the kernel stack with a poison value before returning to userspace. Full STACKLEAK feature also contains the gcc plugin which comes in a separate commit. The STACKLEAK feature is ported from grsecurity/PaX. More information at: https://grsecurity.net/ https://pax.grsecurity.net/ This code is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on our understanding of the code. Changes or omissions from the original code are ours and don't reflect the original grsecurity/PaX code. Performance impact: Hardware: Intel Core i7-4770, 16 GB RAM Test #1: building the Linux kernel on a single core 0.91% slowdown Test #2: hackbench -s 4096 -l 2000 -g 15 -f 25 -P 4.2% slowdown So the STACKLEAK description in Kconfig includes: "The tradeoff is the performance impact: on a single CPU system kernel compilation sees a 1% slowdown, other systems and workloads may vary and you are advised to test this feature on your expected workload before deploying it". Signed-off-by: Alexander Popov <alex.popov@linux.com> Acked-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org>
27 lines
664 B
C
27 lines
664 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _LINUX_STACKLEAK_H
|
|
#define _LINUX_STACKLEAK_H
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/sched/task_stack.h>
|
|
|
|
/*
|
|
* Check that the poison value points to the unused hole in the
|
|
* virtual memory map for your platform.
|
|
*/
|
|
#define STACKLEAK_POISON -0xBEEF
|
|
#define STACKLEAK_SEARCH_DEPTH 128
|
|
|
|
#ifdef CONFIG_GCC_PLUGIN_STACKLEAK
|
|
#include <asm/stacktrace.h>
|
|
|
|
static inline void stackleak_task_init(struct task_struct *t)
|
|
{
|
|
t->lowest_stack = (unsigned long)end_of_stack(t) + sizeof(unsigned long);
|
|
}
|
|
#else /* !CONFIG_GCC_PLUGIN_STACKLEAK */
|
|
static inline void stackleak_task_init(struct task_struct *t) { }
|
|
#endif
|
|
|
|
#endif
|