linux/scripts
Alexander Popov afaef01c00 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
The STACKLEAK feature (initially developed by PaX Team) has the following
benefits:

1. Reduces the information that can be revealed through kernel stack leak
   bugs. The idea of erasing the thread stack at the end of syscalls is
   similar to CONFIG_PAGE_POISONING and memzero_explicit() in kernel
   crypto, which all comply with FDP_RIP.2 (Full Residual Information
   Protection) of the Common Criteria standard.

2. Blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712,
   CVE-2010-2963). That kind of bugs should be killed by improving C
   compilers in future, which might take a long time.

This commit introduces the code filling the used part of the kernel
stack with a poison value before returning to userspace. Full
STACKLEAK feature also contains the gcc plugin which comes in a
separate commit.

The STACKLEAK feature is ported from grsecurity/PaX. More information at:
  https://grsecurity.net/
  https://pax.grsecurity.net/

This code is modified from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on our understanding of the code.
Changes or omissions from the original code are ours and don't reflect
the original grsecurity/PaX code.

Performance impact:

Hardware: Intel Core i7-4770, 16 GB RAM

Test #1: building the Linux kernel on a single core
        0.91% slowdown

Test #2: hackbench -s 4096 -l 2000 -g 15 -f 25 -P
        4.2% slowdown

So the STACKLEAK description in Kconfig includes: "The tradeoff is the
performance impact: on a single CPU system kernel compilation sees a 1%
slowdown, other systems and workloads may vary and you are advised to
test this feature on your expected workload before deploying it".

Signed-off-by: Alexander Popov <alex.popov@linux.com>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-09-04 10:35:47 -07:00
..
basic kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
coccinelle Coccinelle: remove pci_alloc_consistent semantic to detect in zalloc-simple.cocci 2018-08-22 23:21:43 +09:00
dtc scripts/dtc: consolidate include path options in Makefile 2018-08-22 23:21:36 +09:00
gcc-plugins x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls 2018-09-04 10:35:47 -07:00
gdb scripts/gdb/linux/tasks.py: fix get_thread_info 2018-01-19 10:09:41 -08:00
genksyms genksyms: remove symbol prefix support 2018-05-17 22:43:35 +09:00
kconfig kconfig: suppress "configuration written to .config" for syncconfig 2018-08-22 23:21:41 +09:00
ksymoops
mod scripts: modpost: check memory allocation results 2018-08-22 23:21:40 +09:00
package builddeb: Add automatic support for sh{3,4}{,eb} architectures 2018-07-28 10:53:44 +09:00
selinux staging: lustre: delete the filesystem from the tree. 2018-06-05 19:22:35 +02:00
tracing scripts: Add Python 3 support to tracing/draw_functrace.py 2018-07-29 11:08:38 +09:00
.gitignore kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
adjust_autoksyms.sh kbuild: remove CONFIG_HAVE_UNDERSCORE_SYMBOL_PREFIX 2018-05-17 22:44:57 +09:00
asn1_compiler.c kbuild: rename *-asn1.[ch] to *.asn1.[ch] 2018-04-07 19:04:02 +09:00
bin2c.c kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
bloat-o-meter syscalls/core, syscalls/x86: Clean up compat syscall stub naming convention 2018-04-09 16:47:28 +02:00
bootgraph.pl scripts: Switch to more portable Perl shebang 2017-05-14 11:20:44 +09:00
bpf_helpers_doc.py bpf: change eBPF helper doc parsing script to allow for smaller indent 2018-05-17 17:34:43 +02:00
cc-can-link.sh bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
check_00index.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
check_extable.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
checkincludes.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
checkkconfigsymbols.py
checkpatch.pl checkpatch: DT bindings should be a separate patch 2018-08-22 10:52:49 -07:00
checkstack.pl scripts: Add ppc64le support for checkstack.pl 2018-07-02 23:54:28 +10:00
checksyscalls.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
checkversion.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
clang-version.sh kbuild: Add a space after ! to prevent parsing as file pattern 2018-08-22 23:21:40 +09:00
cleanfile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cleanpatch License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
coccicheck coccicheck: return proper error code on fail 2018-08-14 08:58:56 +09:00
config License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
conmakehash.c
const_structs.checkpatch
decode_stacktrace.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
decodecode scripts/decodecode: make it take multiline Code line 2018-01-31 17:18:34 -08:00
depmod.sh kbuild: verify that $DEPMOD is installed 2018-07-18 01:18:05 +09:00
diffconfig License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
documentation-file-ref-check scripts/documentation-file-ref-check: ignore sched-pelt false positive 2018-07-02 11:25:00 -06:00
export_report.pl scripts: Switch to more portable Perl shebang 2017-05-14 11:20:44 +09:00
extract_xc3028.pl MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
extract-cert.c
extract-ikconfig
extract-module-sig.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extract-sys-certs.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
extract-vmlinux scripts: teach extract-vmlinux about LZ4 and ZSTD 2018-07-08 09:32:32 +09:00
faddr2line scripts/faddr2line: make the new code listing format optional 2018-06-05 09:04:37 -07:00
file-size.sh kbuild: Use ls(1) instead of stat(1) to obtain file size 2018-03-26 02:01:24 +09:00
find-unused-docs.sh scripts: Add a script to find unused documentation 2017-10-23 08:01:37 -06:00
gcc-goto.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcc-ld License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcc-plugin.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcc-version.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcc-x86_32-has-stack-protector.sh stack-protector: test compiler capability in Kconfig and drop AUTO mode 2018-06-08 18:56:00 +09:00
gcc-x86_64-has-stack-protector.sh stack-protector: Fix test with 32-bit userland and CONFIG_64BIT=y 2018-06-25 23:21:13 +09:00
get_dvb_firmware scripts: Switch to more portable Perl shebang 2017-05-14 11:20:44 +09:00
get_maintainer.pl get_maintainer: allow option --mpath <directory> to read all files in <directory> 2018-08-22 10:52:48 -07:00
gfp-translate
headerdep.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
headers_check.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
headers_install.sh kbuild: Improve portability of some sed invocations 2018-03-26 02:01:18 +09:00
headers.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
insert-sys-cert.c
kallsyms.c scripts: Fixed printf format mismatch 2018-05-29 22:04:12 +09:00
Kbuild.include x86/build: Remove jump label quirk for GCC older than 4.5.2 2018-08-30 11:37:08 +02:00
Kconfig.include gcc-plugins: test plugin support in Kconfig and clean up Makefile 2018-06-11 09:16:22 +09:00
kernel-doc scripts/kernel-doc: Escape all literal braces in regexes 2018-08-06 13:36:20 -06:00
ld-version.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
leaking_addresses.pl leaking_addresses: check if file name contains address 2018-04-07 08:50:34 +10:00
Lindent License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
link-vmlinux.sh kbuild: rename LDFLAGS to KBUILD_LDFLAGS 2018-08-24 08:22:08 +09:00
Makefile kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS 2018-07-18 01:18:05 +09:00
Makefile.asm-generic Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Makefile.build objtool: Remove workaround for unreachable warnings from old GCC 2018-08-30 12:56:40 +02:00
Makefile.clean kbuild: remove deprecated host-progs variable 2018-08-09 21:51:17 +09:00
Makefile.dtbinst DeviceTree for 4.15: 2017-11-14 18:25:40 -08:00
Makefile.extrawarn Kbuild: suppress packed-not-aligned warning for default setting only 2018-01-18 09:37:53 +09:00
Makefile.gcc-plugins gcc-plugins: Regularize Makefile.gcc-plugins 2018-07-24 16:11:07 -07:00
Makefile.headersinst Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Makefile.host kbuild: Rename HOST_LOADLIBES to KBUILD_HOSTLDLIBS 2018-07-18 01:18:05 +09:00
Makefile.kasan kasan: rework Kconfig settings 2018-02-06 18:32:47 -08:00
Makefile.kcov kcov: test compiler capability in Kconfig and correct dependency 2018-06-11 09:14:08 +09:00
Makefile.lib kbuild: rename LDFLAGS to KBUILD_LDFLAGS 2018-08-24 08:22:08 +09:00
Makefile.modbuiltin Kbuild: Makefile.modbuiltin: include auto.conf and tristate.conf mandatory 2018-08-03 00:47:00 +09:00
Makefile.modinst kbuild: remove duplicated comments about PHONY 2018-07-06 22:04:03 +09:00
Makefile.modpost kbuild: rename LDFLAGS to KBUILD_LDFLAGS 2018-08-24 08:22:08 +09:00
Makefile.modsign kbuild: remove duplicated comments about PHONY 2018-07-06 22:04:03 +09:00
Makefile.ubsan lib/ubsan: remove null-pointer checks 2018-08-10 20:19:58 -07:00
makelst License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
markup_oops.pl scripts: Switch to more portable Perl shebang 2017-05-14 11:20:44 +09:00
mkcompile_h Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
mkmakefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mksysmap
mkuboot.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
module-common.lds
namespace.pl kbuild: rename built-in.o to built-in.a 2018-03-26 02:01:19 +09:00
objdiff
parse-maintainers.pl parse-maintainers: add ability to specify filenames 2017-11-17 16:10:01 -08:00
patch-kernel License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pnmtologo.c
profile2linkerlist.pl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
prune-kernel License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
recordmcount.c scripts: Fixed printf format mismatch 2018-05-29 22:04:12 +09:00
recordmcount.h scripts: Fixed printf format mismatch 2018-05-29 22:04:12 +09:00
recordmcount.pl powerpc/kbuild: Use flags variables rather than overriding LD/CC/AS 2018-06-01 23:08:09 +10:00
setlocalversion License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
show_delta
sign-file.c
sortextable.c
sortextable.h
spdxcheck.py scripts: add Python 3 compatibility to spdxcheck.py 2018-08-17 16:20:27 -07:00
spelling.txt treewide: correct "differenciate" and "instanciate" typos 2018-08-23 18:48:43 -07:00
sphinx-pre-install docs-rst: don't require adjustbox anymore 2017-09-08 10:02:55 -06:00
split-man.pl MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
stackdelta License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stackusage License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tags.sh Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-07-18 19:32:54 -07:00
unifdef.c
ver_linux ver_linux: Do not check for ver_linux pattern in version function 2018-07-07 17:44:52 +02:00
xen-hypercalls.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xz_wrap.sh