)]}' { "commit": "afaef01c001537fa97a25092d7f54d764dc7d8c1", "tree": "199a05427ea4c1e0c735058f322a5b21625b9ecd", "parents": [ "57361846b52bc686112da6ca5368d11210796804" ], "author": { "name": "Alexander Popov", "email": "alex.popov@linux.com", "time": "Fri Aug 17 01:16:58 2018 +0300" }, "committer": { "name": "Kees Cook", "email": "keescook@chromium.org", "time": "Tue Sep 04 10:35:47 2018 -0700" }, "message": "x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls\n\nThe STACKLEAK feature (initially developed by PaX Team) has the following\nbenefits:\n\n1. Reduces the information that can be revealed through kernel stack leak\n bugs. The idea of erasing the thread stack at the end of syscalls is\n similar to CONFIG_PAGE_POISONING and memzero_explicit() in kernel\n crypto, which all comply with FDP_RIP.2 (Full Residual Information\n Protection) of the Common Criteria standard.\n\n2. Blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712,\n CVE-2010-2963). That kind of bugs should be killed by improving C\n compilers in future, which might take a long time.\n\nThis commit introduces the code filling the used part of the kernel\nstack with a poison value before returning to userspace. Full\nSTACKLEAK feature also contains the gcc plugin which comes in a\nseparate commit.\n\nThe STACKLEAK feature is ported from grsecurity/PaX. More information at:\n https://grsecurity.net/\n https://pax.grsecurity.net/\n\nThis code is modified from Brad Spengler/PaX Team\u0027s code in the last\npublic patch of grsecurity/PaX based on our understanding of the code.\nChanges or omissions from the original code are ours and don\u0027t reflect\nthe original grsecurity/PaX code.\n\nPerformance impact:\n\nHardware: Intel Core i7-4770, 16 GB RAM\n\nTest #1: building the Linux kernel on a single core\n 0.91% slowdown\n\nTest #2: hackbench -s 4096 -l 2000 -g 15 -f 25 -P\n 4.2% slowdown\n\nSo the STACKLEAK description in Kconfig includes: \"The tradeoff is the\nperformance impact: on a single CPU system kernel compilation sees a 1%\nslowdown, other systems and workloads may vary and you are advised to\ntest this feature on your expected workload before deploying it\".\n\nSigned-off-by: Alexander Popov \u003calex.popov@linux.com\u003e\nAcked-by: Thomas Gleixner \u003ctglx@linutronix.de\u003e\nReviewed-by: Dave Hansen \u003cdave.hansen@linux.intel.com\u003e\nAcked-by: Ingo Molnar \u003cmingo@kernel.org\u003e\nSigned-off-by: Kees Cook \u003ckeescook@chromium.org\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "5432a96d31ffd9938a58ab43e7b34fecd2ab35e7", "old_mode": 33188, "old_path": "Documentation/x86/x86_64/mm.txt", "new_id": "600bc2afa27d6d80b8f15f7277ebe7045bec82ce", "new_mode": 33188, "new_path": "Documentation/x86/x86_64/mm.txt" }, { "type": "modify", "old_id": "6801123932a503ba64bcf1c9dfbb7877fff0f094", "old_mode": 33188, "old_path": "arch/Kconfig", "new_id": "ee79ff56faab9e8505bf6647f35ce868af754f0f", "new_mode": 33188, "new_path": "arch/Kconfig" }, { "type": "modify", "old_id": "1a0be022f91d8d6d89bc154642e3bd29619e483c", "old_mode": 33188, "old_path": "arch/x86/Kconfig", "new_id": "662cb2cc9630cb65ace570f92804ef1978c98ac0", "new_mode": 33188, "new_path": "arch/x86/Kconfig" }, { "type": "modify", "old_id": "352e70cd33e80b99186e892b4080dfe481ad5dc4", "old_mode": 33188, "old_path": "arch/x86/entry/calling.h", "new_id": "20d0885b00fbec4c77dfee23c701ba0c3612890b", "new_mode": 33188, "new_path": "arch/x86/entry/calling.h" }, { "type": "modify", "old_id": "2767c625a52cf68891b9bbfa2af1fe9a0b3dfd00", "old_mode": 33188, "old_path": "arch/x86/entry/entry_32.S", "new_id": "dfb975b4c981f85724e304c8af6559490fbaac76", "new_mode": 33188, "new_path": "arch/x86/entry/entry_32.S" }, { "type": "modify", "old_id": "957dfb693eccd5152700ec87ab3811b8cfb93e56", "old_mode": 33188, "old_path": "arch/x86/entry/entry_64.S", "new_id": "a5dd2809302022385888847d6b7efda634bd4582", "new_mode": 33188, "new_path": "arch/x86/entry/entry_64.S" }, { "type": "modify", "old_id": "7d0df78db727296d1c4451e3a930033669f47aa3", "old_mode": 33188, "old_path": "arch/x86/entry/entry_64_compat.S", "new_id": "8eaf8952c408cd619124f9696b4888fae2f529ad", "new_mode": 33188, "new_path": "arch/x86/entry/entry_64_compat.S" }, { "type": "modify", "old_id": "977cb57d7bc9e7183e6ca628e4f75d236ddf3951", "old_mode": 33188, "old_path": "include/linux/sched.h", "new_id": "c1a23acd24e727254f317c4628d2270d0e4e8c78", "new_mode": 33188, "new_path": "include/linux/sched.h" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "628c2b947b8928ed7dc366ab3cef45f04dc5148f", "new_mode": 33188, "new_path": "include/linux/stackleak.h" }, { "type": "modify", "old_id": "7a63d567fdb571f357910a83cf3398df65876016", "old_mode": 33188, "old_path": "kernel/Makefile", "new_id": "7343b3a9bff07d0155fad5ba137daef6db39135f", "new_mode": 33188, "new_path": "kernel/Makefile" }, { "type": "modify", "old_id": "d896e9ca38b0cccc5de00a0564ecd22179fa2c06", "old_mode": 33188, "old_path": "kernel/fork.c", "new_id": "47911e49c2b1df9ec10ed7edbb8b241a6522fe91", "new_mode": 33188, "new_path": "kernel/fork.c" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "deba0d8992f96fc9b23ae4e4f18113c6fc7a412c", "new_mode": 33188, "new_path": "kernel/stackleak.c" }, { "type": "modify", "old_id": "cb0c889e13aa05818e222bbfd2cef9f082a29655", "old_mode": 33188, "old_path": "scripts/gcc-plugins/Kconfig", "new_id": "977b84e697871b4ec56b5a139cef0c31ce7b772e", "new_mode": 33188, "new_path": "scripts/gcc-plugins/Kconfig" } ] }