2d6bb6adb7
- Introduces the stackleak gcc plugin ported from grsecurity by Alexander Popov, with x86 and arm64 support. -----BEGIN PGP SIGNATURE----- Comment: Kees Cook <kees@outflux.net> iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAlvQvn4WHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJpSfD/sErFreuPT1beSw994Lr9Zx4k9v ERsuXxWBENaJOJXbOOHMfVEcEeG/1uhPSp7hlw/dpHfh0anATTrcYqm8RNKbfK+k o06+JK14OJfpm5Ghq/7OizhdNLCMT8wMU3XZtWfy65VSJGjEFx8Y48vMeQtpWtUK ylSzi9JV6j2iUBF9oibtiT53+yqsqAtX80X1G7HRCgv9kxuKMhZr+Q5oGV6+ViyQ Azj8mNn06iRnhHKd17WxDJr0GjSibzz4weS/9XgP3t3EcNWJo1EgBlD2KV3tOfP5 nzmqfqTqrcjxs/tyjdh6vVCSlYucNtyCQGn63qyShQYSg6mZwclR2fY8YSTw6PWw GfYWFOWru9z+qyQmwFkQ9bSQS2R+JIT0oBCj9VmtF9XmPCy7K2neJsQclzSPBiCW wPgXVQS4IA4684O5CmDOVMwmDpGvhdBNUR6cqSzGLxQOHY1csyXubMNUsqU3g9xk Ob4pEy/xrrIw4WpwHcLHSEW5gV1/OLhsT0fGRJJiC947L3cN5s9EZp7FLbIS0zlk qzaXUcLmn6AgcfkYwg5cI3RMLaN2V0eDCMVTWZJ1wbrmUV9chAaOnTPTjNqLOTht v3b1TTxXG4iCpMmOFf59F8pqgAwbBDlfyNSbySZ/Pq5QH69udz3Z9pIUlYQnSJHk u6q++2ReDpJXF81rBw== =Ks6B -----END PGP SIGNATURE----- Merge tag 'stackleak-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull stackleak gcc plugin from Kees Cook: "Please pull this new GCC plugin, stackleak, for v4.20-rc1. This plugin was ported from grsecurity by Alexander Popov. It provides efficient stack content poisoning at syscall exit. This creates a defense against at least two classes of flaws: - Uninitialized stack usage. (We continue to work on improving the compiler to do this in other ways: e.g. unconditional zero init was proposed to GCC and Clang, and more plugin work has started too). - Stack content exposure. By greatly reducing the lifetime of valid stack contents, exposures via either direct read bugs or unknown cache side-channels become much more difficult to exploit. This complements the existing buddy and heap poisoning options, but provides the coverage for stacks. The x86 hooks are included in this series (which have been reviewed by Ingo, Dave Hansen, and Thomas Gleixner). The arm64 hooks have already been merged through the arm64 tree (written by Laura Abbott and reviewed by Mark Rutland and Will Deacon). With VLAs having been removed this release, there is no need for alloca() protection, so it has been removed from the plugin" * tag 'stackleak-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: arm64: Drop unneeded stackleak_check_alloca() stackleak: Allow runtime disabling of kernel stack erasing doc: self-protection: Add information about STACKLEAK feature fs/proc: Show STACKLEAK metrics in the /proc file system lkdtm: Add a test for STACKLEAK gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
91 lines
2.7 KiB
C
91 lines
2.7 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef __LKDTM_H
|
|
#define __LKDTM_H
|
|
|
|
#define pr_fmt(fmt) "lkdtm: " fmt
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
/* lkdtm_bugs.c */
|
|
void __init lkdtm_bugs_init(int *recur_param);
|
|
void lkdtm_PANIC(void);
|
|
void lkdtm_BUG(void);
|
|
void lkdtm_WARNING(void);
|
|
void lkdtm_EXCEPTION(void);
|
|
void lkdtm_LOOP(void);
|
|
void lkdtm_OVERFLOW(void);
|
|
void lkdtm_CORRUPT_STACK(void);
|
|
void lkdtm_CORRUPT_STACK_STRONG(void);
|
|
void lkdtm_UNALIGNED_LOAD_STORE_WRITE(void);
|
|
void lkdtm_SOFTLOCKUP(void);
|
|
void lkdtm_HARDLOCKUP(void);
|
|
void lkdtm_SPINLOCKUP(void);
|
|
void lkdtm_HUNG_TASK(void);
|
|
void lkdtm_CORRUPT_LIST_ADD(void);
|
|
void lkdtm_CORRUPT_LIST_DEL(void);
|
|
void lkdtm_CORRUPT_USER_DS(void);
|
|
void lkdtm_STACK_GUARD_PAGE_LEADING(void);
|
|
void lkdtm_STACK_GUARD_PAGE_TRAILING(void);
|
|
|
|
/* lkdtm_heap.c */
|
|
void lkdtm_OVERWRITE_ALLOCATION(void);
|
|
void lkdtm_WRITE_AFTER_FREE(void);
|
|
void lkdtm_READ_AFTER_FREE(void);
|
|
void lkdtm_WRITE_BUDDY_AFTER_FREE(void);
|
|
void lkdtm_READ_BUDDY_AFTER_FREE(void);
|
|
|
|
/* lkdtm_perms.c */
|
|
void __init lkdtm_perms_init(void);
|
|
void lkdtm_WRITE_RO(void);
|
|
void lkdtm_WRITE_RO_AFTER_INIT(void);
|
|
void lkdtm_WRITE_KERN(void);
|
|
void lkdtm_EXEC_DATA(void);
|
|
void lkdtm_EXEC_STACK(void);
|
|
void lkdtm_EXEC_KMALLOC(void);
|
|
void lkdtm_EXEC_VMALLOC(void);
|
|
void lkdtm_EXEC_RODATA(void);
|
|
void lkdtm_EXEC_USERSPACE(void);
|
|
void lkdtm_ACCESS_USERSPACE(void);
|
|
|
|
/* lkdtm_refcount.c */
|
|
void lkdtm_REFCOUNT_INC_OVERFLOW(void);
|
|
void lkdtm_REFCOUNT_ADD_OVERFLOW(void);
|
|
void lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW(void);
|
|
void lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW(void);
|
|
void lkdtm_REFCOUNT_DEC_ZERO(void);
|
|
void lkdtm_REFCOUNT_DEC_NEGATIVE(void);
|
|
void lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE(void);
|
|
void lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE(void);
|
|
void lkdtm_REFCOUNT_INC_ZERO(void);
|
|
void lkdtm_REFCOUNT_ADD_ZERO(void);
|
|
void lkdtm_REFCOUNT_INC_SATURATED(void);
|
|
void lkdtm_REFCOUNT_DEC_SATURATED(void);
|
|
void lkdtm_REFCOUNT_ADD_SATURATED(void);
|
|
void lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED(void);
|
|
void lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED(void);
|
|
void lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED(void);
|
|
void lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED(void);
|
|
void lkdtm_REFCOUNT_TIMING(void);
|
|
void lkdtm_ATOMIC_TIMING(void);
|
|
|
|
/* lkdtm_rodata.c */
|
|
void lkdtm_rodata_do_nothing(void);
|
|
|
|
/* lkdtm_usercopy.c */
|
|
void __init lkdtm_usercopy_init(void);
|
|
void __exit lkdtm_usercopy_exit(void);
|
|
void lkdtm_USERCOPY_HEAP_SIZE_TO(void);
|
|
void lkdtm_USERCOPY_HEAP_SIZE_FROM(void);
|
|
void lkdtm_USERCOPY_HEAP_WHITELIST_TO(void);
|
|
void lkdtm_USERCOPY_HEAP_WHITELIST_FROM(void);
|
|
void lkdtm_USERCOPY_STACK_FRAME_TO(void);
|
|
void lkdtm_USERCOPY_STACK_FRAME_FROM(void);
|
|
void lkdtm_USERCOPY_STACK_BEYOND(void);
|
|
void lkdtm_USERCOPY_KERNEL(void);
|
|
void lkdtm_USERCOPY_KERNEL_DS(void);
|
|
|
|
/* lkdtm_stackleak.c */
|
|
void lkdtm_STACKLEAK_ERASING(void);
|
|
|
|
#endif
|