stackleak: add on/off stack variants · tjh.dev/kernel@8111e67

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

stackleak: add on/off stack variants

The stackleak_erase() code dynamically handles being on a task stack or
another stack. In most cases, this is a fixed property of the caller,
which the caller is aware of, as an architecture might always return
using the task stack, or might always return using a trampoline stack.

This patch adds stackleak_erase_on_task_stack() and
stackleak_erase_off_task_stack() functions which callers can use to
avoid on_thread_stack() check and associated redundant work when the
calling stack is known. The existing stackleak_erase() is retained as a
safe default.

There should be no functional change as a result of this patch.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Popov <alex.popov@linux.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220427173128.2603085-13-mark.rutland@arm.com

authored by

Mark Rutland and committed by

Kees Cook 3 years ago 8111e67d f171d695

+32 -3

1 changed file

expand all

kernel

stackleak.c

+32 -3

kernel/stackleak.c

··· 70 70 #define skip_erasing() false 71 71 #endif /* CONFIG_STACKLEAK_RUNTIME_DISABLE */ 72 72 73 - static __always_inline void __stackleak_erase(void) 73 + static __always_inline void __stackleak_erase(bool on_task_stack) 74 74 { 75 75 const unsigned long task_stack_low = stackleak_task_low_bound(current); 76 76 const unsigned long task_stack_high = stackleak_task_high_bound(current); ··· 96 96 * function has a fixed-size stack frame, and the current stack pointer 97 97 * doesn't change while we write poison. 98 98 */ 99 - if (on_thread_stack()) 99 + if (on_task_stack) 100 100 erase_high = current_stack_pointer; 101 101 else 102 102 erase_high = task_stack_high; ··· 110 110 current->lowest_stack = task_stack_high; 111 111 } 112 112 113 + /* 114 + * Erase and poison the portion of the task stack used since the last erase. 115 + * Can be called from the task stack or an entry stack when the task stack is 116 + * no longer in use. 117 + */ 113 118 asmlinkage void noinstr stackleak_erase(void) 114 119 { 115 120 if (skip_erasing()) 116 121 return; 117 122 118 - __stackleak_erase(); 123 + __stackleak_erase(on_thread_stack()); 124 + } 125 + 126 + /* 127 + * Erase and poison the portion of the task stack used since the last erase. 128 + * Can only be called from the task stack. 129 + */ 130 + asmlinkage void noinstr stackleak_erase_on_task_stack(void) 131 + { 132 + if (skip_erasing()) 133 + return; 134 + 135 + __stackleak_erase(true); 136 + } 137 + 138 + /* 139 + * Erase and poison the portion of the task stack used since the last erase. 140 + * Can only be called from a stack other than the task stack. 141 + */ 142 + asmlinkage void noinstr stackleak_erase_off_task_stack(void) 143 + { 144 + if (skip_erasing()) 145 + return; 146 + 147 + __stackleak_erase(false); 119 148 } 120 149 121 150 void __used __no_caller_saved_registers noinstr stackleak_track_stack(void)