Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Retire KLEAK.
details: https://anonhg.NetBSD.org/src/rev/af8ec2153f7a
branches: trunk
changeset: 848743:af8ec2153f7a
user: maxv <maxv%NetBSD.org@localhost>
date: Sat Feb 08 07:07:06 2020 +0000
description:
Retire KLEAK.
KLEAK was a nice feature and served its purpose; it allowed us to detect
dozens of info leaks on the kernel->userland boundary, and thanks to it we
tackled a good part of the infoleak problem 1.5 years ago.
Nowadays however, we have kMSan, which can detect uninitialized memory in
the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to
detect, but in addition, (1) it operates in all of the kernel and not just
the kernel->userland boundary, (2) it requires no user interaction, and (3)
it is deterministic and not statistical.
That makes kMSan the feature of choice to detect info leaks nowadays;
people interested in detecting info leaks should boot a kMSan kernel and
just wait for the magic to happen.
KLEAK was a good ride, and a fun project, but now is time for it to go.
Discussed with several people, including Thomas Barabosch.
diffstat:
share/man/man4/options.4 | 10 +-
share/mk/bsd.sys.mk | 10 +-
sys/arch/amd64/conf/ALL | 8 +-
sys/arch/amd64/conf/GENERIC | 8 +-
sys/arch/amd64/include/kleak.h | 101 ---------
sys/arch/amd64/include/param.h | 5 +-
sys/conf/files | 3 +-
sys/conf/ssp.mk | 3 +-
sys/kern/files.kern | 3 +-
sys/kern/subr_kleak.c | 446 -----------------------------------------
sys/kern/subr_pool.c | 37 +---
sys/kern/sys_syscall.c | 5 +-
sys/sys/systm.h | 15 +-
sys/uvm/uvm_km.c | 5 +-
usr.sbin/kleak/Makefile | 14 -
usr.sbin/kleak/kleak.c | 344 -------------------------------
16 files changed, 19 insertions(+), 998 deletions(-)
diffs (truncated from 1297 to 300 lines):
diff -r e62d849d36e3 -r af8ec2153f7a share/man/man4/options.4
--- a/share/man/man4/options.4 Sat Feb 08 01:01:31 2020 +0000
+++ b/share/man/man4/options.4 Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: options.4,v 1.507 2019/08/20 14:03:55 gson Exp $
+.\" $NetBSD: options.4,v 1.508 2020/02/08 07:07:06 maxv Exp $
.\"
.\" Copyright (c) 1996
.\" Perry E. Metzger. All rights reserved.
@@ -30,7 +30,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\"
-.Dd August 20, 2019
+.Dd February 8, 2020
.Dt OPTIONS 4
.Os
.Sh NAME
@@ -2331,7 +2331,6 @@
.Xr sysctl 3 .
.It Cd options KASAN
Enables Kernel Address Sanitizer.
-Should not be used in conjunction with KLEAK.
.Em NOTE :
not available on all architectures.
.It Cd options KASLR
@@ -2339,11 +2338,6 @@
This randomizes the location of the kernel image in memory.
.Em NOTE :
not available on all architectures.
-.It Cd options KLEAK
-Enables the KLEAK feature, that allows to detect kernel information leaks.
-Should not be used in conjunction with KASAN.
-.Em NOTE :
-not available on all architectures.
.It Cd options SVS
Enables Separate Virtual Space.
On architectures that are designed to function with a shared address
diff -r e62d849d36e3 -r af8ec2153f7a share/mk/bsd.sys.mk
--- a/share/mk/bsd.sys.mk Sat Feb 08 01:01:31 2020 +0000
+++ b/share/mk/bsd.sys.mk Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.sys.mk,v 1.298 2019/12/20 04:04:25 christos Exp $
+# $NetBSD: bsd.sys.mk,v 1.299 2020/02/08 07:07:06 maxv Exp $
#
# Build definitions used for NetBSD source tree builds.
@@ -236,14 +236,6 @@
CFLAGS+= ${CPUFLAGS}
AFLAGS+= ${CPUFLAGS}
-.if ${KLEAK:U0} > 0
-KLEAKFLAGS= -fsanitize-coverage=trace-pc
-.for f in subr_kleak.c
-KLEAKFLAGS.${f}= # empty
-.endfor
-CFLAGS+= ${KLEAKFLAGS.${.IMPSRC:T}:U${KLEAKFLAGS}}
-.endif
-
.if ${KCOV:U0} > 0
KCOVFLAGS= -fsanitize-coverage=trace-pc
.for f in subr_kcov.c subr_lwp_specificdata.c subr_specificdata.c subr_asan.c \
diff -r e62d849d36e3 -r af8ec2153f7a sys/arch/amd64/conf/ALL
--- a/sys/arch/amd64/conf/ALL Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/arch/amd64/conf/ALL Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.144 2020/02/03 19:37:42 maya Exp $
+# $NetBSD: ALL,v 1.145 2020/02/08 07:07:06 maxv Exp $
# From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
#
# ALL machine description file
@@ -17,7 +17,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "ALL-$Revision: 1.144 $"
+#ident "ALL-$Revision: 1.145 $"
maxusers 64 # estimated number of users
@@ -133,10 +133,6 @@
options KASAN
#no options SVS
-# Kernel Info Leak Detector.
-#makeoptions KLEAK=1
-#options KLEAK
-
# Kernel Code Coverage Driver.
makeoptions KCOV=1
options KCOV
diff -r e62d849d36e3 -r af8ec2153f7a sys/arch/amd64/conf/GENERIC
--- a/sys/arch/amd64/conf/GENERIC Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/arch/amd64/conf/GENERIC Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.560 2020/01/25 18:38:34 thorpej Exp $
+# $NetBSD: GENERIC,v 1.561 2020/02/08 07:07:06 maxv Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.560 $"
+#ident "GENERIC-$Revision: 1.561 $"
maxusers 64 # estimated number of users
@@ -147,10 +147,6 @@
#options POOL_QUARANTINE # optional
#options KMSAN_PANIC # optional
-# Kernel Info Leak Detector.
-#makeoptions KLEAK=1
-#options KLEAK
-
# Kernel Code Coverage Driver.
#makeoptions KCOV=1
#options KCOV
diff -r e62d849d36e3 -r af8ec2153f7a sys/arch/amd64/include/kleak.h
--- a/sys/arch/amd64/include/kleak.h Sat Feb 08 01:01:31 2020 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,101 +0,0 @@
-/* $NetBSD: kleak.h,v 1.1 2018/12/02 21:00:13 maxv Exp $ */
-
-/*
- * Copyright (c) 2018 The NetBSD Foundation, Inc.
- * All rights reserved.
- *
- * This code is derived from software contributed to The NetBSD Foundation
- * by Maxime Villard.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <sys/ksyms.h>
-
-#include <amd64/pmap.h>
-#include <amd64/vmparam.h>
-
-static void
-kleak_md_init(uintptr_t *sva, uintptr_t *eva)
-{
- extern char __rodata_start;
- *sva = (uintptr_t)KERNTEXTOFF;
- *eva = (uintptr_t)&__rodata_start;
-}
-
-static inline bool
-__md_unwind_end(const char *name)
-{
- if (!strcmp(name, "syscall") ||
- !strcmp(name, "handle_syscall") ||
- !strncmp(name, "Xintr", 5) ||
- !strncmp(name, "Xhandle", 7) ||
- !strncmp(name, "Xresume", 7) ||
- !strncmp(name, "Xstray", 6) ||
- !strncmp(name, "Xhold", 5) ||
- !strncmp(name, "Xrecurse", 8) ||
- !strcmp(name, "Xdoreti") ||
- !strncmp(name, "Xsoft", 5)) {
- return true;
- }
-
- return false;
-}
-
-static void
-kleak_md_unwind(struct kleak_hit *hit)
-{
- uint64_t *rbp, rip;
- const char *mod;
- const char *sym;
- int error;
-
- rbp = (uint64_t *)__builtin_frame_address(0);
-
- hit->npc = 0;
-
- while (1) {
- /* 8(%rbp) contains the saved %rip. */
- rip = *(rbp + 1);
-
- if (rip < KERNBASE) {
- break;
- }
- error = ksyms_getname(&mod, &sym, (vaddr_t)rip, KSYMS_PROC);
- if (error) {
- break;
- }
- hit->pc[hit->npc++] = rip;
- if (__md_unwind_end(sym)) {
- break;
- }
-
- rbp = (uint64_t *)*(rbp);
- if (rbp == 0) {
- break;
- }
-
- if (hit->npc >= KLEAK_HIT_MAXPC) {
- break;
- }
- }
-}
diff -r e62d849d36e3 -r af8ec2153f7a sys/arch/amd64/include/param.h
--- a/sys/arch/amd64/include/param.h Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/arch/amd64/include/param.h Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: param.h,v 1.35 2020/01/22 16:52:46 ad Exp $ */
+/* $NetBSD: param.h,v 1.36 2020/02/08 07:07:07 maxv Exp $ */
#ifdef __x86_64__
@@ -11,7 +11,6 @@
#include <machine/cpu.h>
#if defined(_KERNEL_OPT)
#include "opt_kasan.h"
-#include "opt_kleak.h"
#include "opt_kmsan.h"
#endif
#endif
@@ -68,7 +67,7 @@
#define SSIZE 1 /* initial stack size/NBPG */
#define SINCR 1 /* increment of stack/NBPG */
-#if defined(KASAN) || defined(KLEAK) || defined(KMSAN)
+#if defined(KASAN) || defined(KMSAN)
#define UPAGES 8
#elif defined(DIAGNOSTIC)
#define UPAGES 5 /* pages of u-area (1 for redzone) */
diff -r e62d849d36e3 -r af8ec2153f7a sys/conf/files
--- a/sys/conf/files Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/conf/files Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files,v 1.1254 2020/01/20 22:18:39 pgoyette Exp $
+# $NetBSD: files,v 1.1255 2020/02/08 07:07:07 maxv Exp $
# @(#)files.newconf 7.5 (Berkeley) 5/10/93
version 20171118
@@ -35,7 +35,6 @@
defflag opt_kcsan.h KCSAN_PANIC
defflag KMSAN
defflag opt_kmsan.h KMSAN_PANIC
-defflag KLEAK
defflag KCOV
defflag opt_pool.h POOL_QUARANTINE
diff -r e62d849d36e3 -r af8ec2153f7a sys/conf/ssp.mk
--- a/sys/conf/ssp.mk Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/conf/ssp.mk Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: ssp.mk,v 1.4 2019/02/23 03:10:06 kamil Exp $
+# $NetBSD: ssp.mk,v 1.5 2020/02/08 07:07:07 maxv Exp $
.if ${USE_SSP:Uno} == "yes"
COPTS.kern_ssp.c+= -fno-stack-protector -D__SSP__
@@ -10,7 +10,6 @@
COPTS.cpu.c+= -fno-stack-protector
.endif
-COPTS.subr_kleak.c+= -fno-stack-protector
COPTS.subr_kcov.c+= -fno-stack-protector
# The following files use alloca(3) or variable array allocations.
diff -r e62d849d36e3 -r af8ec2153f7a sys/kern/files.kern
--- a/sys/kern/files.kern Sat Feb 08 01:01:31 2020 +0000
+++ b/sys/kern/files.kern Sat Feb 08 07:07:06 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: files.kern,v 1.42 2020/01/04 03:46:19 kamil Exp $
+# $NetBSD: files.kern,v 1.43 2020/02/08 07:07:07 maxv Exp $
#
# kernel sources
@@ -124,7 +124,6 @@
file kern/subr_iostat.c kern
file kern/subr_ipi.c kern
file kern/subr_kcpuset.c kern
-file kern/subr_kleak.c kleak
file kern/subr_kcov.c kcov
Home |
Main Index |
Thread Index |
Old Index