Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20160628170022.GH22554@ld-linux.so>
Date: Tue, 28 Jun 2016 19:00:22 +0200
From: Mathias Krause <minipli@...linux.so>
To: Emese Revfy <re.emese@...il.com>
Cc: kernel-hardening@...ts.openwall.com, pageexec@...email.hu,
	spender@...ecurity.net, mmarek@...e.com, keescook@...omium.org,
	linux-kernel@...r.kernel.org, yamada.masahiro@...ionext.com,
	linux-kbuild@...r.kernel.org, linux@...linux.org.uk,
	catalin.marinas@....com, linux@...musvillemoes.dk,
	david.brown@...aro.org, benh@...nel.crashing.org,
	tglx@...utronix.de, akpm@...ux-foundation.org,
	jlayton@...chiereds.net, arnd@...db.de
Subject: Re: [PATCH v1 0/2] Introduce the initify gcc plugin

Hi Emese,

On Tue, Jun 28, 2016 at 01:34:07PM +0200, Emese Revfy wrote:
> I would like to introduce the initify gcc plugin. The kernel already has
> a mechanism to free up code and data memory that is only used during kernel
> or module initialization.
> This plugin will teach the compiler to find more such code and data that
> can be freed after initialization. It reduces memory usage.
> The initify gcc plugin can be useful for embedded systems.
> 
> It is a CII project supported by the Linux Foundation.
> 
> This plugin is the part of grsecurity/PaX.
> 
> The plugin supports all gcc versions from 4.5 to 6.0.
> 
> I made some changes on top of the PaX version (since March 6.). These are
> the important ones:
>  * move all local strings to init.rodata.str and exit.rodata.str
>    (not just __func__)
>  * report all initified strings and functions
>    (GCC_PLUGIN_INITIFY_VERBOSE config option)
>  * automatically discover init/exit functions and apply the __init or
>    __exit attributes on them
> 
> You can find more about the changes here:
> https://github.com/ephox-gcc-plugins/initify
> 
> This patch set is based on the "Add support for complex gcc plugins that
> don't fit in a single file" patch set (git/kees/linux.git#kspp HEAD:
> e5d4798b284cd192c8b).
> 
> Some statistics about the plugin:
> 
> On allyes config (amd64, gcc-6):
> * 7731 initified strings
> *  231 initified functions
> 
> On allmod config (i386, gcc-6):
> * 8846 initified strings
> *  252 initified functions
> 
> On allyes config (amd64, gcc-6):
> 
> section         vanilla                 vanilla + initify        change
> -----------------------------------------------------------------------
> .rodata         39059688 (0x25400e8)    38527210 (0x24be0ea)    -532478
> .data           45744128 (0x2ba0000)    45404160 (0x2b4d000)    -339968
> .init.data       1361144  (0x14c4f8)     1674200  (0x198bd8)    +313056
> .text           77615128 (0x4a05018)    77576664 (0x49fb9d8)     -38464
> .init.text       1108455  (0x10e9e7)     1137618  (0x115bd2)     +29163

You should probably provide numbers for .init.rodata.str, .exit.rodata.str
and .exit.text as well. Otherwise this delta calculation suggests a rather
gigantic image size reduction which is probably not the case ;)

Also a comparison of the final kernel image size would be nice to see if
the string duplication issue mentioned in [1] is actually an issue.

  [1] http://marc.info/?l=linux-kernel&m=140364632417795&w=2


Thanks,
Mathias

> 
> 
> Emese Revfy (2):
>  Add the initify gcc plugin
>  Mark functions with the __nocapture attribute
> 
> ---
>  arch/Kconfig                         |   23 +
>  arch/arm/include/asm/string.h        |   10 +-
>  arch/arm64/include/asm/string.h      |   23 +-
>  arch/powerpc/include/asm/string.h    |   19 +-
>  arch/x86/boot/string.h               |    4 +-
>  arch/x86/include/asm/string_32.h     |   21 +-
>  arch/x86/include/asm/string_64.h     |   18 +-
>  arch/x86/kernel/hpet.c               |    2 +-
>  include/asm-generic/bug.h            |    6 +-
>  include/asm-generic/vmlinux.lds.h    |    2 +
>  include/linux/compiler-gcc.h         |   10 +-
>  include/linux/compiler.h             |    4 +
>  include/linux/fs.h                   |    5 +-
>  include/linux/printk.h               |    2 +-
>  include/linux/string.h               |   73 +--
>  scripts/Makefile.gcc-plugins         |    4 +
>  scripts/gcc-plugins/initify_plugin.c | 1147 ++++++++++++++++++++++++++++++++++
>  17 files changed, 1283 insertions(+), 90 deletions(-)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.