In article <27289.1543846...@splode.eterna.com.au>, matthew green <m...@eterna.com.au> wrote: >"Maxime Villard" writes: >> Module Name: src >> Committed By: maxv >> Date: Sun Dec 2 21:00:13 UTC 2018 >> >> Modified Files: >> src/share/mk: bsd.sys.mk >> src/sys/arch/amd64/conf: GENERIC >> src/sys/arch/amd64/include: param.h >> src/sys/conf: files ssp.mk >> src/sys/kern: files.kern subr_pool.c sys_syscall.c >> src/sys/sys: systm.h >> src/sys/uvm: uvm_km.c >> Added Files: >> src/sys/arch/amd64/include: kleak.h >> src/sys/kern: subr_kleak.c >> src/usr.sbin/kleak: Makefile kleak.c >> >> Log Message: >> Introduce KLEAK, a new feature that can detect kernel information leaks. >> >> It works by tainting memory sources with marker values, letting the data >> travel through the kernel, and scanning the kernel<->user frontier for >> these marker values. Combined with compiler instrumentation and rotation >> of the markers, it is able to yield relevant results with little effort. >> >> We taint the pools and the stack, and scan copyout/copyoutstr. KLEAK is >> supported on amd64 only for now, but it is not complicated to add more >> architectures (just a matter of having the address of .text, and a stack >> unwinder). >> >> A userland tool is provided, that allows to execute a command in rounds >> and monitor the leaks generated all the while. >> >> KLEAK already detected directly 12 kernel info leaks, and prompted changes >> that in total fixed 25+ leaks. >> >> Based on an idea developed jointly with Thomas Barabosch (of Fraunhofer >> FKIE). > >extra thanks to Thomas and Max for this feature! > >this is great work.
Indeed, this is really nicely done! christos
