| History log of /src/sys/conf/ssp.mk |
| Revision | | Date | Author | Comments |
| 1.5 |
| 08-Feb-2020 |
maxv | Retire KLEAK.
KLEAK was a nice feature and served its purpose; it allowed us to detect
dozens of info leaks on the kernel->userland boundary, and thanks to it we
tackled a good part of the infoleak problem 1.5 years ago.
Nowadays however, we have kMSan, which can detect uninitialized memory in
the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to
detect, but in addition, (1) it operates in all of the kernel and not just
the kernel->userland boundary, (2) it requires no user interaction, and (3)
it is deterministic and not statistical.
That makes kMSan the feature of choice to detect info leaks nowadays;
people interested in detecting info leaks should boot a kMSan kernel and
just wait for the magic to happen.
KLEAK was a good ride, and a fun project, but now is time for it to go.
Discussed with several people, including Thomas Barabosch.
|
| 1.4 |
| 23-Feb-2019 |
kamil | branches: 1.4.6;
Add KCOV - kernel code coverage tracing device
The KCOV driver implements collection of code coverage inside the kernel.
It can be enabled on a per process basis from userland, allowing the kernel
program counter to be collected during syscalls triggered by the same
process.
The device is oriented towards kernel fuzzers, in particular syzkaller.
Currently the only supported coverage type is -fsanitize-coverage=trace-pc.
The KCOV driver was initially developed in Linux. A driver based on the
same concept was then implemented in FreeBSD and OpenBSD.
Documentation is borrowed from OpenBSD and ATF tests from FreeBSD.
This patch has been prepared by Siddharth Muralee, improved by <maxv>
and polished by myself before importing into the mainline tree.
All ATF tests pass.
|
| 1.3 |
| 02-Dec-2018 |
maxv | Introduce KLEAK, a new feature that can detect kernel information leaks.
It works by tainting memory sources with marker values, letting the data
travel through the kernel, and scanning the kernel<->user frontier for
these marker values. Combined with compiler instrumentation and rotation
of the markers, it is able to yield relevant results with little effort.
We taint the pools and the stack, and scan copyout/copyoutstr. KLEAK is
supported on amd64 only for now, but it is not complicated to add more
architectures (just a matter of having the address of .text, and a stack
unwinder).
A userland tool is provided, that allows to execute a command in rounds
and monitor the leaks generated all the while.
KLEAK already detected directly 12 kernel info leaks, and prompted changes
that in total fixed 25+ leaks.
Based on an idea developed jointly with Thomas Barabosch (of Fraunhofer
FKIE).
|
| 1.2 |
| 08-Jan-2017 |
christos | branches: 1.2.14; 1.2.16; 1.2.18;
Move to ssp.c suggested by uebayasi@
|
| 1.1 |
| 06-Sep-2015 |
uebayasi | branches: 1.1.2; 1.1.4;
Clean up. Move SSP-specific adjustment out of Makefile.kern.inc.
|
| 1.1.4.1 |
| 20-Mar-2017 |
pgoyette | Sync with HEAD
|
| 1.1.2.3 |
| 05-Feb-2017 |
skrll | Sync with HEAD
|
| 1.1.2.2 |
| 22-Sep-2015 |
skrll | Sync with HEAD
|
| 1.1.2.1 |
| 06-Sep-2015 |
skrll | file ssp.mk was added on branch nick-nhusb on 2015-09-22 12:05:56 +0000
|
| 1.2.18.2 |
| 08-Apr-2020 |
martin | Merge changes from current as of 20200406
|
| 1.2.18.1 |
| 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.2.16.1 |
| 26-Dec-2018 |
pgoyette | Sync with HEAD, resolve a few conflicts
|
| 1.2.14.2 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.2.14.1 |
| 08-Jan-2017 |
jdolecek | file ssp.mk was added on branch tls-maxphys on 2017-12-03 11:36:57 +0000
|
| 1.4.6.1 |
| 29-Feb-2020 |
ad | Sync with head.
|
