git.kernel.dk Git - linux-block.git/commit - scripts/Makefile.gcc-plugins

author	Alexander Popov <alex.popov@linux.com>
	Thu, 16 Aug 2018 22:16:59 +0000 (01:16 +0300)
committer	Kees Cook <keescook@chromium.org>
	Tue, 4 Sep 2018 17:35:47 +0000 (10:35 -0700)
commit	10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d
tree	910b011e7c95ba67dba361b876f79328151f202f	tree \| snapshot
parent	afaef01c001537fa97a25092d7f54d764dc7d8c1	commit \| diff

gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack

The STACKLEAK feature erases the kernel stack before returning from
syscalls. That reduces the information which kernel stack leak bugs can
reveal and blocks some uninitialized stack variable attacks.

This commit introduces the STACKLEAK gcc plugin. It is needed for
tracking the lowest border of the kernel stack, which is important
for the code erasing the used part of the kernel stack at the end
of syscalls (comes in a separate commit).

The STACKLEAK feature is ported from grsecurity/PaX. More information at:
https://grsecurity.net/
https://pax.grsecurity.net/

This code is modified from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on our understanding of the code.
Changes or omissions from the original code are ours and don't reflect
the original grsecurity/PaX code.

Signed-off-by: Alexander Popov <alex.popov@linux.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>

kernel/stackleak.c		diff \| blob \| blame \| history
scripts/Makefile.gcc-plugins		diff \| blob \| blame \| history
scripts/gcc-plugins/Kconfig		diff \| blob \| blame \| history
scripts/gcc-plugins/stackleak_plugin.c	[new file with mode: 0644]	blob