2335c9cb83
Add the STACKLEAK gcc plugin to arm32 by adding the helper used by stackleak common code: on_thread_stack(). It initialize the stack with the poison value before returning from system calls which improves the kernel security. Additionally, this disables the plugin in EFI stub code and decompress code, which are out of scope for the protection. Before the test on Qemu versatilepb board: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n) After: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: stackleak stack usage: high offset: 80 bytes current: 280 bytes lowest: 696 bytes tracked: 696 bytes untracked: 192 bytes poisoned: 7220 bytes low offset: 4 bytes lkdtm: OK: the rest of the thread stack is properly erased Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| ashldi3.S | ||
| atags_to_fdt.c | ||
| big-endian.S | ||
| bswapsdi2.S | ||
| debug.S | ||
| decompress.c | ||
| efi-header.S | ||
| fdt_check_mem_start.c | ||
| fdt_ro.c | ||
| fdt_rw.c | ||
| fdt_wip.c | ||
| fdt.c | ||
| font.c | ||
| head-sa1100.S | ||
| head-sharpsl.S | ||
| head-xscale.S | ||
| head.S | ||
| hyp-stub.S | ||
| lib1funcs.S | ||
| ll_char_wr.S | ||
| Makefile | ||
| misc-ep93xx.h | ||
| misc.c | ||
| misc.h | ||
| piggy.S | ||
| string.c | ||
| vmlinux.lds.S | ||