www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Jinjie Ruan <ruanjinjie@huawei.com>
	Thu, 27 Jun 2024 07:38:44 +0000 (08:38 +0100)
committer	Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
	Tue, 2 Jul 2024 08:18:43 +0000 (09:18 +0100)
commit	2335c9cb831faba1a4efcc612886073b6f175fe4
tree	62686beaccac30cdba1a08cb6251107432eb3a4e	tree
parent	ed0f941022515ff40473ea5335769a5dc2524a3f	commit \| diff

ARM: 9407/1: Add support for STACKLEAK gcc plugin

Add the STACKLEAK gcc plugin to arm32 by adding the helper used by
stackleak common code: on_thread_stack(). It initialize the stack with the
poison value before returning from system calls which improves the kernel
security. Additionally, this disables the plugin in EFI stub code and
decompress code, which are out of scope for the protection.

Before the test on Qemu versatilepb board:
# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
lkdtm: Performing direct entry STACKLEAK_ERASING
lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)

After:
# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
lkdtm: Performing direct entry STACKLEAK_ERASING
lkdtm: stackleak stack usage:
  high offset: 80 bytes
  current:     280 bytes
  lowest:      696 bytes
  tracked:     696 bytes
  untracked:   192 bytes
  poisoned:    7220 bytes
  low offset:  4 bytes
lkdtm: OK: the rest of the thread stack is properly erased

Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>

arch/arm/Kconfig		diff \| blob \| history
arch/arm/boot/compressed/Makefile		diff \| blob \| history
arch/arm/include/asm/stacktrace.h		diff \| blob \| history
arch/arm/kernel/entry-common.S		diff \| blob \| history
drivers/firmware/efi/libstub/Makefile		diff \| blob \| history