• Jinjie Ruan's avatar
    ARM: 9407/1: Add support for STACKLEAK gcc plugin · 2335c9cb
    Jinjie Ruan authored
    Add the STACKLEAK gcc plugin to arm32 by adding the helper used by
    stackleak common code: on_thread_stack(). It initialize the stack with the
    poison value before returning from system calls which improves the kernel
    security. Additionally, this disables the plugin in EFI stub code and
    decompress code, which are out of scope for the protection.
    
    Before the test on Qemu versatilepb board:
    	# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
    	lkdtm: Performing direct entry STACKLEAK_ERASING
    	lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n)
    
    After:
    	# echo STACKLEAK_ERASING  > /sys/kernel/debug/provoke-crash/DIRECT
    	lkdtm: Performing direct entry STACKLEAK_ERASING
    	lkdtm: stackleak stack usage:
    	  high offset: 80 bytes
    	  current:     280 bytes
    	  lowest:      696 bytes
    	  tracked:     696 bytes
    	  untracked:   192 bytes
    	  poisoned:    7220 bytes
    	  low offset:  4 bytes
    	lkdtm: OK: the rest of the thread stack is properly erased
    Signed-off-by: default avatarJinjie Ruan <ruanjinjie@huawei.com>
    Acked-by: default avatarArd Biesheuvel <ardb@kernel.org>
    Reviewed-by: default avatarLinus Walleij <linus.walleij@linaro.org>
    Signed-off-by: default avatarRussell King (Oracle) <rmk+kernel@armlinux.org.uk>
    2335c9cb
Makefile 6.56 KB