Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
kstack_erase: Support Clang stack depth tracking
Wire up CONFIG_KSTACK_ERASE to Clang 21's new stack depth tracking
callback[1] option.
Link: https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-stack-depth [1]
Acked-by: Nicolas Schier <n.schier@avm.de>
Link: https://lore.kernel.org/r/20250724055029.3623499-4-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
+10
-1
+6
scripts/Makefile.kstack_erase
+6
scripts/Makefile.kstack_erase
···
8
8
DISABLE_KSTACK_ERASE := -fplugin-arg-stackleak_plugin-disable
9
9
endif
10
10
11
+
ifdef CONFIG_CC_IS_CLANG
12
+
kstack-erase-cflags-y += -fsanitize-coverage=stack-depth
13
+
kstack-erase-cflags-y += -fsanitize-coverage-stack-depth-callback-min=$(CONFIG_KSTACK_ERASE_TRACK_MIN_SIZE)
14
+
DISABLE_KSTACK_ERASE := -fno-sanitize-coverage=stack-depth
15
+
endif
16
+
11
17
KSTACK_ERASE_CFLAGS := $(kstack-erase-cflags-y)
12
18
13
19
export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE
+4
-1
security/Kconfig.hardening
+4
-1
security/Kconfig.hardening
···
82
82
83
83
endchoice
84
84
85
+
config CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
86
+
def_bool $(cc-option,-fsanitize-coverage-stack-depth-callback-min=1)
87
+
85
88
config KSTACK_ERASE
86
89
bool "Poison kernel stack before returning from syscalls"
87
90
depends on HAVE_ARCH_KSTACK_ERASE
88
-
depends on GCC_PLUGINS
91
+
depends on GCC_PLUGINS || CC_HAS_SANCOV_STACK_DEPTH_CALLBACK
89
92
help
90
93
This option makes the kernel erase the kernel stack before
91
94
returning from system calls. This has the effect of leaving