Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull structleak fix from Kees Cook:
"Disable gcc-based stack variable auto-init under KASAN (Arnd
Bergmann).
This fixes a bunch of build warnings under KASAN and the
gcc-plugin-based stack auto-initialization features (which are
arguably redundant, so better to let KASAN control this)"
* tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
structleak: disable STRUCTLEAK_BYREF in combination with KASAN_STACK
+7
+7
security/Kconfig.hardening
+7
security/Kconfig.hardening
···
61
61
config GCC_PLUGIN_STRUCTLEAK_BYREF
62
62
bool "zero-init structs passed by reference (strong)"
63
63
depends on GCC_PLUGINS
64
+
depends on !(KASAN && KASAN_STACK=1)
64
65
select GCC_PLUGIN_STRUCTLEAK
65
66
help
66
67
Zero-initialize any structures on the stack that may
···
71
70
exposures, like CVE-2017-1000410:
72
71
https://git.kernel.org/linus/06e7e776ca4d3654
73
72
73
+
As a side-effect, this keeps a lot of variables on the
74
+
stack that can otherwise be optimized out, so combining
75
+
this with CONFIG_KASAN_STACK can lead to a stack overflow
76
+
and is disallowed.
77
+
74
78
config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
75
79
bool "zero-init anything passed by reference (very strong)"
76
80
depends on GCC_PLUGINS
81
+
depends on !(KASAN && KASAN_STACK=1)
77
82
select GCC_PLUGIN_STRUCTLEAK
78
83
help
79
84
Zero-initialize any stack variables that may be passed