Please sign in to comment.
stackleak: reintroduce checking of alloca() calls
This reintroduces the portion of the STACKLEAK GCC plugin that instruments the kernel code by inserting the stackleak_check_alloca() call before alloca(). The goal is to block kernel stack depth overflows caused by alloca() (e.g. Stack Clash). This feature was dropped on STACKLEAK's way to mainline but we are interested in it despite the VLA removal because: - it protects out-of-tree code; - it acts as a failsafe, for instance if VLAs are inadvertently reintroduced. The STACKLEAK feature was ported by Alexander Popov from grsecurity/PaX's code. More information at: https://grsecurity.net/ https://pax.grsecurity.net/ This code is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on our understanding of the code. Changes or omissions from the original code are ours and don't reflect the original grsecurity/PaX code. Change-Id: Iae2fa98ee442bc75731534fe21edc7de26bc00e0 Signed-off-by: Thibaut Sautereau <email@example.com>
- Loading branch information...
Showing with 102 additions and 11 deletions.