[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20190213170345.656c3030@canb.auug.org.au>
Date: Wed, 13 Feb 2019 17:03:45 +1100
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: Andrew Morton <akpm@...ux-foundation.org>,
Kees Cook <keescook@...gle.com>
Cc: Linux Next Mailing List <linux-next@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Andrey Ryabinin <aryabinin@...tuozzo.com>
Subject: linux-next: manual merge of the akpm-current tree with the kspp
tree
Hi Andrew,
Today's linux-next merge of the akpm-current tree got a conflict in:
scripts/gcc-plugins/Kconfig
between commit:
9219e54be983 ("gcc-plugins: structleak: Generalize to all variable types")
from the kspp tree and commit:
7fabedf42152 ("kasan: remove use after scope bugs detection.")
from the akpm-current tree.
I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging. You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.
--
Cheers,
Stephen Rothwell
diff --cc scripts/gcc-plugins/Kconfig
index d0cc92e48f6f,d9fd9988ef27..000000000000
--- a/scripts/gcc-plugins/Kconfig
+++ b/scripts/gcc-plugins/Kconfig
@@@ -67,22 -67,13 +67,18 @@@ config GCC_PLUGIN_LATENT_ENTROP
* https://pax.grsecurity.net/
config GCC_PLUGIN_STRUCTLEAK
- bool "Force initialization of variables containing userspace addresses"
+ bool "Zero initialize stack variables"
- # Currently STRUCTLEAK inserts initialization out of live scope of
- # variables from KASAN point of view. This leads to KASAN false
- # positive reports. Prohibit this combination for now.
- depends on !KASAN_EXTRA
help
- This plugin zero-initializes any structures containing a
- __user attribute. This can prevent some classes of information
- exposures.
-
- This plugin was ported from grsecurity/PaX. More information at:
+ While the kernel is built with warnings enabled for any missed
+ stack variable initializations, this warning is silenced for
+ anything passed by reference to another function, under the
+ occasionally misguided assumption that the function will do
+ the initialization. As this regularly leads to exploitable
+ flaws, this plugin is available to identify and zero-initialize
+ such variables, depending on the chosen level of coverage.
+
+ This plugin was originally ported from grsecurity/PaX. More
+ information at:
* https://grsecurity.net/
* https://pax.grsecurity.net/
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists