gcc-plugins: Add structleak for more stack initialization

This plugin detects any structures that contain __user attributes and makes sure it is being fully initialized so that a specific class of information exposure is eliminated. (This plugin was originally designed to block the exposure of siginfo in CVE-2013-2141.) Ported from grsecurity/PaX. This version adds a verbose option to the plugin and the Kconfig. Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2017-01-13 11:14:39 -0800
committer: Kees Cook <keescook@chromium.org> 2017-01-18 12:02:35 -0800
commit: c61f13eaa1ee17728c41370100d2d45c254ce76f (patch)
tree: 63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /include/linux/compiler.h
parent: gcc-plugins: add PASS_INFO and build_const_char_string() (diff)
download: linux-dev-c61f13eaa1ee17728c41370100d2d45c254ce76f.tar.xz
linux-dev-c61f13eaa1ee17728c41370100d2d45c254ce76f.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index cf0fa5d86059..91c30cba984e 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -27,7 +27,11 @@ extern void __chk_user_ptr(const volatile void __user *);
 extern void __chk_io_ptr(const volatile void __iomem *);
 # define ACCESS_PRIVATE(p, member) (*((typeof((p)->member) __force *) &(p)->member))
 #else /* __CHECKER__ */
-# define __user
+# ifdef STRUCTLEAK_PLUGIN
+#  define __user __attribute__((user))
+# else
+#  define __user
+# endif
 # define __kernel
 # define __safe
 # define __force
author	Kees Cook <keescook@chromium.org>	2017-01-13 11:14:39 -0800
committer	Kees Cook <keescook@chromium.org>	2017-01-18 12:02:35 -0800
commit	c61f13eaa1ee17728c41370100d2d45c254ce76f (patch)
tree	63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /include/linux/compiler.h
parent	gcc-plugins: add PASS_INFO and build_const_char_string() (diff)
download	linux-dev-c61f13eaa1ee17728c41370100d2d45c254ce76f.tar.xz linux-dev-c61f13eaa1ee17728c41370100d2d45c254ce76f.zip