diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-21 19:32:04 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-21 19:32:04 -0700 |
| commit | 2142b7f0c6bbe1f9515ce3383de9f7a32a5a025b (patch) | |
| tree | e1c28d1fc2cf8a905254b6f4475a4e65dfddce82 /scripts/gcc-plugins | |
| parent | Merge tag 'pstore-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (diff) | |
| parent | arm64: Add gcc Shadow Call Stack support (diff) | |
| download | wireguard-linux-2142b7f0c6bbe1f9515ce3383de9f7a32a5a025b.tar.xz wireguard-linux-2142b7f0c6bbe1f9515ce3383de9f7a32a5a025b.zip | |
Merge tag 'hardening-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull kernel hardening updates from Kees Cook:
- Add arm64 Shadow Call Stack support for GCC 12 (Dan Li)
- Avoid memset with stack offset randomization under Clang (Marco
Elver)
- Clean up stackleak plugin to play nice with .noinstr (Kees Cook)
- Check stack depth for greater usercopy hardening coverage (Kees Cook)
* tag 'hardening-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
arm64: Add gcc Shadow Call Stack support
m68k: Implement "current_stack_pointer"
xtensa: Implement "current_stack_pointer"
usercopy: Check valid lifetime via stack depth
stack: Constrain and fix stack offset randomization with Clang builds
stack: Introduce CONFIG_RANDOMIZE_KSTACK_OFFSET
gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
gcc-plugins/stackleak: Exactly match strings instead of prefixes
gcc-plugins/stackleak: Provide verbose mode
Diffstat (limited to 'scripts/gcc-plugins')
| -rw-r--r-- | scripts/gcc-plugins/stackleak_plugin.c | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/scripts/gcc-plugins/stackleak_plugin.c b/scripts/gcc-plugins/stackleak_plugin.c index e9db7dcb3e5f..42f0252ee2a4 100644 --- a/scripts/gcc-plugins/stackleak_plugin.c +++ b/scripts/gcc-plugins/stackleak_plugin.c @@ -429,6 +429,23 @@ static unsigned int stackleak_cleanup_execute(void) return 0; } +/* + * STRING_CST may or may not be NUL terminated: + * https://gcc.gnu.org/onlinedocs/gccint/Constant-expressions.html + */ +static inline bool string_equal(tree node, const char *string, int length) +{ + if (TREE_STRING_LENGTH(node) < length) + return false; + if (TREE_STRING_LENGTH(node) > length + 1) + return false; + if (TREE_STRING_LENGTH(node) == length + 1 && + TREE_STRING_POINTER(node)[length] != '\0') + return false; + return !memcmp(TREE_STRING_POINTER(node), string, length); +} +#define STRING_EQUAL(node, str) string_equal(node, str, strlen(str)) + static bool stackleak_gate(void) { tree section; @@ -438,13 +455,17 @@ static bool stackleak_gate(void) if (section && TREE_VALUE(section)) { section = TREE_VALUE(TREE_VALUE(section)); - if (!strncmp(TREE_STRING_POINTER(section), ".init.text", 10)) + if (STRING_EQUAL(section, ".init.text")) + return false; + if (STRING_EQUAL(section, ".devinit.text")) + return false; + if (STRING_EQUAL(section, ".cpuinit.text")) return false; - if (!strncmp(TREE_STRING_POINTER(section), ".devinit.text", 13)) + if (STRING_EQUAL(section, ".meminit.text")) return false; - if (!strncmp(TREE_STRING_POINTER(section), ".cpuinit.text", 13)) + if (STRING_EQUAL(section, ".noinstr.text")) return false; - if (!strncmp(TREE_STRING_POINTER(section), ".meminit.text", 13)) + if (STRING_EQUAL(section, ".entry.text")) return false; } |