Commit 57fbad15 authored by Kees Cook's avatar Kees Cook
Browse files

stackleak: Rename STACKLEAK to KSTACK_ERASE 



In preparation for adding Clang sanitizer coverage stack depth tracking
that can support stack depth callbacks:

- Add the new top-level CONFIG_KSTACK_ERASE option which will be
  implemented either with the stackleak GCC plugin, or with the Clang
  stack depth callback support.
- Rename CONFIG_GCC_PLUGIN_STACKLEAK as needed to CONFIG_KSTACK_ERASE,
  but keep it for anything specific to the GCC plugin itself.
- Rename all exposed "STACKLEAK" names and files to "KSTACK_ERASE" (named
  for what it does rather than what it protects against), but leave as
  many of the internals alone as possible to avoid even more churn.

While here, also split "prev_lowest_stack" into CONFIG_KSTACK_ERASE_METRICS,
since that's the only place it is referenced from.

Suggested-by: default avatarIngo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/20250717232519.2984886-1-kees@kernel.org


Signed-off-by: default avatarKees Cook <kees@kernel.org>
parent fc078392

Documentation/admin-guide/sysctl/kernel.rst

+2 −2
Original line number Diff line number Diff line
@@ -1465,7 +1465,7 @@ stack_erasing 
=============



This parameter can be used to control kernel stack erasing at the end

of syscalls for kernels built with ``CONFIG_GCC_PLUGIN_STACKLEAK``.

of syscalls for kernels built with ``CONFIG_KSTACK_ERASE``.



That erasing reduces the information which kernel stack leak bugs

can reveal and blocks some uninitialized stack variable attacks.
@@ -1473,7 +1473,7 @@ The tradeoff is the performance impact: on a single CPU system kernel 
compilation sees a 1% slowdown, other systems and workloads may vary.



= ====================================================================

0 Kernel stack erasing is disabled, STACKLEAK_METRICS are not updated.

0 Kernel stack erasing is disabled, KSTACK_ERASE_METRICS are not updated.

1 Kernel stack erasing is enabled (default), it is performed before

  returning to the userspace at the end of syscalls.

= ====================================================================

Documentation/arch/x86/x86_64/mm.rst

+1 −1
Original line number Diff line number Diff line
@@ -176,5 +176,5 @@ Be very careful vs. KASLR when changing anything here. The KASLR address 
range must not overlap with anything except the KASAN shadow area, which is

correct as KASAN disables KASLR.



For both 4- and 5-level layouts, the STACKLEAK_POISON value in the last 2MB

For both 4- and 5-level layouts, the KSTACK_ERASE_POISON value in the last 2MB

hole: ffffffffffff4111

Documentation/security/self-protection.rst

+1 −1
Original line number Diff line number Diff line
@@ -303,7 +303,7 @@ Memory poisoning 


When releasing memory, it is best to poison the contents, to avoid reuse

attacks that rely on the old contents of memory. E.g., clear stack on a

syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a

syscall return (``CONFIG_KSTACK_ERASE``), wipe heap memory on a

free. This frustrates many uninitialized variable attacks, stack content

exposures, heap content exposures, and use-after-free attacks.

Documentation/translations/zh_CN/security/self-protection.rst

+1 −1
Original line number Diff line number Diff line
@@ -259,7 +259,7 @@ KALLSYSM,则会直接打印原始地址。 
--------



在释放内存时,最好对内存内容进行清除处理,以防止攻击者重用内存中以前

的内容。例如,在系统调用返回时清除堆栈(CONFIG_GCC_PLUGIN_STACKLEAK),

的内容。例如,在系统调用返回时清除堆栈(CONFIG_KSTACK_ERASE),

在释放堆内容是清除其内容。这有助于防止许多未初始化变量攻击、堆栈内容

泄露、堆内容泄露以及使用后释放攻击(user-after-free)。

MAINTAINERS

+2 −2
Original line number Diff line number Diff line
@@ -9992,8 +9992,6 @@ L: linux-hardening@vger.kernel.org 
S:	Maintained

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/kbuild/gcc-plugins.rst

F:	include/linux/stackleak.h

F:	kernel/stackleak.c

F:	scripts/Makefile.gcc-plugins

F:	scripts/gcc-plugins/








@@ -13087,10 +13085,12 @@ T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/har







F:	Documentation/ABI/testing/sysfs-kernel-oops_count









F:	Documentation/ABI/testing/sysfs-kernel-warn_count









F:	arch/*/configs/hardening.config









F:	include/linux/kstack_erase.h









F:	include/linux/overflow.h









F:	include/linux/randomize_kstack.h









F:	include/linux/ucopysize.h









F:	kernel/configs/hardening.config









F:	kernel/kstack_erase.c









F:	lib/tests/randstruct_kunit.c









F:	lib/tests/usercopy_kunit.c









F:	mm/usercopy.c