From: Linus Torvalds Date: Sat, 9 Mar 2019 17:06:15 +0000 (-0800) Subject: Merge tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=2bb995405fe52dd893db57456556e8dc4fce35a7;p=openwrt%2Fstaging%2Fblogic.git Merge tag 'gcc-plugins-v5.1-rc1' of git://git./linux/kernel/git/kees/linux Pull gcc-plugins updates from Kees Cook: "This adds additional type coverage to the existing structleak plugin and adds a large set of selftests to help evaluate stack variable zero-initialization coverage. That can be used to test whatever instrumentation might be performing zero-initialization: either with the structleak plugin or with Clang's coming "-ftrivial-auto-var-init=zero" option. Summary: - Add scalar and array initialization coverage - Refactor Kconfig to make options more clear - Add self-test module for testing automatic initialization" * tag 'gcc-plugins-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: lib: Introduce test_stackinit module gcc-plugins: structleak: Generalize to all variable types --- 2bb995405fe52dd893db57456556e8dc4fce35a7 diff --cc lib/Kconfig.debug index d765d36f8737,6f543a4bc704..e718487c97c3 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@@ -2015,7 -1999,18 +2015,17 @@@ config TEST_OBJAG Enable this option to test object aggregation manager on boot (or module load). - If unsure, say N. + config TEST_STACKINIT + tristate "Test level of stack variable initialization" + help + Test if the kernel is zero-initializing stack variables and + padding. Coverage is controlled by compiler flags, + CONFIG_GCC_PLUGIN_STRUCTLEAK, CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF, + or CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL. + + If unsure, say N. + endif # RUNTIME_TESTING_MENU config MEMTEST diff --cc lib/Makefile index c7ae0b3e4535,c81a66d4d00d..647517940b29 --- a/lib/Makefile +++ b/lib/Makefile @@@ -77,9 -76,8 +77,10 @@@ obj-$(CONFIG_TEST_KMOD) += test_kmod. obj-$(CONFIG_TEST_DEBUG_VIRTUAL) += test_debug_virtual.o obj-$(CONFIG_TEST_MEMCAT_P) += test_memcat_p.o obj-$(CONFIG_TEST_OBJAGG) += test_objagg.o + obj-$(CONFIG_TEST_STACKINIT) += test_stackinit.o +obj-$(CONFIG_TEST_LIVEPATCH) += livepatch/ + ifeq ($(CONFIG_DEBUG_KOBJECT),y) CFLAGS_kobject.o += -DDEBUG CFLAGS_kobject_uevent.o += -DDEBUG diff --cc scripts/gcc-plugins/Kconfig index d9fd9988ef27,d0cc92e48f6f..74271dba4f94 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig @@@ -67,13 -67,22 +67,18 @@@ config GCC_PLUGIN_LATENT_ENTROP * https://pax.grsecurity.net/ config GCC_PLUGIN_STRUCTLEAK - bool "Force initialization of variables containing userspace addresses" + bool "Zero initialize stack variables" - # Currently STRUCTLEAK inserts initialization out of live scope of - # variables from KASAN point of view. This leads to KASAN false - # positive reports. Prohibit this combination for now. - depends on !KASAN_EXTRA help - This plugin zero-initializes any structures containing a - __user attribute. This can prevent some classes of information - exposures. - - This plugin was ported from grsecurity/PaX. More information at: + While the kernel is built with warnings enabled for any missed + stack variable initializations, this warning is silenced for + anything passed by reference to another function, under the + occasionally misguided assumption that the function will do + the initialization. As this regularly leads to exploitable + flaws, this plugin is available to identify and zero-initialize + such variables, depending on the chosen level of coverage. + + This plugin was originally ported from grsecurity/PaX. More + information at: * https://grsecurity.net/ * https://pax.grsecurity.net/