gcc-plugins: Add structleak for more stack initialization

This plugin detects any structures that contain __user attributes and makes sure it is being fully initialized so that a specific class of information exposure is eliminated. (This plugin was originally designed to block the exposure of siginfo in CVE-2013-2141.) Ported from grsecurity/PaX. This version adds a verbose option to the plugin and the Kconfig. Signed-off-by: Kees Cook <keescook@chromium.org>
author: Kees Cook <keescook@chromium.org> 2017-01-13 14:14:39 -0500
committer: Kees Cook <keescook@chromium.org> 2017-01-18 15:02:35 -0500
commit: c61f13eaa1ee17728c41370100d2d45c254ce76f (patch)
tree: 63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /scripts/Makefile.gcc-plugins
parent: 8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
index 060d2cb373db..a084f7a511d8 100644
--- a/scripts/Makefile.gcc-plugins
+++ b/scripts/Makefile.gcc-plugins
@@ -25,6 +25,10 @@ ifdef CONFIG_GCC_PLUGINS
    endif
  endif
+  gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK)    += structleak_plugin.so
+  gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE)     += -fplugin-arg-structleak_plugin-verbose
+  gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK)     += -DSTRUCTLEAK_PLUGIN
  GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
  export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR
author	Kees Cook <keescook@chromium.org>	2017-01-13 14:14:39 -0500
committer	Kees Cook <keescook@chromium.org>	2017-01-18 15:02:35 -0500
commit	c61f13eaa1ee17728c41370100d2d45c254ce76f (patch)
tree	63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /scripts/Makefile.gcc-plugins
parent	8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 (diff)

diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index 060d2cb373db..a084f7a511d8 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins
@@ -25,6 +25,10 @@ ifdef CONFIG_GCC_PLUGINS
25	endif	25	endif
26	endif	26	endif
27		27
		28	gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so
		29	gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) += -fplugin-arg-structleak_plugin-verbose
		30	gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN
		31
28	GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))	32	GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
29		33
30	export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR	34	export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR