stackleak: Allow runtime disabling of kernel stack erasing

Introduce CONFIG_STACKLEAK_RUNTIME_DISABLE option, which provides 'stack_erasing' sysctl. It can be used in runtime to control kernel stack erasing for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK. Suggested-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Alexander Popov <alex.popov@linux.com> Tested-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Alexander Popov <alex.popov@linux.com> 2018-08-16 18:17:03 -0400
committer: Kees Cook <keescook@chromium.org> 2018-09-04 13:35:48 -0400
commit: 964c9dff0091893a9a74a88edf984c6da0b779f7 (patch)
tree: 162d45af3ac44401db524294e67e396ddee476f4 /kernel/sysctl.c
parent: ed535a2dae1836d15c71e250475952881265d244 (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index cc02050fd0c4..3ae223f7b5df 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -91,7 +91,9 @@
 #ifdef CONFIG_CHR_DEV_SG
 #include <scsi/sg.h>
 #endif
+#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
+#include <linux/stackleak.h>
+#endif
 #ifdef CONFIG_LOCKUP_DETECTOR
 #include <linux/nmi.h>
 #endif
@@ -1233,6 +1235,17 @@ static struct ctl_table kern_table[] = {
                .extra2         = &one,
        },
 #endif
+#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
+        {
+                .procname       = "stack_erasing",
+                .data           = NULL,
+                .maxlen         = sizeof(int),
+                .mode           = 0600,
+                .proc_handler   = stack_erasing_sysctl,
+                .extra1         = &zero,
+                .extra2         = &one,
+        },
+#endif
        { }
 };
author	Alexander Popov <alex.popov@linux.com>	2018-08-16 18:17:03 -0400
committer	Kees Cook <keescook@chromium.org>	2018-09-04 13:35:48 -0400
commit	964c9dff0091893a9a74a88edf984c6da0b779f7 (patch)
tree	162d45af3ac44401db524294e67e396ddee476f4 /kernel/sysctl.c
parent	ed535a2dae1836d15c71e250475952881265d244 (diff)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c index cc02050fd0c4..3ae223f7b5df 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c
@@ -91,7 +91,9 @@
91	#ifdef CONFIG_CHR_DEV_SG	91	#ifdef CONFIG_CHR_DEV_SG
92	#include <scsi/sg.h>	92	#include <scsi/sg.h>
93	#endif	93	#endif
94		94	#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
		95	#include <linux/stackleak.h>
		96	#endif
95	#ifdef CONFIG_LOCKUP_DETECTOR	97	#ifdef CONFIG_LOCKUP_DETECTOR
96	#include <linux/nmi.h>	98	#include <linux/nmi.h>
97	#endif	99	#endif
@@ -1233,6 +1235,17 @@ static struct ctl_table kern_table[] = {
1233	.extra2 = &one,	1235	.extra2 = &one,
1234	},	1236	},
1235	#endif	1237	#endif
		1238	#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
		1239	{
		1240	.procname = "stack_erasing",
		1241	.data = NULL,
		1242	.maxlen = sizeof(int),
		1243	.mode = 0600,
		1244	.proc_handler = stack_erasing_sysctl,
		1245	.extra1 = &zero,
		1246	.extra2 = &one,
		1247	},
		1248	#endif
1236	{ }	1249	{ }
1237	};	1250	};
1238		1251