stackleak: Allow runtime disabling of kernel stack erasing Introduce CONFIG_STACKLEAK_RUNTIME_DISABLE option, which provides 'stack_erasing' sysctl. It can be used in runtime to control kernel stack erasing for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK. Suggested-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Alexander Popov <alex.popov@linux.com> Tested-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org>

commit: 964c9dff0091893a9a74a88edf984c6da0b779f7 [log] [tgz]
author: Alexander Popov <alex.popov@linux.com> Fri Aug 17 01:17:03 2018 +0300
committer: Kees Cook <keescook@chromium.org> Tue Sep 04 10:35:48 2018 -0700
tree: 162d45af3ac44401db524294e67e396ddee476f4
parent: ed535a2dae1836d15c71e250475952881265d244 [diff] [blame]
diff --git a/include/linux/stackleak.h b/include/linux/stackleak.h
index b911b97..3d5c327 100644
--- a/include/linux/stackleak.h
+++ b/include/linux/stackleak.h

@@ -22,6 +22,12 @@ static inline void stackleak_task_init(struct task_struct *t)
 	t->prev_lowest_stack = t->lowest_stack;
 # endif
 }
+
+#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
+int stack_erasing_sysctl(struct ctl_table *table, int write,
+			void __user *buffer, size_t *lenp, loff_t *ppos);
+#endif
+
 #else /* !CONFIG_GCC_PLUGIN_STACKLEAK */
 static inline void stackleak_task_init(struct task_struct *t) { }
 #endif
commit	964c9dff0091893a9a74a88edf984c6da0b779f7	[log] [tgz]
author	Alexander Popov <alex.popov@linux.com>	Fri Aug 17 01:17:03 2018 +0300
committer	Kees Cook <keescook@chromium.org>	Tue Sep 04 10:35:48 2018 -0700
tree	162d45af3ac44401db524294e67e396ddee476f4
parent	ed535a2dae1836d15c71e250475952881265d244 [diff] [blame]