stackleak: Allow runtime disabling of kernel stack erasing

Introduce CONFIG_STACKLEAK_RUNTIME_DISABLE option, which provides 'stack_erasing' sysctl. It can be used in runtime to control kernel stack erasing for kernels built with CONFIG_GCC_PLUGIN_STACKLEAK. Suggested-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Alexander Popov <alex.popov@linux.com> Tested-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Alexander Popov <alex.popov@linux.com> 2018-08-17 01:17:03 +0300
committer: Kees Cook <keescook@chromium.org> 2018-09-04 10:35:48 -0700
commit: 964c9dff0091893a9a74a88edf984c6da0b779f7 (patch)
tree: 162d45af3ac44401db524294e67e396ddee476f4 /kernel/sysctl.c
parent: ed535a2dae1836d15c71e250475952881265d244 (diff)
download: linux-964c9dff0091893a9a74a88edf984c6da0b779f7.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index cc02050fd0c4..3ae223f7b5df 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -91,7 +91,9 @@
 #ifdef CONFIG_CHR_DEV_SG
 #include <scsi/sg.h>
 #endif
-
+#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
+#include <linux/stackleak.h>
+#endif
 #ifdef CONFIG_LOCKUP_DETECTOR
 #include <linux/nmi.h>
 #endif
@@ -1233,6 +1235,17 @@ static struct ctl_table kern_table[] = {
 		.extra2		= &one,
 	},
 #endif
+#ifdef CONFIG_STACKLEAK_RUNTIME_DISABLE
+	{
+		.procname	= "stack_erasing",
+		.data		= NULL,
+		.maxlen		= sizeof(int),
+		.mode		= 0600,
+		.proc_handler	= stack_erasing_sysctl,
+		.extra1		= &zero,
+		.extra2		= &one,
+	},
+#endif
 	{ }
 };
author	Alexander Popov <alex.popov@linux.com>	2018-08-17 01:17:03 +0300
committer	Kees Cook <keescook@chromium.org>	2018-09-04 10:35:48 -0700
commit	964c9dff0091893a9a74a88edf984c6da0b779f7 (patch)
tree	162d45af3ac44401db524294e67e396ddee476f4 /kernel/sysctl.c
parent	ed535a2dae1836d15c71e250475952881265d244 (diff)
download	linux-964c9dff0091893a9a74a88edf984c6da0b779f7.tar.gz