In this patch series I collected various improvements of the stackleak gcc plugin. The first patch excludes alloca() from the stackleak instrumentation logic to make it simpler. The second patch is the main improvement. It eliminates an unwanted side-effect of kernel code instrumentation. This patch is a deep reengineering of the idea described on grsecurity blog: https://grsecurity.net/resolving_an_unfortunate_stackleak_interaction The third patch adds 'verbose' plugin parameter for printing additional info about the kernel code instrumentation. Two other patches disable unneeded stackleak instrumentation for some files. I would like to thank Alexander Monakov <amonakov@xxxxxxxxx> for his advisory on gcc internals. This patch series was tested for gcc version 4.8, 5, 6, 7, 8, 9, and 10 on x86_64, i386 and arm64. That was done using the project 'kernel-build-containers': https://github.com/a13xp0p0v/kernel-build-containers Alexander Popov (5): gcc-plugins/stackleak: Exclude alloca() from the instrumentation logic gcc-plugins/stackleak: Use asm instrumentation to avoid useless register saving gcc-plugins/stackleak: Add 'verbose' plugin parameter gcc-plugins/stackleak: Don't instrument itself gcc-plugins/stackleak: Don't instrument vgettimeofday.c in arm64 VDSO arch/arm64/kernel/vdso/Makefile | 3 +- include/linux/compiler_attributes.h | 13 ++ kernel/Makefile | 1 + kernel/stackleak.c | 16 +- scripts/Makefile.gcc-plugins | 2 + scripts/gcc-plugins/stackleak_plugin.c | 260 ++++++++++++++++++++----- 6 files changed, 232 insertions(+), 63 deletions(-) -- 2.25.2
