arm64: Add support for STACKLEAK gcc plugin

This adds support for the STACKLEAK gcc plugin to arm64 by implementing stackleak_check_alloca(), based heavily on the x86 version, and adding the two helpers used by the stackleak common code: current_top_of_stack() and on_thread_stack(). The stack erasure calls are made at syscall returns. Additionally, this disables the plugin in hypervisor and EFI stub code, which are out of scope for the protection. Acked-by: Alexander Popov <alex.popov@linux.com> Reviewed-by: Mark Rutland <mark.rutland@arm.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Will Deacon <will.deacon@arm.com>
author: Laura Abbott <labbott@redhat.com> 2018-07-20 14:41:54 -0700
committer: Will Deacon <will.deacon@arm.com> 2018-07-26 11:36:34 +0100
commit: 0b3e336601b82c6afa0e9cf21db9cb8793e25399 (patch)
tree: 1ea6cdfc5d69f4ad5ad0e60ced11decc74ed0360 /arch/arm64/kvm
parent: 8a1ccfbc9e0256baafbbce85ccdb72ec89af2aab (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile
index 4313f7475333..2fabc2dc1966 100644
--- a/arch/arm64/kvm/hyp/Makefile
+++ b/arch/arm64/kvm/hyp/Makefile
@@ -3,7 +3,8 @@
 # Makefile for Kernel-based Virtual Machine module, HYP part
 #
 
-ccflags-y += -fno-stack-protector -DDISABLE_BRANCH_PROFILING
+ccflags-y += -fno-stack-protector -DDISABLE_BRANCH_PROFILING \
+		$(DISABLE_STACKLEAK_PLUGIN)
 
 KVM=../../../../virt/kvm
author	Laura Abbott <labbott@redhat.com>	2018-07-20 14:41:54 -0700
committer	Will Deacon <will.deacon@arm.com>	2018-07-26 11:36:34 +0100
commit	0b3e336601b82c6afa0e9cf21db9cb8793e25399 (patch)
tree	1ea6cdfc5d69f4ad5ad0e60ced11decc74ed0360 /arch/arm64/kvm
parent	8a1ccfbc9e0256baafbbce85ccdb72ec89af2aab (diff)