Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - G index

CONFIG_GCC_PLUGIN_STACKLEAK: Poison kernel stack before returning from syscalls

General informations

The Linux kernel configuration item CONFIG_GCC_PLUGIN_STACKLEAK:

Help text

This option makes the kernel erase the kernel stack before returning from system calls. This has the effect of leaving the stack initialized to the poison value, which both reduces the lifetime of any sensitive stack contents and reduces potential for uninitialized stack variable exploits or information exposures (it does not cover functions reaching the same stack depth as prior functions during the same syscall). This blocks most uninitialized stack variable attacks, with the performance impact being driven by the depth of the stack usage, rather than the function calling complexity.

The performance impact on a single CPU system kernel compilation sees a 1% slowdown, other systems and workloads may vary and you are advised to test this feature on your expected workload before deploying it.

This plugin was ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/

Hardware

LKDDb

Raw data from LKDDb:

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - G index

Automatically generated (in year 2019). See also LKDDb sources on GitLab