gcc-plugins: Add structleak for more stack initialization This plugin detects any structures that contain __user attributes and makes sure it is being fully initialized so that a specific class of information exposure is eliminated. (This plugin was originally designed to block the exposure of siginfo in CVE-2013-2141.) Ported from grsecurity/PaX. This version adds a verbose option to the plugin and the Kconfig. Signed-off-by: Kees Cook <keescook@chromium.org>

commit: c61f13eaa1ee17728c41370100d2d45c254ce76f [log] [tgz]
author: Kees Cook <keescook@chromium.org> Fri Jan 13 11:14:39 2017 -0800
committer: Kees Cook <keescook@chromium.org> Wed Jan 18 12:02:35 2017 -0800
tree: 63ae636a8d3bfc405b8a0a108ab17c24c5790fd8
parent: 8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 [diff]
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index cf0fa5d..91c30cb 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h

@@ -27,7 +27,11 @@
 extern void __chk_io_ptr(const volatile void __iomem *);
 # define ACCESS_PRIVATE(p, member) (*((typeof((p)->member) __force *) &(p)->member))
 #else /* __CHECKER__ */
-# define __user
+# ifdef STRUCTLEAK_PLUGIN
+#  define __user __attribute__((user))
+# else
+#  define __user
+# endif
 # define __kernel
 # define __safe
 # define __force
commit	c61f13eaa1ee17728c41370100d2d45c254ce76f	[log] [tgz]
author	Kees Cook <keescook@chromium.org>	Fri Jan 13 11:14:39 2017 -0800
committer	Kees Cook <keescook@chromium.org>	Wed Jan 18 12:02:35 2017 -0800
tree	63ae636a8d3bfc405b8a0a108ab17c24c5790fd8
parent	8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 [diff]