Re: [kernel-hardening] [PATCH v5 1/4] gcc-plugins: Add the initify gcc plugin

From: Andrew Donnellan
Date: Mon Mar 27 2017 - 05:30:15 EST

Next message: Borislav Petkov: "[PATCH 0/6] x86/RAS: Correctable Errors Collector"
Previous message: kbuild test robot: "Re: [PATCH] trace: Make trace_hwlat timestamp y2038 safe"
Next in thread: Kees Cook: "Re: [kernel-hardening] [PATCH v5 1/4] gcc-plugins: Add the initify gcc plugin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/02/17 07:24, Kees Cook wrote:

From: Emese Revfy <re.emese@xxxxxxxxx>

The kernel already has a mechanism to free up code and data memory that
is only used during kernel or module initialization. This plugin will
teach the compiler to find more such code and data that can be freed
after initialization.

Currently checking whether we can wire this up for powerpc without too many problems...

diff --git a/arch/x86/lib/Makefile b/arch/x86/lib/Makefile
index 34a74131a12c..b98b8fdb7aaf 100644
--- a/arch/x86/lib/Makefile
+++ b/arch/x86/lib/Makefile
@@ -29,6 +29,10 @@ lib-$(CONFIG_RANDOMIZE_BASE) += kaslr.o
obj-y += msr.o msr-reg.o msr-reg-export.o hweight.o

ifeq ($(CONFIG_X86_32),y)
+ CFLAGS_strstr_32.o += $(INITIFY_DISABLE_VERIFIY_NOCAPTURE_FUNCTIONS)
+ CFLAGS_string_32.o += $(INITIFY_DISABLE_VERIFIY_NOCAPTURE_FUNCTIONS)
+ CFLAGS_memcpy_32.o += $(INITIFY_DISABLE_VERIFIY_NOCAPTURE_FUNCTIONS)

s/VERIFIY/VERIFY/g here + Makefile.gcc-plugins?

--
Andrew Donnellan OzLabs, ADL Canberra
andrew.donnellan@xxxxxxxxxxx IBM Australia Limited

Next message: Borislav Petkov: "[PATCH 0/6] x86/RAS: Correctable Errors Collector"
Previous message: kbuild test robot: "Re: [PATCH] trace: Make trace_hwlat timestamp y2038 safe"
Next in thread: Kees Cook: "Re: [kernel-hardening] [PATCH v5 1/4] gcc-plugins: Add the initify gcc plugin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]