summaryrefslogtreecommitdiffstats
path: root/scripts/Makefile.gcc-plugins
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-01-13 11:14:39 -0800
committerKees Cook <keescook@chromium.org>2017-01-18 12:02:35 -0800
commitc61f13eaa1ee17728c41370100d2d45c254ce76f (patch)
tree63ae636a8d3bfc405b8a0a108ab17c24c5790fd8 /scripts/Makefile.gcc-plugins
parent8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90 (diff)
downloadlinux-c61f13eaa1ee17728c41370100d2d45c254ce76f.tar.bz2
gcc-plugins: Add structleak for more stack initialization
This plugin detects any structures that contain __user attributes and makes sure it is being fully initialized so that a specific class of information exposure is eliminated. (This plugin was originally designed to block the exposure of siginfo in CVE-2013-2141.) Ported from grsecurity/PaX. This version adds a verbose option to the plugin and the Kconfig. Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'scripts/Makefile.gcc-plugins')
-rw-r--r--scripts/Makefile.gcc-plugins4
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
index 060d2cb373db..a084f7a511d8 100644
--- a/scripts/Makefile.gcc-plugins
+++ b/scripts/Makefile.gcc-plugins
@@ -25,6 +25,10 @@ ifdef CONFIG_GCC_PLUGINS
endif
endif
+ gcc-plugin-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += structleak_plugin.so
+ gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) += -fplugin-arg-structleak_plugin-verbose
+ gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN
+
GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR