Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

doc: self-protection: Add information about STACKLEAK feature

Add information about STACKLEAK feature to the "Memory poisoning"
section of self-protection.rst.

Signed-off-by: Alexander Popov <alex.popov@linux.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Alexander Popov 7 years ago
parent
c8d126275a
commit
ed535a2dae
1 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 5 5
      Documentation/security/self-protection.rst

+ 5 - 5
Documentation/security/self-protection.rst
View File 

@@ -302,11 +302,11 @@ sure structure holes are cleared.
 
 Memory poisoning
 
 ----------------
 
 
-When releasing memory, it is best to poison the contents (clear stack on
 
-syscall return, wipe heap memory on a free), to avoid reuse attacks that
 
-rely on the old contents of memory. This frustrates many uninitialized
 
-variable attacks, stack content exposures, heap content exposures, and
 
-use-after-free attacks.
 
+When releasing memory, it is best to poison the contents, to avoid reuse
 
+attacks that rely on the old contents of memory. E.g., clear stack on a
 
+syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
 
+free. This frustrates many uninitialized variable attacks, stack content
 
+exposures, heap content exposures, and use-after-free attacks.
 
 
 Destination tracking
 
 --------------------