[0/3] gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text

Message

Kees Cook Feb. 6, 2022, 5:45 p.m. UTC

Out of an abundance of caution, do not perform stack depth analysis on
.noinstr.text and .entry.text section functions, as it may be possible
that "current" is not sane.

Additionally, to verify results, the verbose mode is wired up the Kconfig,
and the string matching is refactored for correctness.

-Kees

Kees Cook (3):
  gcc-plugins/stackleak: Provide verbose mode
  gcc-plugins/stackleak: Exactly match strings instead of prefixes
  gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text

 scripts/Makefile.gcc-plugins           |  2 ++
 scripts/gcc-plugins/stackleak_plugin.c | 29 ++++++++++++++++++++++----
 security/Kconfig.hardening             | 10 +++++++++
 3 files changed, 37 insertions(+), 4 deletions(-)