Linux 4.19 Will Fend Off Stack Attacks With STACKLEAK Plugin

As expected, Linux 4.19 is getting STACKLEAK as a GCC plug-in for the Linux kernel that will fend off various form of stack attacks.

STACKLEAK is ported from the last open-source code of the GrSecurity/PaX modified kernel and wipes out the kernel stack before returning from system calls.

Among the benefits of STACKLEAK as explained by Google's Kees Cook:

This creates a defense against several classes of flaws:

- uninitialized stack usage (while we continue to work on improving the compiler to do this in other ways: e.g. unconditional zero init was proposed to gcc and clang, and more plugin work has started too)

- stack content exposure (by greatly reducing the lifetime of valid stack contents, exposures via either direct read bugs or unknown cache side-channels become much more difficult to exploit. This complements the existing buddy and heap poisoning options, but provides the coverage for stacks)

- stack exhaustion/guard-page skipping (while we continue to work to remove all VLAs in the kernel: of the ~115 cases found in v4.16, after the v4.19 merge window we should be down to about 13 remaining, most of them in crypto code, all of which have patches under review)

STACKLEAK is being added to the mainline Linux kernel via the gcc-plugins updates.