On Sat, Mar 3, 2018 at 12:00 PM, Alexander Popov <alex.po...@linux.com> wrote: > This is the 9th version of the patch series introducing STACKLEAK to the > mainline kernel. STACKLEAK is a security feature developed by Grsecurity/PaX > (kudos to them), which: > - reduces the information that can be revealed through kernel stack leak > bugs; > - blocks some uninitialized stack variable attacks (e.g. CVE-2017-17712, > CVE-2010-2963); > - introduces some runtime checks for kernel stack overflow detection.
Thanks for continuing to chip away at this! I wonder if it's time to drop the "RFC" part of this? It seems like this should be ready to land pretty soon. I can start carrying this in the kspp -next tree, for example. I'd like to get some sign-off from x86, though. Boris, Andy, and Dave (Hansen), you've all looked at this; would you be willing to give an Ack on the x86 parts? (Though I do now see a new comment from Dave was just sent.) And if not, what changes would you like to see? -Kees -- Kees Cook Pixel Security