Linux 4.19 Kernel Getting STACKLEAK Feature

Written by Michael Larabel in Linux Kernel on 7 August 2018 at 12:09 AM EDT. 4 Comments
LINUX KERNEL
Another security hardening measure coming to the Linux kernel is STACKLEAK.

Kees Cook of Google queued STACKLEAK into one of his feature branches that will be sent in for the upcoming Linux 4.19 kernel.

STACKLEAK wipes out the kernel stack before returning from system calls. By clearing the kernel stack, it reduces possible leakage and can block some possible attack vectors, including stack clash attacks and uninitialized stack variable attacks. This STACKLEAK feature was ported to the mainline Linux kernel from an old code state of the GrSecurity/PaX kernel code back when those patches were public.

As part of the patch work is also the STACKLEAK plug-in for GCC that is used for tracking the kernel stack's lowest border and ensuring alloca() calls don't cause stack overflows.

This STACKLEAK mainlining work was spearheaded by Alexander Popov, a Russian Linux security researcher.
4 Comments
Related News
Linux 6.9-rc5 Released: The Diffstat "Looks A Bit Wonky" But Not Bad
Linux 6.9-rc5 Picking Up Fixes For Intel FRED, BHI & GFNI/VAES Checks
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Fedora Linux 40 Available For Download As A Wonderful Upgrade
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"