summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Popov <alex.popov@linux.com>2018-08-17 01:17:02 +0300
committerKees Cook <keescook@chromium.org>2018-09-04 10:35:48 -0700
commited535a2dae1836d15c71e250475952881265d244 (patch)
treea9b651bea5a943e78824b9fe7cf161eb16713720
parentc8d126275a5fa59394fe17109bdb9812fed296b8 (diff)
doc: self-protection: Add information about STACKLEAK feature
Add information about STACKLEAK feature to the "Memory poisoning" section of self-protection.rst. Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Kees Cook <keescook@chromium.org>
-rw-r--r--Documentation/security/self-protection.rst10
1 files changed, 5 insertions, 5 deletions
diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst
index e1ca698e0006..f584fb74b4ff 100644
--- a/Documentation/security/self-protection.rst
+++ b/Documentation/security/self-protection.rst
@@ -302,11 +302,11 @@ sure structure holes are cleared.
Memory poisoning
----------------
-When releasing memory, it is best to poison the contents (clear stack on
-syscall return, wipe heap memory on a free), to avoid reuse attacks that
-rely on the old contents of memory. This frustrates many uninitialized
-variable attacks, stack content exposures, heap content exposures, and
-use-after-free attacks.
+When releasing memory, it is best to poison the contents, to avoid reuse
+attacks that rely on the old contents of memory. E.g., clear stack on a
+syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
+free. This frustrates many uninitialized variable attacks, stack content
+exposures, heap content exposures, and use-after-free attacks.
Destination tracking
--------------------