081da2e4c3
KLEAK was a nice feature and served its purpose; it allowed us to detect dozens of info leaks on the kernel->userland boundary, and thanks to it we tackled a good part of the infoleak problem 1.5 years ago. Nowadays however, we have kMSan, which can detect uninitialized memory in the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to detect, but in addition, (1) it operates in all of the kernel and not just the kernel->userland boundary, (2) it requires no user interaction, and (3) it is deterministic and not statistical. That makes kMSan the feature of choice to detect info leaks nowadays; people interested in detecting info leaks should boot a kMSan kernel and just wait for the magic to happen. KLEAK was a good ride, and a fun project, but now is time for it to go. Discussed with several people, including Thomas Barabosch.
32 lines
823 B
Makefile
32 lines
823 B
Makefile
# $NetBSD: ssp.mk,v 1.5 2020/02/08 07:07:07 maxv Exp $
|
|
|
|
.if ${USE_SSP:Uno} == "yes"
|
|
COPTS.kern_ssp.c+= -fno-stack-protector -D__SSP__
|
|
.endif
|
|
|
|
# for multi-cpu machines, cpu_hatch() straddles the init of
|
|
# __stack_chk_guard, so ensure stack protection is disabled
|
|
.if ${MACHINE} == "i386" || ${MACHINE_ARCH} == "x86_64"
|
|
COPTS.cpu.c+= -fno-stack-protector
|
|
.endif
|
|
|
|
COPTS.subr_kcov.c+= -fno-stack-protector
|
|
|
|
# The following files use alloca(3) or variable array allocations.
|
|
# Their full name is noted as documentation.
|
|
VARSTACK= \
|
|
arch/xen/i386/gdt.c \
|
|
dev/ic/aic79xx.c \
|
|
dev/ic/aic7xxx.c \
|
|
dev/usb/xhci.c \
|
|
dev/ofw/ofw_subr.c \
|
|
kern/uipc_socket.c \
|
|
miscfs/genfs/genfs_vnops.c \
|
|
nfs/nfs_bio.c \
|
|
uvm/uvm_bio.c \
|
|
uvm/uvm_pager.c \
|
|
|
|
.for __varstack in ${VARSTACK}
|
|
COPTS.${__varstack:T} += -Wno-stack-protector
|
|
.endfor
|