doc: self-protection: Add information about STACKLEAK feature

author Alexander Popov <alex.popov@linux.com>

Thu, 16 Aug 2018 22:17:02 +0000 (01:17 +0300)

committer Kees Cook <keescook@chromium.org>

Tue, 4 Sep 2018 17:35:48 +0000 (10:35 -0700)
author Alexander Popov <alex.popov@linux.com>
Thu, 16 Aug 2018 22:17:02 +0000 (01:17 +0300)
committer Kees Cook <keescook@chromium.org>
Tue, 4 Sep 2018 17:35:48 +0000 (10:35 -0700)
diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst

index e1ca698e000639720e9c718ec28613177cad189e..f584fb74b4ff2852eead1a46df316f14d3aeef69 100644 (file)
--- a/Documentation/security/self-protection.rst
+++ b/Documentation/security/self-protection.rst
@@ -302,11 +302,11 @@ sure structure holes are cleared.
  Memory poisoning
  ----------------
  
-When releasing memory, it is best to poison the contents (clear stack on
-syscall return, wipe heap memory on a free), to avoid reuse attacks that
-rely on the old contents of memory. This frustrates many uninitialized
-variable attacks, stack content exposures, heap content exposures, and
-use-after-free attacks.
+When releasing memory, it is best to poison the contents, to avoid reuse
+attacks that rely on the old contents of memory. E.g., clear stack on a
+syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
+free. This frustrates many uninitialized variable attacks, stack content
+exposures, heap content exposures, and use-after-free attacks.
  
  Destination tracking
  --------------------
author	Alexander Popov <alex.popov@linux.com>
	Thu, 16 Aug 2018 22:17:02 +0000 (01:17 +0300)
committer	Kees Cook <keescook@chromium.org>
	Tue, 4 Sep 2018 17:35:48 +0000 (10:35 -0700)