On Thu, Jul 17, 2025 at 04:25:06PM -0700, Kees Cook wrote:
In preparation for adding Clang sanitizer coverage stack depth tracking that can support stack depth callbacks:
- Add the new top-level CONFIG_KSTACK_ERASE option which will be implemented either with the stackleak GCC plugin, or with the Clang stack depth callback support.
- Rename CONFIG_GCC_PLUGIN_STACKLEAK as needed to CONFIG_KSTACK_ERASE, but keep it for anything specific to the GCC plugin itself.
- Rename all exposed "STACKLEAK" names and files to "KSTACK_ERASE" (named for what it does rather than what it protects against), but leave as many of the internals alone as possible to avoid even more churn.
While here, also split "prev_lowest_stack" into CONFIG_KSTACK_ERASE_METRICS, since that's the only place it is referenced from.
Suggested-by: Ingo Molnar mingo@kernel.org Signed-off-by: Kees Cook kees@kernel.org
Cc: Arnd Bergmann arnd@arndb.de Cc: x86@kernel.org Cc: "Gustavo A. R. Silva" gustavoars@kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: kvmarm@lists.linux.dev Cc: linux-riscv@lists.infradead.org Cc: linux-s390@vger.kernel.org Cc: linux-efi@vger.kernel.org Cc: linux-hardening@vger.kernel.org Cc: linux-kbuild@vger.kernel.org Cc: linux-security-module@vger.kernel.org Cc: linux-kselftest@vger.kernel.org
arch/Kconfig | 4 +-- arch/arm/Kconfig | 2 +- arch/arm64/Kconfig | 2 +- arch/riscv/Kconfig | 2 +- arch/s390/Kconfig | 2 +- arch/x86/Kconfig | 2 +- security/Kconfig.hardening | 36 ++++++++++--------- arch/arm/boot/compressed/Makefile | 2 +- arch/arm64/kernel/pi/Makefile | 2 +- arch/arm64/kvm/hyp/nvhe/Makefile | 2 +- arch/riscv/kernel/pi/Makefile | 2 +- arch/riscv/purgatory/Makefile | 2 +- arch/x86/purgatory/Makefile | 2 +-
Did you miss arch/loongarch/Kconfig by accident?
$ git grep -Hrne ARCH_STACKLEAK arch/loongarch/Kconfig:127: select HAVE_ARCH_STACKLEAK
Kind regards, Nicolas