A few days ago we covered Enhanced IBRS as mitigation against Spectre attacks being added to Linux 4.19 kernel, and now we just found out that another security hardening measure, known as STACKLEAK, is being added to the Linux 4.19 kernel as well.
What STACKLEAK does is wipe out the kernel stack before returning from system calls. So by clearing the kernel stack, it can effectively reduce potential leakage and then block some possible attack vectors – which includes stack clash attacks, and uninitialized stack variable attacks. This STACKLEAK feature is being ported to the mainline Linux kernel from an old code state from GrSecurity/PaX kernel code from when those patches were available for public download.
This patch work should also have a STACKLEAK plug-in for GCC (which has Speculation Tracking against Spectre V1 in the GCC 9.0 Compiler as we covered a few days ago) – this STACKLEAK plug-in for GCC is used for tracking the kernel stack’s lowest border, and will ensure alloca() calls will not cause stack overflows.