From 8d164266445a2f3122eb0722cfaeda7554ac3854 Mon Sep 17 00:00:00 2001
From: Rolf Neugebauer <rolf.neugebauer@docker.com>
Date: Mon, 20 Nov 2017 14:16:42 +0000
Subject: [PATCH] kernel: Enable GCC_PLUGIN_STRUCTLEAK on kernels supporting it

The 4.13 and 4.14 kernels support GCC_PLUGIN_STRUCTLEAK, a GCC plugin
to zero initialise any structures with the __user attribute to prevent
information exposure.

On 4.14 kernels also enable GCC_PLUGIN_STRUCTLEAK_BYREF_ALL which is
an extension of the above

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
---
 kernel/config-4.13.x-aarch64 | 3 ++-
 kernel/config-4.13.x-x86_64  | 3 ++-
 kernel/config-4.14.x-aarch64 | 4 +++-
 kernel/config-4.14.x-x86_64  | 4 +++-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/kernel/config-4.13.x-aarch64 b/kernel/config-4.13.x-aarch64
index 9a940dd6c..8dc821b8b 100644
--- a/kernel/config-4.13.x-aarch64
+++ b/kernel/config-4.13.x-aarch64
@@ -253,7 +253,8 @@ CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
-# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+CONFIG_GCC_PLUGIN_STRUCTLEAK=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
 # CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
diff --git a/kernel/config-4.13.x-x86_64 b/kernel/config-4.13.x-x86_64
index af845a20e..f7a590cd8 100644
--- a/kernel/config-4.13.x-x86_64
+++ b/kernel/config-4.13.x-x86_64
@@ -297,7 +297,8 @@ CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
-# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+CONFIG_GCC_PLUGIN_STRUCTLEAK=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
 # CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
diff --git a/kernel/config-4.14.x-aarch64 b/kernel/config-4.14.x-aarch64
index b25d80008..0425b552c 100644
--- a/kernel/config-4.14.x-aarch64
+++ b/kernel/config-4.14.x-aarch64
@@ -256,7 +256,9 @@ CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
-# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+CONFIG_GCC_PLUGIN_STRUCTLEAK=y
+CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
 # CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
diff --git a/kernel/config-4.14.x-x86_64 b/kernel/config-4.14.x-x86_64
index 755ec692c..860225e22 100644
--- a/kernel/config-4.14.x-x86_64
+++ b/kernel/config-4.14.x-x86_64
@@ -299,7 +299,9 @@ CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
 # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
-# CONFIG_GCC_PLUGIN_STRUCTLEAK is not set
+CONFIG_GCC_PLUGIN_STRUCTLEAK=y
+CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
+# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
 # CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y