doc: self-protection: Add information about STACKLEAK feature

Add information about STACKLEAK feature to the "Memory poisoning" section of self-protection.rst. Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Kees Cook <keescook@chromium.org>

doc: self-protection: Add information about STACKLEAK feature
Add information about STACKLEAK feature to the "Memory poisoning" section of self-protection.rst. Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Kees Cook <keescook@chromium.org>
ed535a2d · Alexander Popov · Kees Cook · c8d12627 · ed535a2d
Commit ed535a2d authored Aug 17, 2018 by Alexander Popov Committed by Kees Cook Sep 04, 2018
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

Documentation/security/self-protection.rst Documentation/security/self-protection.rst +5 -5

No files found.
--- a/Documentation/security/self-protection.rst
+++ b/Documentation/security/self-protection.rst
@@ -302,11 +302,11 @@ sure structure holes are cleared.
 Memory poisoning
 ----------------
-When releasing memory, it is best to poison the contents (clear stack on
+When releasing memory, it is best to poison the contents, to avoid reuse
-syscall return, wipe heap memory on a free), to avoid reuse attacks that
+attacks that rely on the old contents of memory. E.g., clear stack on a
-rely on the old contents of memory. This frustrates many uninitialized
+syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
-variable attacks, stack content exposures, heap content exposures, and
+free. This frustrates many uninitialized variable attacks, stack content
-use-after-free attacks.
+exposures, heap content exposures, and use-after-free attacks.
 Destination tracking
 --------------------