On Mon, Mar 05, 2018 at 12:06:18PM -0800, Kees Cook wrote: > On Mon, Mar 5, 2018 at 11:40 AM, Dave Hansen > <[email protected]> wrote: > > On 03/03/2018 12:00 PM, Alexander Popov wrote: > >> @@ -128,6 +134,7 @@ static long syscall_trace_enter(struct pt_regs *regs) > >> > >> do_audit_syscall_entry(regs, arch); > >> > >> + erase_kstack(); > >> return ret ?: regs->orig_ax; > >> } > > > > This seems like an odd place to be clearing the stack. Why was it done her? > > Perhaps the commit log could be improved, but the idea is that the > audit work (ptrace, seccomp, etc), is happening before the syscall > code starts running, and it has therefore written to the stack (that > used to be cleared on last exit). This retains the clear stack state > even in the face of ptrace-ish work happening before the syscall > proper starts.
I'd suggest a code-comment over a Changelog twiddle. The changelog bit only helps now, that code comments helps us again in 6 motnhs time when we've forgotten everything again.
