grsecurity forums

[lynliuyan]

In the miscellaneous hardening features
1.Sanitize kernel stack
2.Automatically constify eligible structures
3.Prevent various integer overflows in function size parameters
was implement by gcc plugins, why does not support on powerpc?

[PaX Team]

1.Sanitize kernel stack

this feature does not only depend on a plugin but also needs some arch specific low-level code that actually clears the kernel stack on kernel->userland transitions and it's not been done on anything but x86 so far. patches are accepted .

2.Automatically constify eligible structures

this one depends on KERNEXEC since that's the one feature that actually enforces read-only kernel memory and as you can see, KERNEXEC doesn't exist for powerpc. patches are welcome (but it's a lot of work ).

3.Prevent various integer overflows in function size parameters

this one could actually be trivially enabled as the arch restriction exists solely because we didn't want to bother with cross-compilation and qemu to test the result. there may also be additional work required to build the hash table for other archs since it relies on LTO (not part of the public release) and i have no idea if that works on powerpc yet. in any case, if you're interested in bringing this up on powerpc, contact Emese and she can guide you through the hash table building/updating process.