About stack depth overflow

Let me correct the description of the STACKLEAK gcc plugin. The plugin performs two kinds of the kernel code instrumentation:

1. It inserts track_stack() calls for tracking the lowest border of the kernel stack. That is needed for erasing only the used part of the kernel stack at the end of syscalls. But that is _not_ used for detecting the stack depth overflow.

2. The plugin inserts the check_alloca() call before each alloca in the kernel. That blocks the Stack Clash attack against the kernel stack. So the combination of STACKLEAK, VMAP_STACK (providing the guard pages) and THREAD_INFO_IN_TASK protects the kernel against known stack depth overflow attacks.

I've described that in the last patch of the series, which updates Documentation/security/self-protection.rst.