1 menu "Kernel hardening options"
3 config GCC_PLUGIN_STRUCTLEAK
6 While the kernel is built with warnings enabled for any missed
7 stack variable initializations, this warning is silenced for
8 anything passed by reference to another function, under the
9 occasionally misguided assumption that the function will do
10 the initialization. As this regularly leads to exploitable
11 flaws, this plugin is available to identify and zero-initialize
12 such variables, depending on the chosen level of coverage.
14 This plugin was originally ported from grsecurity/PaX. More
16 * https://grsecurity.net/
17 * https://pax.grsecurity.net/
19 menu "Memory initialization"
22 prompt "Initialize kernel stack variables at function entry"
23 default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
24 default INIT_STACK_NONE
26 This option enables initialization of stack variables at
27 function entry time. This has the possibility to have the
28 greatest coverage (since all functions can have their
29 variables initialized), but the performance impact depends
30 on the function calling complexity of a given workload's
33 This chooses the level of coverage over classes of potentially
34 uninitialized variables. The selected class will be
35 initialized before use in a function.
37 config INIT_STACK_NONE
38 bool "no automatic initialization (weakest)"
40 Disable automatic stack variable initialization.
41 This leaves the kernel vulnerable to the standard
42 classes of uninitialized stack variable exploits
43 and information exposures.
45 config GCC_PLUGIN_STRUCTLEAK_USER
46 bool "zero-init structs marked for userspace (weak)"
47 depends on GCC_PLUGINS
48 select GCC_PLUGIN_STRUCTLEAK
50 Zero-initialize any structures on the stack containing
51 a __user attribute. This can prevent some classes of
52 uninitialized stack variable exploits and information
53 exposures, like CVE-2013-2141:
54 https://git.kernel.org/linus/b9e146d8eb3b9eca
56 config GCC_PLUGIN_STRUCTLEAK_BYREF
57 bool "zero-init structs passed by reference (strong)"
58 depends on GCC_PLUGINS
59 select GCC_PLUGIN_STRUCTLEAK
61 Zero-initialize any structures on the stack that may
62 be passed by reference and had not already been
63 explicitly initialized. This can prevent most classes
64 of uninitialized stack variable exploits and information
65 exposures, like CVE-2017-1000410:
66 https://git.kernel.org/linus/06e7e776ca4d3654
68 config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
69 bool "zero-init anything passed by reference (very strong)"
70 depends on GCC_PLUGINS
71 select GCC_PLUGIN_STRUCTLEAK
73 Zero-initialize any stack variables that may be passed
74 by reference and had not already been explicitly
75 initialized. This is intended to eliminate all classes
76 of uninitialized stack variable exploits and information
81 config GCC_PLUGIN_STRUCTLEAK_VERBOSE
82 bool "Report forcefully initialized variables"
83 depends on GCC_PLUGIN_STRUCTLEAK
84 depends on !COMPILE_TEST # too noisy
86 This option will cause a warning to be printed each time the
87 structleak plugin finds a variable it thinks needs to be
88 initialized. Since not all existing initializers are detected
89 by the plugin, this can produce false positive warnings.
git.samba.org / sfrench / cifs-2.6.git / blob