git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'meminit-v5.3-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...
[sfrench/cifs-2.6.git] / security / Kconfig.hardening
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index a1ffe2eb4d5f5f5eb87f4f544f8b4014070f2989..af4c979b38eedb80411654f140a11f6312861dc2 100644 (file)
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -61,6 +61,7 @@ choice
        config GCC_PLUGIN_STRUCTLEAK_BYREF
                bool "zero-init structs passed by reference (strong)"
                depends on GCC_PLUGINS
+               depends on !(KASAN && KASAN_STACK=1)
                select GCC_PLUGIN_STRUCTLEAK
                help
                  Zero-initialize any structures on the stack that may
@@ -70,9 +71,15 @@ choice
                  exposures, like CVE-2017-1000410:
                  https://git.kernel.org/linus/06e7e776ca4d3654
 
+                 As a side-effect, this keeps a lot of variables on the
+                 stack that can otherwise be optimized out, so combining
+                 this with CONFIG_KASAN_STACK can lead to a stack overflow
+                 and is disallowed.
+
        config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
                bool "zero-init anything passed by reference (very strong)"
                depends on GCC_PLUGINS
+               depends on !(KASAN && KASAN_STACK=1)
                select GCC_PLUGIN_STRUCTLEAK
                help
                  Zero-initialize any stack variables that may be passed
Unnamed repository; edit this file 'description' to name the repository.