2019-05-29 08:55:48 -06:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
|
menu "Kernel hardening options"
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK
|
|
|
|
|
bool "Force initialization of variables containing userspace addresses"
|
|
|
|
|
# Currently STRUCTLEAK inserts initialization out of live scope of
|
|
|
|
|
# variables from KASAN point of view. This leads to KASAN false
|
|
|
|
|
# positive reports. Prohibit this combination for now.
|
|
|
|
|
depends on !KASAN_EXTRA
|
|
|
|
|
help
|
|
|
|
|
This plugin zero-initializes any structures containing a
|
|
|
|
|
__user attribute. This can prevent some classes of information
|
|
|
|
|
exposures.
|
|
|
|
|
|
|
|
|
|
This plugin was ported from grsecurity/PaX. More information at:
|
|
|
|
|
* https://grsecurity.net/
|
|
|
|
|
* https://pax.grsecurity.net/
|
|
|
|
|
|
|
|
|
|
menu "Memory initialization"
|
|
|
|
|
|
2019-04-10 09:48:31 -06:00
|
|
|
config CC_HAS_AUTO_VAR_INIT
|
|
|
|
|
def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
|
|
|
|
|
|
2019-05-29 08:55:48 -06:00
|
|
|
choice
|
|
|
|
|
prompt "Initialize kernel stack variables at function entry"
|
|
|
|
|
default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
|
2019-04-10 09:48:31 -06:00
|
|
|
default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT
|
2019-05-29 08:55:48 -06:00
|
|
|
default INIT_STACK_NONE
|
|
|
|
|
help
|
|
|
|
|
This option enables initialization of stack variables at
|
|
|
|
|
function entry time. This has the possibility to have the
|
|
|
|
|
greatest coverage (since all functions can have their
|
|
|
|
|
variables initialized), but the performance impact depends
|
|
|
|
|
on the function calling complexity of a given workload's
|
|
|
|
|
syscalls.
|
|
|
|
|
|
|
|
|
|
This chooses the level of coverage over classes of potentially
|
|
|
|
|
uninitialized variables. The selected class will be
|
|
|
|
|
initialized before use in a function.
|
|
|
|
|
|
|
|
|
|
config INIT_STACK_NONE
|
|
|
|
|
bool "no automatic initialization (weakest)"
|
|
|
|
|
help
|
|
|
|
|
Disable automatic stack variable initialization.
|
|
|
|
|
This leaves the kernel vulnerable to the standard
|
|
|
|
|
classes of uninitialized stack variable exploits
|
|
|
|
|
and information exposures.
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
|
|
|
|
|
bool "Force initialize all struct type variables passed by reference"
|
|
|
|
|
depends on GCC_PLUGIN_STRUCTLEAK
|
|
|
|
|
depends on !COMPILE_TEST
|
|
|
|
|
help
|
|
|
|
|
Zero initialize any struct type local variable that may
|
|
|
|
|
be passed by reference without having been initialized.
|
|
|
|
|
|
2019-04-10 09:48:31 -06:00
|
|
|
config INIT_STACK_ALL
|
|
|
|
|
bool "0xAA-init everything on the stack (strongest)"
|
|
|
|
|
depends on CC_HAS_AUTO_VAR_INIT
|
|
|
|
|
help
|
|
|
|
|
Initializes everything on the stack with a 0xAA
|
|
|
|
|
pattern. This is intended to eliminate all classes
|
|
|
|
|
of uninitialized stack variable exploits and information
|
|
|
|
|
exposures, even variables that were warned to have been
|
|
|
|
|
left uninitialized.
|
|
|
|
|
|
2019-05-29 08:55:48 -06:00
|
|
|
endchoice
|
|
|
|
|
|
|
|
|
|
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
|
|
|
|
|
bool "Report forcefully initialized variables"
|
|
|
|
|
depends on GCC_PLUGIN_STRUCTLEAK
|
|
|
|
|
depends on !COMPILE_TEST # too noisy
|
|
|
|
|
help
|
|
|
|
|
This option will cause a warning to be printed each time the
|
|
|
|
|
structleak plugin finds a variable it thinks needs to be
|
|
|
|
|
initialized. Since not all existing initializers are detected
|
|
|
|
|
by the plugin, this can produce false positive warnings.
|
|
|
|
|
|
|
|
|
|
endmenu
|
|
|
|
|
|
|
|
|
|
endmenu
|
