security: default to INIT_STACK_NONE

Change-Id: Id99590053310cf797a30897354cf1e1e1f761be1
Signed-off-by: starlight5234 <starlight5234@protonmail.ch>

security/Kconfig.hardening

@@ -25,71 +25,22 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN
 config CC_HAS_AUTO_VAR_INIT_ZERO
 	def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
 
-choice
-	prompt "Initialize kernel stack variables at function entry"
-	default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
-	default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
-	default INIT_STACK_NONE
+config INIT_STACK_NONE
+	bool "no automatic initialization (weakest)"
+	default y
 	help
-	  This option enables initialization of stack variables at
-	  function entry time. This has the possibility to have the
-	  greatest coverage (since all functions can have their
-	  variables initialized), but the performance impact depends
-	  on the function calling complexity of a given workload's
-	  syscalls.
+	  Disable automatic stack variable initialization.
+	  This leaves the kernel vulnerable to the standard
+	  classes of uninitialized stack variable exploits
+	  and information exposures.
 
-	  This chooses the level of coverage over classes of potentially
-	  uninitialized variables. The selected class will be
-	  initialized before use in a function.
-
-	config INIT_STACK_NONE
-		bool "no automatic initialization (weakest)"
-		help
-		  Disable automatic stack variable initialization.
-		  This leaves the kernel vulnerable to the standard
-		  classes of uninitialized stack variable exploits
-		  and information exposures.
-
-	config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
-		bool "zero-init anything passed by reference (very strong)"
-		depends on GCC_PLUGINS
-		select GCC_PLUGIN_STRUCTLEAK
-		help
-		  Zero-initialize any stack variables that may be passed
-		  by reference and had not already been explicitly
-		  initialized. This is intended to eliminate all classes
-		  of uninitialized stack variable exploits and information
-		  exposures.
-
-	config INIT_STACK_ALL_PATTERN
-		bool "0xAA-init everything on the stack (strongest)"
-		depends on CC_HAS_AUTO_VAR_INIT_PATTERN
-		help
-		  Initializes everything on the stack with a 0xAA
-		  pattern. This is intended to eliminate all classes
-		  of uninitialized stack variable exploits and information
-		  exposures, even variables that were warned to have been
-		  left uninitialized.
-
-		  Pattern initialization is known to provoke many existing bugs
-		  related to uninitialized locals, e.g. pointers receive
-		  non-NULL values, buffer sizes and indices are very big.
-
-	config INIT_STACK_ALL_ZERO
-		bool "zero-init everything on the stack (strongest and safest)"
-		depends on CC_HAS_AUTO_VAR_INIT_ZERO
-		help
-		  Initializes everything on the stack with a zero
-		  value. This is intended to eliminate all classes
-		  of uninitialized stack variable exploits and information
-		  exposures, even variables that were warned to have been
-		  left uninitialized.
-
-		  Zero initialization provides safe defaults for strings,
-		  pointers, indices and sizes, and is therefore
-		  more suitable as a security mitigation measure.
-
-endchoice
+config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
+	bool "Force initialize all struct type variables passed by reference"
+	depends on GCC_PLUGIN_STRUCTLEAK
+	depends on !COMPILE_TEST
+	help
+	  Zero initialize any struct type local variable that may
+	  be passed by reference without having been initialized.
 
 config GCC_PLUGIN_STRUCTLEAK_VERBOSE
 	bool "Report forcefully initialized variables"