| # SPDX-License-Identifier: GPL-2.0-only |
| menu "Kernel hardening options" |
| |
| config GCC_PLUGIN_STRUCTLEAK |
| bool "Force initialization of variables containing userspace addresses" |
| # Currently STRUCTLEAK inserts initialization out of live scope of |
| # variables from KASAN point of view. This leads to KASAN false |
| # positive reports. Prohibit this combination for now. |
| depends on !KASAN_EXTRA |
| help |
| This plugin zero-initializes any structures containing a |
| __user attribute. This can prevent some classes of information |
| exposures. |
| |
| This plugin was ported from grsecurity/PaX. More information at: |
| * https://grsecurity.net/ |
| * https://pax.grsecurity.net/ |
| |
| menu "Memory initialization" |
| |
| config CC_HAS_AUTO_VAR_INIT |
| def_bool $(cc-option,-ftrivial-auto-var-init=pattern) |
| |
| choice |
| prompt "Initialize kernel stack variables at function entry" |
| default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS |
| default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT |
| default INIT_STACK_NONE |
| help |
| This option enables initialization of stack variables at |
| function entry time. This has the possibility to have the |
| greatest coverage (since all functions can have their |
| variables initialized), but the performance impact depends |
| on the function calling complexity of a given workload's |
| syscalls. |
| |
| This chooses the level of coverage over classes of potentially |
| uninitialized variables. The selected class will be |
| initialized before use in a function. |
| |
| config INIT_STACK_NONE |
| bool "no automatic initialization (weakest)" |
| help |
| Disable automatic stack variable initialization. |
| This leaves the kernel vulnerable to the standard |
| classes of uninitialized stack variable exploits |
| and information exposures. |
| |
| config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
| bool "Force initialize all struct type variables passed by reference" |
| depends on GCC_PLUGIN_STRUCTLEAK |
| depends on !COMPILE_TEST |
| help |
| Zero initialize any struct type local variable that may |
| be passed by reference without having been initialized. |
| |
| config INIT_STACK_ALL |
| bool "0xAA-init everything on the stack (strongest)" |
| depends on CC_HAS_AUTO_VAR_INIT |
| help |
| Initializes everything on the stack with a 0xAA |
| pattern. This is intended to eliminate all classes |
| of uninitialized stack variable exploits and information |
| exposures, even variables that were warned to have been |
| left uninitialized. |
| |
| endchoice |
| |
| config GCC_PLUGIN_STRUCTLEAK_VERBOSE |
| bool "Report forcefully initialized variables" |
| depends on GCC_PLUGIN_STRUCTLEAK |
| depends on !COMPILE_TEST # too noisy |
| help |
| This option will cause a warning to be printed each time the |
| structleak plugin finds a variable it thinks needs to be |
| initialized. Since not all existing initializers are detected |
| by the plugin, this can produce false positive warnings. |
| |
| endmenu |
| |
| endmenu |