summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-09-08 06:30:19 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2017-09-08 06:30:19 +0300
commit44ccba3f7b230af1bd7ebe173cbf5803df1df486 (patch)
tree745b237af595fc6c1b7d3fe1b98c167e0590aa43 /arch
parent21d236bf2bde518844b5675ec4980f4b2fd13e1a (diff)
parentad05e6ca7b5fcf15ff178da662035ec7718f938c (diff)
downloadlinux-44ccba3f7b230af1bd7ebe173cbf5803df1df486.tar.xz
Merge tag 'gcc-plugins-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc plugins update from Kees Cook: "This finishes the porting work on randstruct, and introduces a new option to structleak, both noted below: - For the randstruct plugin, enable automatic randomization of structures that are entirely function pointers (along with a couple designated initializer fixes). - For the structleak plugin, provide an option to perform zeroing initialization of all otherwise uninitialized stack variables that are passed by reference (Ard Biesheuvel)" * tag 'gcc-plugins-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: structleak: add option to init all vars used as byref args randstruct: Enable function pointer struct detection drivers/net/wan/z85230.c: Use designated initializers drm/amd/powerplay: rv: Use designated initializers
Diffstat (limited to 'arch')
-rw-r--r--arch/Kconfig19
1 files changed, 14 insertions, 5 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 2520ca5b42eb..1aafb4efbb51 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -458,6 +458,13 @@ config GCC_PLUGIN_STRUCTLEAK
* https://grsecurity.net/
* https://pax.grsecurity.net/
+config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
+ bool "Force initialize all struct type variables passed by reference"
+ depends on GCC_PLUGIN_STRUCTLEAK
+ help
+ Zero initialize any struct type local variable that may be passed by
+ reference without having been initialized.
+
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
bool "Report forcefully initialized variables"
depends on GCC_PLUGIN_STRUCTLEAK
@@ -473,11 +480,13 @@ config GCC_PLUGIN_RANDSTRUCT
depends on GCC_PLUGINS
select MODVERSIONS if MODULES
help
- If you say Y here, the layouts of structures explicitly
- marked by __randomize_layout will be randomized at
- compile-time. This can introduce the requirement of an
- additional information exposure vulnerability for exploits
- targeting these structure types.
+ If you say Y here, the layouts of structures that are entirely
+ function pointers (and have not been manually annotated with
+ __no_randomize_layout), or structures that have been explicitly
+ marked with __randomize_layout, will be randomized at compile-time.
+ This can introduce the requirement of an additional information
+ exposure vulnerability for exploits targeting these structure
+ types.
Enabling this feature will introduce some performance impact,
slightly increase memory usage, and prevent the use of forensic