summaryrefslogtreecommitdiff
path: root/arch
diff options
context:
space:
mode:
authorArd Biesheuvel <ard.biesheuvel@linaro.org>2017-08-06 14:06:27 +0300
committerKees Cook <keescook@chromium.org>2017-08-07 21:20:57 +0300
commitf7dd2507893cc3425d3ffc2369559619960befb0 (patch)
tree68c1f03a81c27f5ff0407b51bc2281698d86e56e /arch
parent520eccdfe187591a51ea9ab4c1a024ae4d0f68d9 (diff)
downloadlinux-f7dd2507893cc3425d3ffc2369559619960befb0.tar.xz
gcc-plugins: structleak: add option to init all vars used as byref args
In the Linux kernel, struct type variables are rarely passed by-value, and so functions that initialize such variables typically take an input reference to the variable rather than returning a value that can subsequently be used in an assignment. If the initalization function is not part of the same compilation unit, the lack of an assignment operation defeats any analysis the compiler can perform as to whether the variable may be used before having been initialized. This means we may end up passing on such variables uninitialized, resulting in potential information leaks. So extend the existing structleak GCC plugin so it will [optionally] apply to all struct type variables that have their address taken at any point, rather than only to variables of struct types that have a __user annotation. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch')
-rw-r--r--arch/Kconfig7
1 files changed, 7 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 21d0089117fe..0f1621489bf0 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -458,6 +458,13 @@ config GCC_PLUGIN_STRUCTLEAK
* https://grsecurity.net/
* https://pax.grsecurity.net/
+config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
+ bool "Force initialize all struct type variables passed by reference"
+ depends on GCC_PLUGIN_STRUCTLEAK
+ help
+ Zero initialize any struct type local variable that may be passed by
+ reference without having been initialized.
+
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
bool "Report forcefully initialized variables"
depends on GCC_PLUGIN_STRUCTLEAK