diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig.hardening | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index a96d4a43ca65..0a1d4ca314f4 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -18,9 +18,13 @@ config GCC_PLUGIN_STRUCTLEAK menu "Memory initialization" +config CC_HAS_AUTO_VAR_INIT + def_bool $(cc-option,-ftrivial-auto-var-init=pattern) + choice prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS + default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT default INIT_STACK_NONE help This option enables initialization of stack variables at @@ -76,6 +80,16 @@ choice of uninitialized stack variable exploits and information exposures. + config INIT_STACK_ALL + bool "0xAA-init everything on the stack (strongest)" + depends on CC_HAS_AUTO_VAR_INIT + help + Initializes everything on the stack with a 0xAA + pattern. This is intended to eliminate all classes + of uninitialized stack variable exploits and information + exposures, even variables that were warned to have been + left uninitialized. + endchoice config GCC_PLUGIN_STRUCTLEAK_VERBOSE |