diff options
Diffstat (limited to 'scripts/gcc-plugins/Kconfig')
| -rw-r--r-- | scripts/gcc-plugins/Kconfig | 58 |
1 files changed, 47 insertions, 11 deletions
diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig index d9fd9988ef27..74271dba4f94 100644 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig | |||
| @@ -67,23 +67,59 @@ config GCC_PLUGIN_LATENT_ENTROPY | |||
| 67 | * https://pax.grsecurity.net/ | 67 | * https://pax.grsecurity.net/ |
| 68 | 68 | ||
| 69 | config GCC_PLUGIN_STRUCTLEAK | 69 | config GCC_PLUGIN_STRUCTLEAK |
| 70 | bool "Force initialization of variables containing userspace addresses" | 70 | bool "Zero initialize stack variables" |
| 71 | help | 71 | help |
| 72 | This plugin zero-initializes any structures containing a | 72 | While the kernel is built with warnings enabled for any missed |
| 73 | __user attribute. This can prevent some classes of information | 73 | stack variable initializations, this warning is silenced for |
| 74 | exposures. | 74 | anything passed by reference to another function, under the |
| 75 | 75 | occasionally misguided assumption that the function will do | |
| 76 | This plugin was ported from grsecurity/PaX. More information at: | 76 | the initialization. As this regularly leads to exploitable |
| 77 | flaws, this plugin is available to identify and zero-initialize | ||
| 78 | such variables, depending on the chosen level of coverage. | ||
| 79 | |||
| 80 | This plugin was originally ported from grsecurity/PaX. More | ||
| 81 | information at: | ||
| 77 | * https://grsecurity.net/ | 82 | * https://grsecurity.net/ |
| 78 | * https://pax.grsecurity.net/ | 83 | * https://pax.grsecurity.net/ |
| 79 | 84 | ||
| 80 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | 85 | choice |
| 81 | bool "Force initialize all struct type variables passed by reference" | 86 | prompt "Coverage" |
| 82 | depends on GCC_PLUGIN_STRUCTLEAK | 87 | depends on GCC_PLUGIN_STRUCTLEAK |
| 83 | depends on !COMPILE_TEST | 88 | default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL |
| 84 | help | 89 | help |
| 85 | Zero initialize any struct type local variable that may be passed by | 90 | This chooses the level of coverage over classes of potentially |
| 86 | reference without having been initialized. | 91 | uninitialized variables. The selected class will be |
| 92 | zero-initialized before use. | ||
| 93 | |||
| 94 | config GCC_PLUGIN_STRUCTLEAK_USER | ||
| 95 | bool "structs marked for userspace" | ||
| 96 | help | ||
| 97 | Zero-initialize any structures on the stack containing | ||
| 98 | a __user attribute. This can prevent some classes of | ||
| 99 | uninitialized stack variable exploits and information | ||
| 100 | exposures, like CVE-2013-2141: | ||
| 101 | https://git.kernel.org/linus/b9e146d8eb3b9eca | ||
| 102 | |||
| 103 | config GCC_PLUGIN_STRUCTLEAK_BYREF | ||
| 104 | bool "structs passed by reference" | ||
| 105 | help | ||
| 106 | Zero-initialize any structures on the stack that may | ||
| 107 | be passed by reference and had not already been | ||
| 108 | explicitly initialized. This can prevent most classes | ||
| 109 | of uninitialized stack variable exploits and information | ||
| 110 | exposures, like CVE-2017-1000410: | ||
| 111 | https://git.kernel.org/linus/06e7e776ca4d3654 | ||
| 112 | |||
| 113 | config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL | ||
| 114 | bool "anything passed by reference" | ||
| 115 | help | ||
| 116 | Zero-initialize any stack variables that may be passed | ||
| 117 | by reference and had not already been explicitly | ||
| 118 | initialized. This is intended to eliminate all classes | ||
| 119 | of uninitialized stack variable exploits and information | ||
| 120 | exposures. | ||
| 121 | |||
| 122 | endchoice | ||
| 87 | 123 | ||
| 88 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE | 124 | config GCC_PLUGIN_STRUCTLEAK_VERBOSE |
| 89 | bool "Report forcefully initialized variables" | 125 | bool "Report forcefully initialized variables" |