menu "Kernel hardening options" config GCC_PLUGIN_STRUCTLEAK bool help While the kernel is built with warnings enabled for any missed stack variable initializations, this warning is silenced for anything passed by reference to another function, under the occasionally misguided assumption that the function will do the initialization. As this regularly leads to exploitable flaws, this plugin is available to identify and zero-initialize such variables, depending on the chosen level of coverage. This plugin was originally ported from grsecurity/PaX. More information at: * https://grsecurity.net/ * https://pax.grsecurity.net/ menu "Memory initialization" choice prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_NONE help This option enables initialization of stack variables at function entry time. This has the possibility to have the greatest coverage (since all functions can have their variables initialized), but the performance impact depends on the function calling complexity of a given workload's syscalls. This chooses the level of coverage over classes of potentially uninitialized variables. The selected class will be initialized before use in a function. config INIT_STACK_NONE bool "no automatic initialization (weakest)" help Disable automatic stack variable initialization. This leaves the kernel vulnerable to the standard classes of uninitialized stack variable exploits and information exposures. config GCC_PLUGIN_STRUCTLEAK_USER bool "zero-init structs marked for userspace (weak)" depends on GCC_PLUGINS select GCC_PLUGIN_STRUCTLEAK help Zero-initialize any structures on the stack containing a __user attribute. This can prevent some classes of uninitialized stack variable exploits and information exposures, like CVE-2013-2141: https://git.kernel.org/linus/b9e146d8eb3b9eca config GCC_PLUGIN_STRUCTLEAK_BYREF bool "zero-init structs passed by reference (strong)" depends on GCC_PLUGINS select GCC_PLUGIN_STRUCTLEAK help Zero-initialize any structures on the stack that may be passed by reference and had not already been explicitly initialized. This can prevent most classes of uninitialized stack variable exploits and information exposures, like CVE-2017-1000410: https://git.kernel.org/linus/06e7e776ca4d3654 config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL bool "zero-init anything passed by reference (very strong)" depends on GCC_PLUGINS select GCC_PLUGIN_STRUCTLEAK help Zero-initialize any stack variables that may be passed by reference and had not already been explicitly initialized. This is intended to eliminate all classes of uninitialized stack variable exploits and information exposures. endchoice config GCC_PLUGIN_STRUCTLEAK_VERBOSE bool "Report forcefully initialized variables" depends on GCC_PLUGIN_STRUCTLEAK depends on !COMPILE_TEST # too noisy help This option will cause a warning to be printed each time the structleak plugin finds a variable it thinks needs to be initialized. Since not all existing initializers are detected by the plugin, this can produce false positive warnings. endmenu endmenu