diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-07 20:30:19 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-07 20:30:19 -0700 |
commit | 44ccba3f7b230af1bd7ebe173cbf5803df1df486 (patch) | |
tree | 745b237af595fc6c1b7d3fe1b98c167e0590aa43 /arch | |
parent | 21d236bf2bde518844b5675ec4980f4b2fd13e1a (diff) | |
parent | ad05e6ca7b5fcf15ff178da662035ec7718f938c (diff) | |
download | linux-44ccba3f7b230af1bd7ebe173cbf5803df1df486.tar.gz linux-44ccba3f7b230af1bd7ebe173cbf5803df1df486.tar.bz2 linux-44ccba3f7b230af1bd7ebe173cbf5803df1df486.zip |
Merge tag 'gcc-plugins-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc plugins update from Kees Cook:
"This finishes the porting work on randstruct, and introduces a new
option to structleak, both noted below:
- For the randstruct plugin, enable automatic randomization of
structures that are entirely function pointers (along with a couple
designated initializer fixes).
- For the structleak plugin, provide an option to perform zeroing
initialization of all otherwise uninitialized stack variables that
are passed by reference (Ard Biesheuvel)"
* tag 'gcc-plugins-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: structleak: add option to init all vars used as byref args
randstruct: Enable function pointer struct detection
drivers/net/wan/z85230.c: Use designated initializers
drm/amd/powerplay: rv: Use designated initializers
Diffstat (limited to 'arch')
-rw-r--r-- | arch/Kconfig | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 2520ca5b42eb..1aafb4efbb51 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -458,6 +458,13 @@ config GCC_PLUGIN_STRUCTLEAK * https://grsecurity.net/ * https://pax.grsecurity.net/ +config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL + bool "Force initialize all struct type variables passed by reference" + depends on GCC_PLUGIN_STRUCTLEAK + help + Zero initialize any struct type local variable that may be passed by + reference without having been initialized. + config GCC_PLUGIN_STRUCTLEAK_VERBOSE bool "Report forcefully initialized variables" depends on GCC_PLUGIN_STRUCTLEAK @@ -473,11 +480,13 @@ config GCC_PLUGIN_RANDSTRUCT depends on GCC_PLUGINS select MODVERSIONS if MODULES help - If you say Y here, the layouts of structures explicitly - marked by __randomize_layout will be randomized at - compile-time. This can introduce the requirement of an - additional information exposure vulnerability for exploits - targeting these structure types. + If you say Y here, the layouts of structures that are entirely + function pointers (and have not been manually annotated with + __no_randomize_layout), or structures that have been explicitly + marked with __randomize_layout, will be randomized at compile-time. + This can introduce the requirement of an additional information + exposure vulnerability for exploits targeting these structure + types. Enabling this feature will introduce some performance impact, slightly increase memory usage, and prevent the use of forensic |