diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-02-22 18:05:47 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-02-22 18:05:47 +0100 |
commit | 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 (patch) | |
tree | ffc00daba83ccff816a089677ed5eeac0f92fc0f /arch/Kconfig | |
parent | Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... (diff) | |
parent | Merge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins (diff) | |
download | linux-1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3.tar.xz linux-1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3.zip |
Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc-plugins updates from Kees Cook:
"This includes infrastructure updates and the structleak plugin, which
performs forced initialization of certain structures to avoid possible
information exposures to userspace.
Summary:
- infrastructure updates (gcc-common.h)
- introduce structleak plugin for forced initialization of some
structures"
* tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: Add structleak for more stack initialization
gcc-plugins: consolidate on PASS_INFO macro
gcc-plugins: add PASS_INFO and build_const_char_string()
Diffstat (limited to 'arch/Kconfig')
-rw-r--r-- | arch/Kconfig | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 33f5a555c32a..2bbf5baff690 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -410,6 +410,28 @@ config GCC_PLUGIN_LATENT_ENTROPY * https://grsecurity.net/ * https://pax.grsecurity.net/ +config GCC_PLUGIN_STRUCTLEAK + bool "Force initialization of variables containing userspace addresses" + depends on GCC_PLUGINS + help + This plugin zero-initializes any structures that containing a + __user attribute. This can prevent some classes of information + exposures. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_STRUCTLEAK_VERBOSE + bool "Report forcefully initialized variables" + depends on GCC_PLUGIN_STRUCTLEAK + depends on !COMPILE_TEST + help + This option will cause a warning to be printed each time the + structleak plugin finds a variable it thinks needs to be + initialized. Since not all existing initializers are detected + by the plugin, this can produce false positive warnings. + config HAVE_CC_STACKPROTECTOR bool help |