summaryrefslogtreecommitdiffstats
path: root/arch/Kconfig
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2017-02-22 18:05:47 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2017-02-22 18:05:47 +0100
commit1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 (patch)
treeffc00daba83ccff816a089677ed5eeac0f92fc0f /arch/Kconfig
parentMerge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... (diff)
parentMerge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins (diff)
downloadlinux-1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3.tar.xz
linux-1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3.zip
Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc-plugins updates from Kees Cook: "This includes infrastructure updates and the structleak plugin, which performs forced initialization of certain structures to avoid possible information exposures to userspace. Summary: - infrastructure updates (gcc-common.h) - introduce structleak plugin for forced initialization of some structures" * tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: Add structleak for more stack initialization gcc-plugins: consolidate on PASS_INFO macro gcc-plugins: add PASS_INFO and build_const_char_string()
Diffstat (limited to 'arch/Kconfig')
-rw-r--r--arch/Kconfig22
1 files changed, 22 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig
index 33f5a555c32a..2bbf5baff690 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -410,6 +410,28 @@ config GCC_PLUGIN_LATENT_ENTROPY
* https://grsecurity.net/
* https://pax.grsecurity.net/
+config GCC_PLUGIN_STRUCTLEAK
+ bool "Force initialization of variables containing userspace addresses"
+ depends on GCC_PLUGINS
+ help
+ This plugin zero-initializes any structures that containing a
+ __user attribute. This can prevent some classes of information
+ exposures.
+
+ This plugin was ported from grsecurity/PaX. More information at:
+ * https://grsecurity.net/
+ * https://pax.grsecurity.net/
+
+config GCC_PLUGIN_STRUCTLEAK_VERBOSE
+ bool "Report forcefully initialized variables"
+ depends on GCC_PLUGIN_STRUCTLEAK
+ depends on !COMPILE_TEST
+ help
+ This option will cause a warning to be printed each time the
+ structleak plugin finds a variable it thinks needs to be
+ initialized. Since not all existing initializers are detected
+ by the plugin, this can produce false positive warnings.
+
config HAVE_CC_STACKPROTECTOR
bool
help