summaryrefslogtreecommitdiff
path: root/scripts/gcc-plugins/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/gcc-plugins/Kconfig')
-rw-r--r--scripts/gcc-plugins/Kconfig58
1 files changed, 47 insertions, 11 deletions
diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
index d45f7f36b859..d0cc92e48f6f 100644
--- a/scripts/gcc-plugins/Kconfig
+++ b/scripts/gcc-plugins/Kconfig
@@ -67,27 +67,63 @@ config GCC_PLUGIN_LATENT_ENTROPY
* https://pax.grsecurity.net/
config GCC_PLUGIN_STRUCTLEAK
- bool "Force initialization of variables containing userspace addresses"
+ bool "Zero initialize stack variables"
# Currently STRUCTLEAK inserts initialization out of live scope of
# variables from KASAN point of view. This leads to KASAN false
# positive reports. Prohibit this combination for now.
depends on !KASAN_EXTRA
help
- This plugin zero-initializes any structures containing a
- __user attribute. This can prevent some classes of information
- exposures.
-
- This plugin was ported from grsecurity/PaX. More information at:
+ While the kernel is built with warnings enabled for any missed
+ stack variable initializations, this warning is silenced for
+ anything passed by reference to another function, under the
+ occasionally misguided assumption that the function will do
+ the initialization. As this regularly leads to exploitable
+ flaws, this plugin is available to identify and zero-initialize
+ such variables, depending on the chosen level of coverage.
+
+ This plugin was originally ported from grsecurity/PaX. More
+ information at:
* https://grsecurity.net/
* https://pax.grsecurity.net/
-config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
- bool "Force initialize all struct type variables passed by reference"
+choice
+ prompt "Coverage"
depends on GCC_PLUGIN_STRUCTLEAK
- depends on !COMPILE_TEST
+ default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
help
- Zero initialize any struct type local variable that may be passed by
- reference without having been initialized.
+ This chooses the level of coverage over classes of potentially
+ uninitialized variables. The selected class will be
+ zero-initialized before use.
+
+ config GCC_PLUGIN_STRUCTLEAK_USER
+ bool "structs marked for userspace"
+ help
+ Zero-initialize any structures on the stack containing
+ a __user attribute. This can prevent some classes of
+ uninitialized stack variable exploits and information
+ exposures, like CVE-2013-2141:
+ https://git.kernel.org/linus/b9e146d8eb3b9eca
+
+ config GCC_PLUGIN_STRUCTLEAK_BYREF
+ bool "structs passed by reference"
+ help
+ Zero-initialize any structures on the stack that may
+ be passed by reference and had not already been
+ explicitly initialized. This can prevent most classes
+ of uninitialized stack variable exploits and information
+ exposures, like CVE-2017-1000410:
+ https://git.kernel.org/linus/06e7e776ca4d3654
+
+ config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
+ bool "anything passed by reference"
+ help
+ Zero-initialize any stack variables that may be passed
+ by reference and had not already been explicitly
+ initialized. This is intended to eliminate all classes
+ of uninitialized stack variable exploits and information
+ exposures.
+
+endchoice
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
bool "Report forcefully initialized variables"