diff options
| author | Kees Cook <keescook@chromium.org> | 2017-02-21 21:12:57 -0800 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2017-02-21 21:12:57 -0800 |
| commit | c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6 (patch) | |
| tree | e37110acf18ab5139e589576856c6e1611bfd6b3 /arch | |
| parent | e7e04c0c8c7ea931d966e5bd349a0b1c836b1ebf (diff) | |
| parent | c61f13eaa1ee17728c41370100d2d45c254ce76f (diff) | |
| download | linux-c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6.tar.gz | |
Merge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/Kconfig | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 99839c23d453..646ba0f42c5f 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -410,6 +410,28 @@ config GCC_PLUGIN_LATENT_ENTROPY * https://grsecurity.net/ * https://pax.grsecurity.net/ +config GCC_PLUGIN_STRUCTLEAK + bool "Force initialization of variables containing userspace addresses" + depends on GCC_PLUGINS + help + This plugin zero-initializes any structures that containing a + __user attribute. This can prevent some classes of information + exposures. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_STRUCTLEAK_VERBOSE + bool "Report forcefully initialized variables" + depends on GCC_PLUGIN_STRUCTLEAK + depends on !COMPILE_TEST + help + This option will cause a warning to be printed each time the + structleak plugin finds a variable it thinks needs to be + initialized. Since not all existing initializers are detected + by the plugin, this can produce false positive warnings. + config HAVE_CC_STACKPROTECTOR bool help |