diff options
author | Linus Torvalds | 2017-02-22 09:05:47 -0800 |
---|---|---|
committer | Linus Torvalds | 2017-02-22 09:05:47 -0800 |
commit | 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3 (patch) | |
tree | ffc00daba83ccff816a089677ed5eeac0f92fc0f /arch | |
parent | 7bb033829ef3ecfc491c0ed0197966e8f197fbdc (diff) | |
parent | c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6 (diff) |
Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc-plugins updates from Kees Cook:
"This includes infrastructure updates and the structleak plugin, which
performs forced initialization of certain structures to avoid possible
information exposures to userspace.
Summary:
- infrastructure updates (gcc-common.h)
- introduce structleak plugin for forced initialization of some
structures"
* tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: Add structleak for more stack initialization
gcc-plugins: consolidate on PASS_INFO macro
gcc-plugins: add PASS_INFO and build_const_char_string()
Diffstat (limited to 'arch')
-rw-r--r-- | arch/Kconfig | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 33f5a555c32a..2bbf5baff690 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -410,6 +410,28 @@ config GCC_PLUGIN_LATENT_ENTROPY * https://grsecurity.net/ * https://pax.grsecurity.net/ +config GCC_PLUGIN_STRUCTLEAK + bool "Force initialization of variables containing userspace addresses" + depends on GCC_PLUGINS + help + This plugin zero-initializes any structures that containing a + __user attribute. This can prevent some classes of information + exposures. + + This plugin was ported from grsecurity/PaX. More information at: + * https://grsecurity.net/ + * https://pax.grsecurity.net/ + +config GCC_PLUGIN_STRUCTLEAK_VERBOSE + bool "Report forcefully initialized variables" + depends on GCC_PLUGIN_STRUCTLEAK + depends on !COMPILE_TEST + help + This option will cause a warning to be printed each time the + structleak plugin finds a variable it thinks needs to be + initialized. Since not all existing initializers are detected + by the plugin, this can produce false positive warnings. + config HAVE_CC_STACKPROTECTOR bool help |