diff options
Diffstat (limited to 'security/Kconfig.hardening')
| -rw-r--r-- | security/Kconfig.hardening | 7 | 
1 files changed, 7 insertions, 0 deletions
| diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index a1ffe2eb4d5f..af4c979b38ee 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -61,6 +61,7 @@ choice  	config GCC_PLUGIN_STRUCTLEAK_BYREF  		bool "zero-init structs passed by reference (strong)"  		depends on GCC_PLUGINS +		depends on !(KASAN && KASAN_STACK=1)  		select GCC_PLUGIN_STRUCTLEAK  		help  		  Zero-initialize any structures on the stack that may @@ -70,9 +71,15 @@ choice  		  exposures, like CVE-2017-1000410:  		  https://git.kernel.org/linus/06e7e776ca4d3654 +		  As a side-effect, this keeps a lot of variables on the +		  stack that can otherwise be optimized out, so combining +		  this with CONFIG_KASAN_STACK can lead to a stack overflow +		  and is disallowed. +  	config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL  		bool "zero-init anything passed by reference (very strong)"  		depends on GCC_PLUGINS +		depends on !(KASAN && KASAN_STACK=1)  		select GCC_PLUGIN_STRUCTLEAK  		help  		  Zero-initialize any stack variables that may be passed | 
