malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/security/Kconfig.hardening
Kees Cook 5bb098df6f BACKPORT: security: Implement Clang's stack initialization 
CONFIG_INIT_STACK_ALL turns on stack initialization based on
-ftrivial-auto-var-init in Clang builds, which has greater coverage
than CONFIG_GCC_PLUGINS_STRUCTLEAK_BYREF_ALL.

-ftrivial-auto-var-init Clang option provides trivial initializers for
uninitialized local variables, variable fields and padding.

It has three possible values:
  pattern - uninitialized locals are filled with a fixed pattern
    (mostly 0xAA on 64-bit platforms, see https://reviews.llvm.org/D54604
    for more details, but 0x000000AA for 32-bit pointers) likely to cause
    crashes when uninitialized value is used;
  zero (it's still debated whether this flag makes it to the official
    Clang release) - uninitialized locals are filled with zeroes;
  uninitialized (default) - uninitialized locals are left intact.

This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is
enabled.

Developers have the possibility to opt-out of this feature on a
per-variable basis by using __attribute__((uninitialized)), but such
use should be well justified in comments.

The Android 4.14 backport drops CC_HAS_AUTO_VAR_INIT, because Kconfig
is too old to support compiler feature checks.

Change-Id: I8e990ac3f299be9f6658a881a0518290cdda1157
Co-developed-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Alexander Potapenko <glider@google.com>
Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
(cherry picked from commit 709a972efb01efaeb97cad1adc87fe400119c8ab)
Bug: 133428616
Signed-off-by: Alexander Potapenko <glider@google.com>
2019-06-19 16:21:15 +02:00

42 lines
1.2 KiB
Plaintext
Raw Blame History

menu "Kernel hardening options"
menu "Memory initialization"
choice
prompt "Initialize kernel stack variables at function entry"
default INIT_STACK_NONE
help
This option enables initialization of stack variables at
function entry time. This has the possibility to have the
greatest coverage (since all functions can have their
variables initialized), but the performance impact depends
on the function calling complexity of a given workload's
syscalls.
This chooses the level of coverage over classes of potentially
uninitialized variables. The selected class will be
initialized before use in a function.
config INIT_STACK_NONE
bool "no automatic initialization (weakest)"
help
Disable automatic stack variable initialization.
This leaves the kernel vulnerable to the standard
classes of uninitialized stack variable exploits
and information exposures.
config INIT_STACK_ALL
bool "0xAA-init everything on the stack (strongest)"
help
Initializes everything on the stack with a 0xAA
pattern. This is intended to eliminate all classes
of uninitialized stack variable exploits and information
exposures, even variables that were warned to have been
left uninitialized.
endchoice
endmenu
endmenu
Reference in New Issue View Git Blame Copy Permalink