~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/Kconfig.hardening

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/Kconfig.hardening (Version linux-6.12-rc7) and /security/Kconfig.hardening (Version linux-5.12.19)


  1 # SPDX-License-Identifier: GPL-2.0-only             1 # SPDX-License-Identifier: GPL-2.0-only
  2 menu "Kernel hardening options"                     2 menu "Kernel hardening options"
  3                                                     3 
  4 config GCC_PLUGIN_STRUCTLEAK                        4 config GCC_PLUGIN_STRUCTLEAK
  5         bool                                        5         bool
  6         help                                        6         help
  7           While the kernel is built with warni      7           While the kernel is built with warnings enabled for any missed
  8           stack variable initializations, this      8           stack variable initializations, this warning is silenced for
  9           anything passed by reference to anot      9           anything passed by reference to another function, under the
 10           occasionally misguided assumption th     10           occasionally misguided assumption that the function will do
 11           the initialization. As this regularl     11           the initialization. As this regularly leads to exploitable
 12           flaws, this plugin is available to i     12           flaws, this plugin is available to identify and zero-initialize
 13           such variables, depending on the cho     13           such variables, depending on the chosen level of coverage.
 14                                                    14 
 15           This plugin was originally ported fr     15           This plugin was originally ported from grsecurity/PaX. More
 16           information at:                          16           information at:
 17            * https://grsecurity.net/               17            * https://grsecurity.net/
 18            * https://pax.grsecurity.net/           18            * https://pax.grsecurity.net/
 19                                                    19 
 20 menu "Memory initialization"                       20 menu "Memory initialization"
 21                                                    21 
 22 config CC_HAS_AUTO_VAR_INIT_PATTERN                22 config CC_HAS_AUTO_VAR_INIT_PATTERN
 23         def_bool $(cc-option,-ftrivial-auto-va     23         def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
 24                                                    24 
 25 config CC_HAS_AUTO_VAR_INIT_ZERO_BARE          << 
 26         def_bool $(cc-option,-ftrivial-auto-va << 
 27                                                << 
 28 config CC_HAS_AUTO_VAR_INIT_ZERO_ENABLER       << 
 29         # Clang 16 and later warn about using  << 
 30         # is required before then.             << 
 31         def_bool $(cc-option,-ftrivial-auto-va << 
 32         depends on !CC_HAS_AUTO_VAR_INIT_ZERO_ << 
 33                                                << 
 34 config CC_HAS_AUTO_VAR_INIT_ZERO                   25 config CC_HAS_AUTO_VAR_INIT_ZERO
 35         def_bool CC_HAS_AUTO_VAR_INIT_ZERO_BAR !!  26         def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
 36                                                    27 
 37 choice                                             28 choice
 38         prompt "Initialize kernel stack variab     29         prompt "Initialize kernel stack variables at function entry"
 39         default GCC_PLUGIN_STRUCTLEAK_BYREF_AL     30         default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
 40         default INIT_STACK_ALL_PATTERN if COMP     31         default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
 41         default INIT_STACK_ALL_ZERO if CC_HAS_ << 
 42         default INIT_STACK_NONE                    32         default INIT_STACK_NONE
 43         help                                       33         help
 44           This option enables initialization o     34           This option enables initialization of stack variables at
 45           function entry time. This has the po     35           function entry time. This has the possibility to have the
 46           greatest coverage (since all functio     36           greatest coverage (since all functions can have their
 47           variables initialized), but the perf     37           variables initialized), but the performance impact depends
 48           on the function calling complexity o     38           on the function calling complexity of a given workload's
 49           syscalls.                                39           syscalls.
 50                                                    40 
 51           This chooses the level of coverage o     41           This chooses the level of coverage over classes of potentially
 52           uninitialized variables. The selecte !!  42           uninitialized variables. The selected class will be
 53           initialized before use in a function     43           initialized before use in a function.
 54                                                    44 
 55         config INIT_STACK_NONE                     45         config INIT_STACK_NONE
 56                 bool "no automatic stack varia !!  46                 bool "no automatic initialization (weakest)"
 57                 help                               47                 help
 58                   Disable automatic stack vari     48                   Disable automatic stack variable initialization.
 59                   This leaves the kernel vulne     49                   This leaves the kernel vulnerable to the standard
 60                   classes of uninitialized sta     50                   classes of uninitialized stack variable exploits
 61                   and information exposures.       51                   and information exposures.
 62                                                    52 
 63         config GCC_PLUGIN_STRUCTLEAK_USER          53         config GCC_PLUGIN_STRUCTLEAK_USER
 64                 bool "zero-init structs marked     54                 bool "zero-init structs marked for userspace (weak)"
 65                 # Plugin can be removed once t !!  55                 depends on GCC_PLUGINS
 66                 depends on GCC_PLUGINS && !CC_ << 
 67                 select GCC_PLUGIN_STRUCTLEAK       56                 select GCC_PLUGIN_STRUCTLEAK
 68                 help                               57                 help
 69                   Zero-initialize any structur     58                   Zero-initialize any structures on the stack containing
 70                   a __user attribute. This can     59                   a __user attribute. This can prevent some classes of
 71                   uninitialized stack variable     60                   uninitialized stack variable exploits and information
 72                   exposures, like CVE-2013-214     61                   exposures, like CVE-2013-2141:
 73                   https://git.kernel.org/linus     62                   https://git.kernel.org/linus/b9e146d8eb3b9eca
 74                                                    63 
 75         config GCC_PLUGIN_STRUCTLEAK_BYREF         64         config GCC_PLUGIN_STRUCTLEAK_BYREF
 76                 bool "zero-init structs passed     65                 bool "zero-init structs passed by reference (strong)"
 77                 # Plugin can be removed once t !!  66                 depends on GCC_PLUGINS
 78                 depends on GCC_PLUGINS && !CC_ << 
 79                 depends on !(KASAN && KASAN_ST     67                 depends on !(KASAN && KASAN_STACK)
 80                 select GCC_PLUGIN_STRUCTLEAK       68                 select GCC_PLUGIN_STRUCTLEAK
 81                 help                               69                 help
 82                   Zero-initialize any structur     70                   Zero-initialize any structures on the stack that may
 83                   be passed by reference and h     71                   be passed by reference and had not already been
 84                   explicitly initialized. This     72                   explicitly initialized. This can prevent most classes
 85                   of uninitialized stack varia     73                   of uninitialized stack variable exploits and information
 86                   exposures, like CVE-2017-100     74                   exposures, like CVE-2017-1000410:
 87                   https://git.kernel.org/linus     75                   https://git.kernel.org/linus/06e7e776ca4d3654
 88                                                    76 
 89                   As a side-effect, this keeps     77                   As a side-effect, this keeps a lot of variables on the
 90                   stack that can otherwise be      78                   stack that can otherwise be optimized out, so combining
 91                   this with CONFIG_KASAN_STACK     79                   this with CONFIG_KASAN_STACK can lead to a stack overflow
 92                   and is disallowed.               80                   and is disallowed.
 93                                                    81 
 94         config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL     82         config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
 95                 bool "zero-init everything pas !!  83                 bool "zero-init anything passed by reference (very strong)"
 96                 # Plugin can be removed once t !!  84                 depends on GCC_PLUGINS
 97                 depends on GCC_PLUGINS && !CC_ << 
 98                 depends on !(KASAN && KASAN_ST     85                 depends on !(KASAN && KASAN_STACK)
 99                 select GCC_PLUGIN_STRUCTLEAK       86                 select GCC_PLUGIN_STRUCTLEAK
100                 help                               87                 help
101                   Zero-initialize any stack va     88                   Zero-initialize any stack variables that may be passed
102                   by reference and had not alr     89                   by reference and had not already been explicitly
103                   initialized. This is intende     90                   initialized. This is intended to eliminate all classes
104                   of uninitialized stack varia     91                   of uninitialized stack variable exploits and information
105                   exposures.                       92                   exposures.
106                                                    93 
107                   As a side-effect, this keeps << 
108                   stack that can otherwise be  << 
109                   this with CONFIG_KASAN_STACK << 
110                   and is disallowed.           << 
111                                                << 
112         config INIT_STACK_ALL_PATTERN              94         config INIT_STACK_ALL_PATTERN
113                 bool "pattern-init everything  !!  95                 bool "0xAA-init everything on the stack (strongest)"
114                 depends on CC_HAS_AUTO_VAR_INI     96                 depends on CC_HAS_AUTO_VAR_INIT_PATTERN
115                 depends on !KMSAN              << 
116                 help                               97                 help
117                   Initializes everything on th !!  98                   Initializes everything on the stack with a 0xAA
118                   with a specific debug value. !!  99                   pattern. This is intended to eliminate all classes
119                   all classes of uninitialized !! 100                   of uninitialized stack variable exploits and information
120                   information exposures, even  !! 101                   exposures, even variables that were warned to have been
121                   having been left uninitializ !! 102                   left uninitialized.
122                                                   103 
123                   Pattern initialization is kn    104                   Pattern initialization is known to provoke many existing bugs
124                   related to uninitialized loc    105                   related to uninitialized locals, e.g. pointers receive
125                   non-NULL values, buffer size !! 106                   non-NULL values, buffer sizes and indices are very big.
126                   pattern is situation-specifi << 
127                   repeating for all types and  << 
128                   which use 0xFF repeating (-N << 
129                   repeating for all types and  << 
130                                                   107 
131         config INIT_STACK_ALL_ZERO                108         config INIT_STACK_ALL_ZERO
132                 bool "zero-init everything (st !! 109                 bool "zero-init everything on the stack (strongest and safest)"
133                 depends on CC_HAS_AUTO_VAR_INI    110                 depends on CC_HAS_AUTO_VAR_INIT_ZERO
134                 depends on !KMSAN              << 
135                 help                              111                 help
136                   Initializes everything on th !! 112                   Initializes everything on the stack with a zero
137                   with a zero value. This is i !! 113                   value. This is intended to eliminate all classes
138                   classes of uninitialized sta !! 114                   of uninitialized stack variable exploits and information
139                   information exposures, even  !! 115                   exposures, even variables that were warned to have been
140                   about having been left unini !! 116                   left uninitialized.
141                                                !! 117 
142                   Zero initialization provides !! 118                   Zero initialization provides safe defaults for strings,
143                   (immediately NUL-terminated) !! 119                   pointers, indices and sizes, and is therefore
144                   (index 0), and sizes (0 leng !! 120                   more suitable as a security mitigation measure.
145                   suitable as a production sec << 
146                   initialization.              << 
147                                                   121 
148 endchoice                                         122 endchoice
149                                                   123 
150 config GCC_PLUGIN_STRUCTLEAK_VERBOSE              124 config GCC_PLUGIN_STRUCTLEAK_VERBOSE
151         bool "Report forcefully initialized va    125         bool "Report forcefully initialized variables"
152         depends on GCC_PLUGIN_STRUCTLEAK          126         depends on GCC_PLUGIN_STRUCTLEAK
153         depends on !COMPILE_TEST        # too     127         depends on !COMPILE_TEST        # too noisy
154         help                                      128         help
155           This option will cause a warning to     129           This option will cause a warning to be printed each time the
156           structleak plugin finds a variable i    130           structleak plugin finds a variable it thinks needs to be
157           initialized. Since not all existing     131           initialized. Since not all existing initializers are detected
158           by the plugin, this can produce fals    132           by the plugin, this can produce false positive warnings.
159                                                   133 
160 config GCC_PLUGIN_STACKLEAK                       134 config GCC_PLUGIN_STACKLEAK
161         bool "Poison kernel stack before retur    135         bool "Poison kernel stack before returning from syscalls"
162         depends on GCC_PLUGINS                    136         depends on GCC_PLUGINS
163         depends on HAVE_ARCH_STACKLEAK            137         depends on HAVE_ARCH_STACKLEAK
164         help                                      138         help
165           This option makes the kernel erase t    139           This option makes the kernel erase the kernel stack before
166           returning from system calls. This ha    140           returning from system calls. This has the effect of leaving
167           the stack initialized to the poison     141           the stack initialized to the poison value, which both reduces
168           the lifetime of any sensitive stack     142           the lifetime of any sensitive stack contents and reduces
169           potential for uninitialized stack va    143           potential for uninitialized stack variable exploits or information
170           exposures (it does not cover functio    144           exposures (it does not cover functions reaching the same stack
171           depth as prior functions during the     145           depth as prior functions during the same syscall). This blocks
172           most uninitialized stack variable at    146           most uninitialized stack variable attacks, with the performance
173           impact being driven by the depth of     147           impact being driven by the depth of the stack usage, rather than
174           the function calling complexity.        148           the function calling complexity.
175                                                   149 
176           The performance impact on a single C    150           The performance impact on a single CPU system kernel compilation
177           sees a 1% slowdown, other systems an    151           sees a 1% slowdown, other systems and workloads may vary and you
178           are advised to test this feature on     152           are advised to test this feature on your expected workload before
179           deploying it.                           153           deploying it.
180                                                   154 
181           This plugin was ported from grsecuri    155           This plugin was ported from grsecurity/PaX. More information at:
182            * https://grsecurity.net/              156            * https://grsecurity.net/
183            * https://pax.grsecurity.net/          157            * https://pax.grsecurity.net/
184                                                   158 
185 config GCC_PLUGIN_STACKLEAK_VERBOSE            << 
186         bool "Report stack depth analysis inst << 
187         depends on GCC_PLUGIN_STACKLEAK        << 
188         depends on !COMPILE_TEST        # too  << 
189         help                                   << 
190           This option will cause a warning to  << 
191           stackleak plugin finds a function it << 
192           instrumented. This is useful for com << 
193           builds.                              << 
194                                                << 
195 config STACKLEAK_TRACK_MIN_SIZE                   159 config STACKLEAK_TRACK_MIN_SIZE
196         int "Minimum stack frame size of funct    160         int "Minimum stack frame size of functions tracked by STACKLEAK"
197         default 100                               161         default 100
198         range 0 4096                              162         range 0 4096
199         depends on GCC_PLUGIN_STACKLEAK           163         depends on GCC_PLUGIN_STACKLEAK
200         help                                      164         help
201           The STACKLEAK gcc plugin instruments    165           The STACKLEAK gcc plugin instruments the kernel code for tracking
202           the lowest border of the kernel stac    166           the lowest border of the kernel stack (and for some other purposes).
203           It inserts the stackleak_track_stack    167           It inserts the stackleak_track_stack() call for the functions with
204           a stack frame size greater than or e    168           a stack frame size greater than or equal to this parameter.
205           If unsure, leave the default value 1    169           If unsure, leave the default value 100.
206                                                   170 
207 config STACKLEAK_METRICS                          171 config STACKLEAK_METRICS
208         bool "Show STACKLEAK metrics in the /p    172         bool "Show STACKLEAK metrics in the /proc file system"
209         depends on GCC_PLUGIN_STACKLEAK           173         depends on GCC_PLUGIN_STACKLEAK
210         depends on PROC_FS                        174         depends on PROC_FS
211         help                                      175         help
212           If this is set, STACKLEAK metrics fo    176           If this is set, STACKLEAK metrics for every task are available in
213           the /proc file system. In particular    177           the /proc file system. In particular, /proc/<pid>/stack_depth
214           shows the maximum kernel stack consu    178           shows the maximum kernel stack consumption for the current and
215           previous syscalls. Although this inf    179           previous syscalls. Although this information is not precise, it
216           can be useful for estimating the STA    180           can be useful for estimating the STACKLEAK performance impact for
217           your workloads.                         181           your workloads.
218                                                   182 
219 config STACKLEAK_RUNTIME_DISABLE                  183 config STACKLEAK_RUNTIME_DISABLE
220         bool "Allow runtime disabling of kerne    184         bool "Allow runtime disabling of kernel stack erasing"
221         depends on GCC_PLUGIN_STACKLEAK           185         depends on GCC_PLUGIN_STACKLEAK
222         help                                      186         help
223           This option provides 'stack_erasing'    187           This option provides 'stack_erasing' sysctl, which can be used in
224           runtime to control kernel stack eras    188           runtime to control kernel stack erasing for kernels built with
225           CONFIG_GCC_PLUGIN_STACKLEAK.            189           CONFIG_GCC_PLUGIN_STACKLEAK.
226                                                   190 
227 config INIT_ON_ALLOC_DEFAULT_ON                   191 config INIT_ON_ALLOC_DEFAULT_ON
228         bool "Enable heap memory zeroing on al    192         bool "Enable heap memory zeroing on allocation by default"
229         depends on !KMSAN                      << 
230         help                                      193         help
231           This has the effect of setting "init    194           This has the effect of setting "init_on_alloc=1" on the kernel
232           command line. This can be disabled w    195           command line. This can be disabled with "init_on_alloc=0".
233           When "init_on_alloc" is enabled, all    196           When "init_on_alloc" is enabled, all page allocator and slab
234           allocator memory will be zeroed when    197           allocator memory will be zeroed when allocated, eliminating
235           many kinds of "uninitialized heap me    198           many kinds of "uninitialized heap memory" flaws, especially
236           heap content exposures. The performa    199           heap content exposures. The performance impact varies by
237           workload, but most cases see <1% imp    200           workload, but most cases see <1% impact. Some synthetic
238           workloads have measured as high as 7    201           workloads have measured as high as 7%.
239                                                   202 
240 config INIT_ON_FREE_DEFAULT_ON                    203 config INIT_ON_FREE_DEFAULT_ON
241         bool "Enable heap memory zeroing on fr    204         bool "Enable heap memory zeroing on free by default"
242         depends on !KMSAN                      << 
243         help                                      205         help
244           This has the effect of setting "init    206           This has the effect of setting "init_on_free=1" on the kernel
245           command line. This can be disabled w    207           command line. This can be disabled with "init_on_free=0".
246           Similar to "init_on_alloc", when "in    208           Similar to "init_on_alloc", when "init_on_free" is enabled,
247           all page allocator and slab allocato    209           all page allocator and slab allocator memory will be zeroed
248           when freed, eliminating many kinds o    210           when freed, eliminating many kinds of "uninitialized heap memory"
249           flaws, especially heap content expos    211           flaws, especially heap content exposures. The primary difference
250           with "init_on_free" is that data lif    212           with "init_on_free" is that data lifetime in memory is reduced,
251           as anything freed is wiped immediate    213           as anything freed is wiped immediately, making live forensics or
252           cold boot memory attacks unable to r    214           cold boot memory attacks unable to recover freed memory contents.
253           The performance impact varies by wor    215           The performance impact varies by workload, but is more expensive
254           than "init_on_alloc" due to the nega    216           than "init_on_alloc" due to the negative cache effects of
255           touching "cold" memory areas. Most c    217           touching "cold" memory areas. Most cases see 3-5% impact. Some
256           synthetic workloads have measured as    218           synthetic workloads have measured as high as 8%.
257                                                   219 
258 config CC_HAS_ZERO_CALL_USED_REGS              << 
259         def_bool $(cc-option,-fzero-call-used- << 
260         # https://github.com/ClangBuiltLinux/l << 
261         # https://github.com/llvm/llvm-project << 
262         depends on !CC_IS_CLANG || CLANG_VERSI << 
263                                                << 
264 config ZERO_CALL_USED_REGS                     << 
265         bool "Enable register zeroing on funct << 
266         depends on CC_HAS_ZERO_CALL_USED_REGS  << 
267         help                                   << 
268           At the end of functions, always zero << 
269           contents. This helps ensure that tem << 
270           leaked beyond the function boundary. << 
271           contents are less likely to be avail << 
272           and information exposures. Additiona << 
273           number of useful ROP gadgets by abou << 
274           generated "write-what-where" gadgets << 
275           image. This has a less than 1% perfo << 
276           workloads. Image size growth depends << 
277           be evaluated for suitability. For ex << 
278           than 1%, and arm64 grows by about 5% << 
279                                                << 
280 endmenu                                           220 endmenu
281                                                << 
282 menu "Hardening of kernel data structures"     << 
283                                                << 
284 config LIST_HARDENED                           << 
285         bool "Check integrity of linked list m << 
286         help                                   << 
287           Minimal integrity checking in the li << 
288           to catch memory corruptions that are << 
289           immediate access fault.              << 
290                                                << 
291           If unsure, say N.                    << 
292                                                << 
293 config BUG_ON_DATA_CORRUPTION                  << 
294         bool "Trigger a BUG when data corrupti << 
295         select LIST_HARDENED                   << 
296         help                                   << 
297           Select this option if the kernel sho << 
298           data corruption in kernel memory str << 
299           for validity.                        << 
300                                                << 
301           If unsure, say N.                    << 
302                                                << 
303 endmenu                                        << 
304                                                << 
305 config CC_HAS_RANDSTRUCT                       << 
306         def_bool $(cc-option,-frandomize-layou << 
307         # Randstruct was first added in Clang  << 
308         # Clang 16 due to https://github.com/l << 
309         depends on !CC_IS_CLANG || CLANG_VERSI << 
310                                                << 
311 choice                                         << 
312         prompt "Randomize layout of sensitive  << 
313         default RANDSTRUCT_FULL if COMPILE_TES << 
314         default RANDSTRUCT_NONE                << 
315         help                                   << 
316           If you enable this, the layouts of s << 
317           function pointers (and have not been << 
318           __no_randomize_layout), or structure << 
319           marked with __randomize_layout, will << 
320           This can introduce the requirement o << 
321           exposure vulnerability for exploits  << 
322           types.                               << 
323                                                << 
324           Enabling this feature will introduce << 
325           slightly increase memory usage, and  << 
326           tools like Volatility against the sy << 
327           source tree isn't cleaned after kern << 
328                                                << 
329           The seed used for compilation is in  << 
330           It remains after a "make clean" to a << 
331           be compiled with the existing seed a << 
332           "make mrproper" or "make distclean". << 
333           public, or the structure layout can  << 
334                                                << 
335         config RANDSTRUCT_NONE                 << 
336                 bool "Disable structure layout << 
337                 help                           << 
338                   Build normally: no structure << 
339                                                << 
340         config RANDSTRUCT_FULL                 << 
341                 bool "Fully randomize structur << 
342                 depends on CC_HAS_RANDSTRUCT | << 
343                 select MODVERSIONS if MODULES  << 
344                 help                           << 
345                   Fully randomize the member l << 
346                   structures as much as possib << 
347                   memory size and performance  << 
348                                                << 
349                   One difference between the C << 
350                   implementations is the handl << 
351                   plugin treats them as fully  << 
352                   introducing sometimes signif << 
353                   to keep adjacent bitfields t << 
354                   ordering randomized.         << 
355                                                << 
356         config RANDSTRUCT_PERFORMANCE          << 
357                 bool "Limit randomization of s << 
358                 depends on GCC_PLUGINS         << 
359                 select MODVERSIONS if MODULES  << 
360                 help                           << 
361                   Randomization of sensitive k << 
362                   best effort at restricting r << 
363                   groups of members. It will f << 
364                   in structures. This reduces  << 
365                   at the cost of weakened rand << 
366 endchoice                                      << 
367                                                << 
368 config RANDSTRUCT                              << 
369         def_bool !RANDSTRUCT_NONE              << 
370                                                << 
371 config GCC_PLUGIN_RANDSTRUCT                   << 
372         def_bool GCC_PLUGINS && RANDSTRUCT     << 
373         help                                   << 
374           Use GCC plugin to randomize structur << 
375                                                << 
376           This plugin was ported from grsecuri << 
377           information at:                      << 
378            * https://grsecurity.net/           << 
379            * https://pax.grsecurity.net/       << 
380                                                   221 
381 endmenu                                           222 endmenu
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php