1menu "Kernel hardening options" 2 3menu "Memory initialization" 4 5choice 6 prompt "Initialize kernel stack variables at function entry" 7 default INIT_STACK_NONE 8 help 9 This option enables initialization of stack variables at 10 function entry time. This has the possibility to have the 11 greatest coverage (since all functions can have their 12 variables initialized), but the performance impact depends 13 on the function calling complexity of a given workload's 14 syscalls. 15 16 This chooses the level of coverage over classes of potentially 17 uninitialized variables. The selected class will be 18 initialized before use in a function. 19 20 config INIT_STACK_NONE 21 bool "no automatic initialization (weakest)" 22 help 23 Disable automatic stack variable initialization. 24 This leaves the kernel vulnerable to the standard 25 classes of uninitialized stack variable exploits 26 and information exposures. 27 28 config INIT_STACK_ALL 29 bool "0xAA-init everything on the stack (strongest)" 30 help 31 Initializes everything on the stack with a 0xAA 32 pattern. This is intended to eliminate all classes 33 of uninitialized stack variable exploits and information 34 exposures, even variables that were warned to have been 35 left uninitialized. 36 37endchoice 38 39endmenu 40 41endmenu 42