Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fc5e40cc authored by Alistair Delva's avatar Alistair Delva
Browse files

ANDROID: Fix allmodconfig build with CC=clang 



When GCC_PLUGIN_STRUCTLEAK was backported, a prompt text mysteriously
made its way into the Kconfig option. Because this option is not
dependent on GCC_PLUGINS, it could become enabled even when building
with "CC=clang allmodconfig", which is not correct. The option is
correctly selected by GCC_PLUGIN_STRUCTLEAK_BYREF_ALL so this prompt
text seems to be unnecessary.

This change also aligns the help text to match upstream, to match the
version that was claimed to have been backported.

Fixes: e0c6791d ("BACKPORT: security: Create "kernel hardening" config area")
Bug: 143965122
Test: make CC=clang allmodconfig && make -j
Change-Id: Ia9dc88ec1bbfd3950eda5a3eb698ecd41c7e0c9a
Signed-off-by: default avatarAlistair Delva <adelva@google.com>
parent b777b6f2

security/Kconfig.hardening

+10 −5
Original line number Original line Diff line number Diff line
@@ -2,13 +2,18 @@ 
menu "Kernel hardening options"

menu "Kernel hardening options"





config GCC_PLUGIN_STRUCTLEAK

config GCC_PLUGIN_STRUCTLEAK

	bool "Force initialization of variables containing userspace addresses"

	bool

	help

	help

	  This plugin zero-initializes any structures containing a

	  While the kernel is built with warnings enabled for any missed

	  __user attribute. This can prevent some classes of information

	  stack variable initializations, this warning is silenced for

	  exposures.

	  anything passed by reference to another function, under the

	  occasionally misguided assumption that the function will do

	  the initialization. As this regularly leads to exploitable

	  flaws, this plugin is available to identify and zero-initialize

	  such variables, depending on the chosen level of coverage.





	  This plugin was ported from grsecurity/PaX. More information at:

	  This plugin was originally ported from grsecurity/PaX. More

	  information at:

	   * https://grsecurity.net/

	   * https://grsecurity.net/

	   * https://pax.grsecurity.net/

	   * https://pax.grsecurity.net/