[lfs-dev] Kernel memory initializaton

Bruce Dubbs bruce.dubbs at gmail.com
Fri Aug 9 07:08:43 PDT 2019


On 8/9/19 7:53 AM, Riccardo Corsi via lfs-dev wrote:
> Hello, I have a question about a 5.2.7 kernel parameter.
> Initialize kernel stack variables at function entry: (1...4)
> 
> This is the related part of config kernel file:
> 
> # Memory initialization
> #
> # CONFIG_INIT_STACK_NONE is not set
> CONFIG_GCC_PLUGIN_STRUCTLEAK_USER=y
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
> 
> What is the best selection?

I'm not really familiar with that option, but I see it is in the kernel 
hardening section of the security options.  From the help, it says

This option enables initialization of stack variables at
function entry time. This has the possibility to have the
greatest coverage (since all functions can have their
variables initialized), but the performance impact depends
on the function calling complexity of a given workload's
syscalls.

This chooses the level of coverage over classes of potentially
uninitialized variables. The selected class will be
initialized before use in a function.
====
So there will be a trade off between security and performance. 
Generally when I do not know otherwise, I just take the default for the 
option.

   -- Bruce


More information about the lfs-dev mailing list