On 8/9/19 7:53 AM, Riccardo Corsi via lfs-dev wrote:
Hello, I have a question about a 5.2.7 kernel parameter.
Initialize kernel stack variables at function entry: (1...4)
This is the related part of config kernel file:
# Memory initialization
#
# CONFIG_INIT_STACK_NONE is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK_USER=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set
# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
What is the best selection?
I'm not really familiar with that option, but I see it is in the kernel
hardening section of the security options. From the help, it says
This option enables initialization of stack variables at
function entry time. This has the possibility to have the
greatest coverage (since all functions can have their
variables initialized), but the performance impact depends
on the function calling complexity of a given workload's
syscalls.
This chooses the level of coverage over classes of potentially
uninitialized variables. The selected class will be
initialized before use in a function.
====
So there will be a trade off between security and performance.
Generally when I do not know otherwise, I just take the default for the
option.
-- Bruce
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
