ANDROID: Fix allmodconfig build with CC=clang

When GCC_PLUGIN_STRUCTLEAK was backported, a prompt text mysteriously made its way into the Kconfig option. Because this option is not dependent on GCC_PLUGINS, it could become enabled even when building with "CC=clang allmodconfig", which is not correct. The option is correctly selected by GCC_PLUGIN_STRUCTLEAK_BYREF_ALL so this prompt text seems to be unnecessary. This change also aligns the help text to match upstream, to match the version that was claimed to have been backported. Fixes: e0c6791d04 ("BACKPORT: security: Create "kernel hardening" config area") Bug: 143965122 Test: make CC=clang allmodconfig && make -j Change-Id: Ia9dc88ec1bbfd3950eda5a3eb698ecd41c7e0c9a Signed-off-by: Alistair Delva <adelva@google.com>
2026-04-03 16:43:09 +00:00 · 2019-11-14 10:54:26 -08:00
parent b777b6f211
commit fc5e40ccb8
1 changed files with 10 additions and 5 deletions
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@ -2,13 +2,18 @@
 menu "Kernel hardening options"

 config GCC_PLUGIN_STRUCTLEAK
-	bool "Force initialization of variables containing userspace addresses"
+	bool
 	help
-	  This plugin zero-initializes any structures containing a
-	  __user attribute. This can prevent some classes of information
-	  exposures.
+	  While the kernel is built with warnings enabled for any missed
+	  stack variable initializations, this warning is silenced for
+	  anything passed by reference to another function, under the
+	  occasionally misguided assumption that the function will do
+	  the initialization. As this regularly leads to exploitable
+	  flaws, this plugin is available to identify and zero-initialize
+	  such variables, depending on the chosen level of coverage.

-	  This plugin was ported from grsecurity/PaX. More information at:
+	  This plugin was originally ported from grsecurity/PaX. More
+	  information at:
 	   * https://grsecurity.net/
 	   * https://pax.grsecurity.net/