Help¶

This option performs a limited form of Address Space Layout Randomization by offsetting some random value to a thread’s initial stack pointer upon creation. This hinders some types of security attacks by making the location of any given stack frame non-deterministic.

This feature can waste up to the specified size in bytes the stack region, which is carved out of the total size of the stack region. A reasonable minimum value would be around 100 bytes if this can be spared.

This is currently only implemented for systems whose stack pointers grow towards lower memory addresses.

Direct dependencies¶

!STACK_GROWS_UP && MULTITHREADING && (TEST_RANDOM_GENERATOR || ENTROPY_HAS_DRIVER)

(Includes any dependencies from ifs and menus.)

Default¶

0

Kconfig definition¶

At <Zephyr>/kernel/Kconfig:698

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:30

Menu path: (Top) → General Kernel Options → Security Options

config STACK_POINTER_RANDOM
    int "Initial stack pointer randomization bounds"
    default 0
    depends on !STACK_GROWS_UP && MULTITHREADING && (TEST_RANDOM_GENERATOR || ENTROPY_HAS_DRIVER)
    help
      This option performs a limited form of Address Space Layout
      Randomization by offsetting some random value to a thread's
      initial stack pointer upon creation. This hinders some types of
      security attacks by making the location of any given stack frame
      non-deterministic.

      This feature can waste up to the specified size in bytes the stack
      region, which is carved out of the total size of the stack region.
      A reasonable minimum value would be around 100 bytes if this can
      be spared.

      This is currently only implemented for systems whose stack pointers
      grow towards lower memory addresses.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)