-
CONFIG_STACK_POINTER_RANDOM
¶
Initial stack pointer randomization bounds
Type: int
Help¶
This option performs a limited form of Address Space Layout Randomization by offsetting some random value to a thread’s initial stack pointer upon creation. This hinders some types of security attacks by making the location of any given stack frame non-deterministic.
This feature can waste up to the specified size in bytes the stack region, which is carved out of the total size of the stack region. A reasonable minimum value would be around 100 bytes if this can be spared.
This is currently only implemented for systems whose stack pointers grow towards lower memory addresses.
Direct dependencies¶
!STACK_GROWS_UP
&& MULTITHREADING
&& (TEST_RANDOM_GENERATOR
|| ENTROPY_HAS_DRIVER
)
(Includes any dependencies from ifs and menus.)
Default¶
0
Kconfig definition¶
At <Zephyr>/kernel/Kconfig:675
Included via <Zephyr>/Kconfig:8
→ <Zephyr>/Kconfig.zephyr:30
Menu path: (Top) → General Kernel Options → Security Options
config STACK_POINTER_RANDOM int "Initial stack pointer randomization bounds" default 0 depends on !STACK_GROWS_UP
&&MULTITHREADING
&& (TEST_RANDOM_GENERATOR
||ENTROPY_HAS_DRIVER
) help This option performs a limited form of Address Space Layout Randomization by offsetting some random value to a thread's initial stack pointer upon creation. This hinders some types of security attacks by making the location of any given stack frame non-deterministic. This feature can waste up to the specified size in bytes the stack region, which is carved out of the total size of the stack region. A reasonable minimum value would be around 100 bytes if this can be spared. This is currently only implemented for systems whose stack pointers grow towards lower memory addresses.
(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)