Component Type: kbuild config
Description: Enable register zeroing on function exit
More info: At the end of functions, always zero any caller-used register contents. This helps ensure that temporary values are not leaked beyond the function boundary. This means that register contents are less likely to be available for side channels and information exposures. Additionally, this helps reduce the number of useful ROP gadgets by about 20% (and removes compiler generated "write-what-where" gadgets) in the resulting kernel image. This has a less than 1% performance impact on most workloads. Image size growth depends on architecture, and should be evaluated for suitability. For example, x86_64 grows by less than 1%, and arm64 grows by about 5%.
Build project: Kconfig (Linux kconfig) (Path: security\Kconfig )
Other views: file explorer