:orphan:

.. title:: STACK_POINTER_RANDOM

.. option:: CONFIG_STACK_POINTER_RANDOM

*Initial stack pointer randomization bounds*

Type: ``int``

Help
====

This option performs a limited form of Address Space Layout
Randomization by offsetting some random value to a thread's
initial stack pointer upon creation. This hinders some types of
security attacks by making the location of any given stack frame
non-deterministic.

This feature can waste up to the specified size in bytes the stack
region, which is carved out of the total size of the stack region.
A reasonable minimum value would be around 100 bytes if this can
be spared.

This is currently only implemented for systems whose stack pointers
grow towards lower memory addresses.

Direct dependencies
===================

!\ :option:`STACK_GROWS_UP <CONFIG_STACK_GROWS_UP>` && \ :option:`MULTITHREADING <CONFIG_MULTITHREADING>` && (\ :option:`TEST_RANDOM_GENERATOR <CONFIG_TEST_RANDOM_GENERATOR>` || \ :option:`ENTROPY_HAS_DRIVER <CONFIG_ENTROPY_HAS_DRIVER>`)

*(Includes any dependencies from ifs and menus.)*

Default
=======

- 0

Kconfig definition
==================

.. highlight:: kconfig

At ``kernel/Kconfig:676``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:30``

Menu path: (Top) → General Kernel Options → Security Options

.. parsed-literal::

    config STACK_POINTER_RANDOM
    	int "Initial stack pointer randomization bounds"
    	default 0
    	depends on !\ :option:`STACK_GROWS_UP <CONFIG_STACK_GROWS_UP>` && \ :option:`MULTITHREADING <CONFIG_MULTITHREADING>` && (\ :option:`TEST_RANDOM_GENERATOR <CONFIG_TEST_RANDOM_GENERATOR>` || \ :option:`ENTROPY_HAS_DRIVER <CONFIG_ENTROPY_HAS_DRIVER>`)
    	help
    	  This option performs a limited form of Address Space Layout
    	  Randomization by offsetting some random value to a thread's
    	  initial stack pointer upon creation. This hinders some types of
    	  security attacks by making the location of any given stack frame
    	  non-deterministic.
	  
    	  This feature can waste up to the specified size in bytes the stack
    	  region, which is carved out of the total size of the stack region.
    	  A reasonable minimum value would be around 100 bytes if this can
    	  be spared.
	  
    	  This is currently only implemented for systems whose stack pointers
    	  grow towards lower memory addresses.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*