:orphan:

.. title:: CONFIG_STACK_POINTER_RANDOM

.. kconfig:: CONFIG_STACK_POINTER_RANDOM

CONFIG_STACK_POINTER_RANDOM
###########################

*Initial stack pointer randomization bounds*

Type: ``int``

Help
====

.. code-block:: none

    This option performs a limited form of Address Space Layout
    Randomization by offsetting some random value to a thread's
    initial stack pointer upon creation. This hinders some types of
    security attacks by making the location of any given stack frame
    non-deterministic.

    This feature can waste up to the specified size in bytes the stack
    region, which is carved out of the total size of the stack region.
    A reasonable minimum value would be around 100 bytes if this can
    be spared.

    This is currently only implemented for systems whose stack pointers
    grow towards lower memory addresses.

Direct dependencies
===================

!\ :kconfig:`STACK_GROWS_UP <CONFIG_STACK_GROWS_UP>` && \ :kconfig:`MULTITHREADING <CONFIG_MULTITHREADING>` && (\ :kconfig:`TEST_RANDOM_GENERATOR <CONFIG_TEST_RANDOM_GENERATOR>` || \ :kconfig:`ENTROPY_HAS_DRIVER <CONFIG_ENTROPY_HAS_DRIVER>`)

*(Includes any dependencies from ifs and menus.)*

Default
=======

- 0

Kconfig definition
==================



At ``<Zephyr Kernel>/Kconfig:691``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:40``

Menu path: (Top) → General Kernel Options → Security Options

.. code-block:: kconfig

    config STACK_POINTER_RANDOM
    	int "Initial stack pointer randomization bounds"
    	default 0
    	depends on !STACK_GROWS_UP && MULTITHREADING && (TEST_RANDOM_GENERATOR || ENTROPY_HAS_DRIVER)
    	help
    	  This option performs a limited form of Address Space Layout
    	  Randomization by offsetting some random value to a thread's
    	  initial stack pointer upon creation. This hinders some types of
    	  security attacks by making the location of any given stack frame
    	  non-deterministic.
	  
    	  This feature can waste up to the specified size in bytes the stack
    	  region, which is carved out of the total size of the stack region.
    	  A reasonable minimum value would be around 100 bytes if this can
    	  be spared.
	  
    	  This is currently only implemented for systems whose stack pointers
    	  grow towards lower memory addresses.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*