[12/13] kernel: Zero-init all stack variables by default
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/kernel/kernel.config.aarch64-ipfire | 2 +-
config/kernel/kernel.config.armv6l-ipfire | 2 +-
config/kernel/kernel.config.x86_64-ipfire | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Comments
Peter likes this one. :-)
Acked-by: Peter Müller <peter.mueller@ipfire.org>
> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 2 +-
> config/kernel/kernel.config.armv6l-ipfire | 2 +-
> config/kernel/kernel.config.x86_64-ipfire | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 49ee85970..7ae9f9738 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -7325,7 +7325,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
> # end of Memory initialization
> # end of Kernel hardening options
> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
> index b11a179e3..33117b0b4 100644
> --- a/config/kernel/kernel.config.armv6l-ipfire
> +++ b/config/kernel/kernel.config.armv6l-ipfire
> @@ -7416,7 +7416,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
> # end of Memory initialization
> # end of Kernel hardening options
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index 65014f41a..aab0cfb25 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6805,7 +6805,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
> # end of Memory initialization
> # end of Kernel hardening options
>
I thought you would :)
> On 18 Sep 2021, at 17:11, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Peter likes this one. :-)
>
> Acked-by: Peter Müller <peter.mueller@ipfire.org>
>
>
>> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
>> ---
>> config/kernel/kernel.config.aarch64-ipfire | 2 +-
>> config/kernel/kernel.config.armv6l-ipfire | 2 +-
>> config/kernel/kernel.config.x86_64-ipfire | 2 +-
>> 3 files changed, 3 insertions(+), 3 deletions(-)
>> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
>> index 49ee85970..7ae9f9738 100644
>> --- a/config/kernel/kernel.config.aarch64-ipfire
>> +++ b/config/kernel/kernel.config.aarch64-ipfire
>> @@ -7325,7 +7325,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
>> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
>> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
>> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
>> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
>> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
>> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
>> # end of Memory initialization
>> # end of Kernel hardening options
>> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
>> index b11a179e3..33117b0b4 100644
>> --- a/config/kernel/kernel.config.armv6l-ipfire
>> +++ b/config/kernel/kernel.config.armv6l-ipfire
>> @@ -7416,7 +7416,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
>> # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
>> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
>> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
>> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
>> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
>> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
>> # end of Memory initialization
>> # end of Kernel hardening options
>> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
>> index 65014f41a..aab0cfb25 100644
>> --- a/config/kernel/kernel.config.x86_64-ipfire
>> +++ b/config/kernel/kernel.config.x86_64-ipfire
>> @@ -6805,7 +6805,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
>> CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
>> # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
>> # CONFIG_GCC_PLUGIN_STACKLEAK is not set
>> -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
>> +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
>> # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
>> # end of Memory initialization
>> # end of Kernel hardening options
@@ -7325,7 +7325,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
-# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
# end of Memory initialization
# end of Kernel hardening options
@@ -7416,7 +7416,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
-# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
# end of Memory initialization
# end of Kernel hardening options
@@ -6805,7 +6805,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
# CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set
# CONFIG_GCC_PLUGIN_STACKLEAK is not set
-# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set
# end of Memory initialization
# end of Kernel hardening options