From patchwork Fri Sep 17 11:42:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 4717 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4H9sX56Cdlz3xWd for ; Fri, 17 Sep 2021 11:43:01 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4H9sWl59TBz6nT; Fri, 17 Sep 2021 11:42:43 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4H9sWj6zRNz32L4; Fri, 17 Sep 2021 11:42:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4H9sWh1066z32KL for ; Fri, 17 Sep 2021 11:42:40 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4H9sWh05p0z1Pq; Fri, 17 Sep 2021 11:42:40 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1631878960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wnOsdxLHBF6jdLcMNIyHTqoFFac4yxMnUIHr/ITEd3Q=; b=lsXwkfYL+0SGqYi98IT0XXf/oZZpH+xNh+6BU6h/ezf2qEDFD+VSLOP5dqaprgndy/7mLy wLQb1LRT+u1NIZCA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1631878960; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wnOsdxLHBF6jdLcMNIyHTqoFFac4yxMnUIHr/ITEd3Q=; b=CzNCa4jOJYV+FVnOdc1nCGa2gNc6Atrqs/hfoWVr1OpMjbTjxOge/ZJh2bji1uoT3WiAZ3 iGTWYtTO5IDZA7TXdzph6rtl4lZ39mHePV+lsm/fZ6Sr1DVnTbzePabmTBhnjEaRufp6o+ zw3/RPeuQCvcbruw1zRWC1lVjdgeAC7ufo5CD5PuZ3E6p9zIdv30UAG1FSBAOupGSBmHHX TgJgxw1rRvtngbykhxXrthAiWT2/vkmH7zwLQ+6ym0V2MmbJEHU6bGu3+9JFGg4YQMZID6 uEOOLoeVnLJF1r9gDxNSzFzysjzdKOHPJlc/QfaGSGJiBQhRXzwDJEtg+M9osQ== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 12/13] kernel: Zero-init all stack variables by default Date: Fri, 17 Sep 2021 11:42:28 +0000 Message-Id: <20210917114229.10704-12-michael.tremer@ipfire.org> In-Reply-To: <20210917114229.10704-1-michael.tremer@ipfire.org> References: <20210917114229.10704-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Michael Tremer Acked-by: Peter Müller --- config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.armv6l-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 49ee85970..7ae9f9738 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -7325,7 +7325,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization # end of Kernel hardening options diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire index b11a179e3..33117b0b4 100644 --- a/config/kernel/kernel.config.armv6l-ipfire +++ b/config/kernel/kernel.config.armv6l-ipfire @@ -7416,7 +7416,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization # end of Kernel hardening options diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 65014f41a..aab0cfb25 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -6805,7 +6805,7 @@ CONFIG_GCC_PLUGIN_STRUCTLEAK=y CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y # CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE is not set # CONFIG_GCC_PLUGIN_STACKLEAK is not set -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization # end of Kernel hardening options