torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code

configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON

Browse Source 
To reduce stale data lifetimes, enable CONFIG_INIT_ON_FREE_DEFAULT_ON as
well. This matches the addition of CONFIG_STACKLEAK=y, which is doing
similar for stack memory.

Link: https://lore.kernel.org/r/20250717232519.2984886-13-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Kees Cook 2025-07-17 16:25:18 -07:00
parent 4c56d9f7e7
commit 437641a72d
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
kernel/configs/hardening.config
View File

@ -60,6 +60,9 @@ CONFIG_LIST_HARDENED=y
# Initialize all heap variables to zero on allocation. # Initialize all heap variables to zero on allocation.
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# Initialize all heap variables to zero on free to reduce stale data lifetime.
CONFIG_INIT_ON_FREE_DEFAULT_ON=y
# Initialize all stack variables to zero on function entry. # Initialize all stack variables to zero on function entry.
CONFIG_INIT_STACK_ALL_ZERO=y CONFIG_INIT_STACK_ALL_ZERO=y