archive/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-08-15 14:11:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON

Browse source 
To reduce stale data lifetimes, enable CONFIG_INIT_ON_FREE_DEFAULT_ON as
well. This matches the addition of CONFIG_STACKLEAK=y, which is doing
similar for stack memory.

Link: https://lore.kernel.org/r/20250717232519.2984886-13-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Kees Cook 2025-07-17 16:25:18 -07:00
parent 4c56d9f7e7
commit 437641a72d
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
kernel/configs/hardening.config
View file

@ -60,6 +60,9 @@ CONFIG_LIST_HARDENED=y
# Initialize all heap variables to zero on allocation.
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
# Initialize all heap variables to zero on free to reduce stale data lifetime.
CONFIG_INIT_ON_FREE_DEFAULT_ON=y
# Initialize all stack variables to zero on function entry.
CONFIG_INIT_STACK_ALL_ZERO=y