[OS-BUILD PATCHv2] redhat/configs: Enable CONFIG_INIT_STACK_ALL_ZERO for RHEL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

redhat/configs: Enable CONFIG_INIT_STACK_ALL_ZERO for RHEL

CONFIG_INIT_STACK_ALL_ZERO is a hardening feature which is "intended to
eliminate all classes of uninitialized stack variable exploits and
information exposures."

Recent internal benchmark testing has shown negligible performance
impact.

It's already enabled for Fedora.  Enable it for RHEL.

Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO
rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO
rename to redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO
index blahblah..blahblah 100644
--- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO
+++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO
diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE
rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE
rename to redhat/configs/common/generic/CONFIG_INIT_STACK_NONE
index blahblah..blahblah 100644
--- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE
+++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE
diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO
+++ /dev/null
@@ -1 +0,0 @@
-# CONFIG_INIT_STACK_ALL_ZERO is not set
diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE
deleted file mode 100644
index blahblah..blahblah 0
--- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_INIT_STACK_NONE=y

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2400
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux