On Mon, Nov 25, 2024 at 04:20:21PM +0100, Ahmad Fatoum wrote: > dummy malloc doesn't free and all allocations are in freshly sbrk()'d > memory, which already zero. > > +config INIT_ON_ALLOC_DEFAULT_ON > + bool "Enable heap memory zeroing on allocation by default" > + depends on !MALLOC_LIBC > + help > + This has the effect of setting "init_on_alloc=1" on the kernel > + command line. This can be disabled with "init_on_alloc=0". > + When "init_on_alloc" is enabled, all page allocator and slab > + allocator memory will be zeroed when allocated, eliminating > + many kinds of "uninitialized heap memory" flaws, especially > + heap content exposures. The performance impact varies by > + workload, but most cases see <1% impact. Some synthetic > + workloads have measured as high as 7%. > + > +config INIT_ON_FREE_DEFAULT_ON > + bool "Enable heap memory zeroing on free by default" > + depends on !MALLOC_DUMMY && !MALLOC_LIBC > + help > + This has the effect of setting "init_on_free=1" on the kernel > + command line. This can be disabled with "init_on_free=0". > + Similar to "init_on_alloc", when "init_on_free" is enabled, > + all page allocator and slab allocator memory will be zeroed > + when freed, eliminating many kinds of "uninitialized heap memory" > + flaws, especially heap content exposures. The primary difference > + with "init_on_free" is that data lifetime in memory is reduced, > + as anything freed is wiped immediately, making live forensics or > + cold boot memory attacks unable to recover freed memory contents. > + The performance impact varies by workload, but is more expensive > + than "init_on_alloc" due to the negative cache effects of > + touching "cold" memory areas. Most cases see 3-5% impact. Some > + synthetic workloads have measured as high as 8%. These verbatim copies of the kernel help texts do not seem appropriate for barebox. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |