On Mon, 02 Dec 2024 09:18:10 +0100, Ahmad Fatoum wrote:
> To further harden barebox against attackers, add options to zero
> registers on function exit, buffers on malloc and after free as well as
> local variables.
>
> Additionally, TLSF already has sanity checks, which are promoted to
> panics with CONFIG_BUG_ON_DATA_CORRUPTION enabled.
>
> [...]
Applied, thanks!
[1/5] dlmalloc: add aliases with dl as prefix
https://git.pengutronix.de/cgit/barebox/commit/?id=730ac4ad403c (link may not be stable)
[2/5] hardening: support zeroing all malloc buffers by default
https://git.pengutronix.de/cgit/barebox/commit/?id=0c573b180278 (link may not be stable)
[3/5] hardening: support initializing stack variables by default
https://git.pengutronix.de/cgit/barebox/commit/?id=30edfb0f99f9 (link may not be stable)
[4/5] hardening: support register zeroing on function exit
https://git.pengutronix.de/cgit/barebox/commit/?id=4e3aef3e116a (link may not be stable)
[5/5] tlsf: panic in asserts if CONFIG_BUG_ON_DATA_CORRUPTION=y
https://git.pengutronix.de/cgit/barebox/commit/?id=4b2fd33bf2dd (link may not be stable)
Best regards,
--
Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
