From: Josh Poimboeuf jpoimboe@redhat.com
redhat/configs: Enable CONFIG_INIT_STACK_ALL_ZERO for RHEL
CONFIG_INIT_STACK_ALL_ZERO is a hardening feature which is "intended to eliminate all classes of uninitialized stack variable exploits and information exposures."
Recent internal benchmark testing has shown negligible performance impact.
It's already enabled for Fedora. Enable it for RHEL.
Signed-off-by: Josh Poimboeuf jpoimboe@redhat.com
diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO rename to redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO index blahblah..blahblah 100644 --- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO +++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE rename to redhat/configs/common/generic/CONFIG_INIT_STACK_NONE index blahblah..blahblah 100644 --- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE +++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_INIT_STACK_ALL_ZERO is not set diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INIT_STACK_NONE=y
-- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2400