From: Josh Poimboeuf <[email protected]> redhat/configs: Enable CONFIG_INIT_STACK_ALL_ZERO for RHEL
CONFIG_INIT_STACK_ALL_ZERO is a hardening feature which is "intended to eliminate all classes of uninitialized stack variable exploits and information exposures." Recent internal benchmark testing has shown negligible performance impact. It's already enabled for Fedora. Enable it for RHEL. Signed-off-by: Josh Poimboeuf <[email protected]> diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO rename to redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO index blahblah..blahblah 100644 --- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_ALL_ZERO +++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_ALL_ZERO diff --git a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE rename from redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE rename to redhat/configs/common/generic/CONFIG_INIT_STACK_NONE index blahblah..blahblah 100644 --- a/redhat/configs/fedora/generic/CONFIG_INIT_STACK_NONE +++ b/redhat/configs/common/generic/CONFIG_INIT_STACK_NONE diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_ALL_ZERO +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_INIT_STACK_ALL_ZERO is not set diff --git a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE b/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/rhel/generic/CONFIG_INIT_STACK_NONE +++ /dev/null @@ -1 +0,0 @@ -CONFIG_INIT_STACK_NONE=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2400 _______________________________________________ kernel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
