^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) menu "Kernel hardening options"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) config GCC_PLUGIN_STRUCTLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) bool
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) While the kernel is built with warnings enabled for any missed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) stack variable initializations, this warning is silenced for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) anything passed by reference to another function, under the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) occasionally misguided assumption that the function will do
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) the initialization. As this regularly leads to exploitable
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) flaws, this plugin is available to identify and zero-initialize
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) such variables, depending on the chosen level of coverage.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) This plugin was originally ported from grsecurity/PaX. More
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) information at:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) * https://grsecurity.net/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) * https://pax.grsecurity.net/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) menu "Memory initialization"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) config CC_HAS_AUTO_VAR_INIT_PATTERN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) config CC_HAS_AUTO_VAR_INIT_ZERO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) choice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) prompt "Initialize kernel stack variables at function entry"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) default INIT_STACK_NONE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) This option enables initialization of stack variables at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) function entry time. This has the possibility to have the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) greatest coverage (since all functions can have their
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) variables initialized), but the performance impact depends
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) on the function calling complexity of a given workload's
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) syscalls.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) This chooses the level of coverage over classes of potentially
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) uninitialized variables. The selected class will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) initialized before use in a function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) config INIT_STACK_NONE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) bool "no automatic initialization (weakest)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) Disable automatic stack variable initialization.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) This leaves the kernel vulnerable to the standard
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) classes of uninitialized stack variable exploits
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) and information exposures.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) config GCC_PLUGIN_STRUCTLEAK_USER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) bool "zero-init structs marked for userspace (weak)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) depends on GCC_PLUGINS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) select GCC_PLUGIN_STRUCTLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) Zero-initialize any structures on the stack containing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) a __user attribute. This can prevent some classes of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) uninitialized stack variable exploits and information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) exposures, like CVE-2013-2141:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) https://git.kernel.org/linus/b9e146d8eb3b9eca
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) config GCC_PLUGIN_STRUCTLEAK_BYREF
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) bool "zero-init structs passed by reference (strong)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) depends on GCC_PLUGINS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) depends on !(KASAN && KASAN_STACK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) select GCC_PLUGIN_STRUCTLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) Zero-initialize any structures on the stack that may
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) be passed by reference and had not already been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) explicitly initialized. This can prevent most classes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) of uninitialized stack variable exploits and information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) exposures, like CVE-2017-1000410:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) https://git.kernel.org/linus/06e7e776ca4d3654
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) As a side-effect, this keeps a lot of variables on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) stack that can otherwise be optimized out, so combining
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) this with CONFIG_KASAN_STACK can lead to a stack overflow
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) and is disallowed.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) config GCC_PLUGIN_STRUCTLEAK_BYREF_ALL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) bool "zero-init anything passed by reference (very strong)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) depends on GCC_PLUGINS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) depends on !(KASAN && KASAN_STACK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) select GCC_PLUGIN_STRUCTLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) Zero-initialize any stack variables that may be passed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) by reference and had not already been explicitly
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) initialized. This is intended to eliminate all classes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) of uninitialized stack variable exploits and information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) exposures.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) config INIT_STACK_ALL_PATTERN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) bool "0xAA-init everything on the stack (strongest)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) depends on CC_HAS_AUTO_VAR_INIT_PATTERN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) Initializes everything on the stack with a 0xAA
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) pattern. This is intended to eliminate all classes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) of uninitialized stack variable exploits and information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) exposures, even variables that were warned to have been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) left uninitialized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) Pattern initialization is known to provoke many existing bugs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) related to uninitialized locals, e.g. pointers receive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) non-NULL values, buffer sizes and indices are very big.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) config INIT_STACK_ALL_ZERO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) bool "zero-init everything on the stack (strongest and safest)"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) depends on CC_HAS_AUTO_VAR_INIT_ZERO
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) Initializes everything on the stack with a zero
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) value. This is intended to eliminate all classes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) of uninitialized stack variable exploits and information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) exposures, even variables that were warned to have been
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) left uninitialized.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) Zero initialization provides safe defaults for strings,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) pointers, indices and sizes, and is therefore
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) more suitable as a security mitigation measure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) endchoice
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) config GCC_PLUGIN_STRUCTLEAK_VERBOSE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) bool "Report forcefully initialized variables"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) depends on GCC_PLUGIN_STRUCTLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) depends on !COMPILE_TEST # too noisy
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) This option will cause a warning to be printed each time the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) structleak plugin finds a variable it thinks needs to be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) initialized. Since not all existing initializers are detected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) by the plugin, this can produce false positive warnings.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) config GCC_PLUGIN_STACKLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) bool "Poison kernel stack before returning from syscalls"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) depends on GCC_PLUGINS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) depends on HAVE_ARCH_STACKLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) This option makes the kernel erase the kernel stack before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) returning from system calls. This has the effect of leaving
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) the stack initialized to the poison value, which both reduces
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) the lifetime of any sensitive stack contents and reduces
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) potential for uninitialized stack variable exploits or information
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) exposures (it does not cover functions reaching the same stack
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) depth as prior functions during the same syscall). This blocks
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) most uninitialized stack variable attacks, with the performance
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) impact being driven by the depth of the stack usage, rather than
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) the function calling complexity.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) The performance impact on a single CPU system kernel compilation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) sees a 1% slowdown, other systems and workloads may vary and you
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) are advised to test this feature on your expected workload before
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) deploying it.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) This plugin was ported from grsecurity/PaX. More information at:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) * https://grsecurity.net/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) * https://pax.grsecurity.net/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) config STACKLEAK_TRACK_MIN_SIZE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) int "Minimum stack frame size of functions tracked by STACKLEAK"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) default 100
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) range 0 4096
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) depends on GCC_PLUGIN_STACKLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) The STACKLEAK gcc plugin instruments the kernel code for tracking
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) the lowest border of the kernel stack (and for some other purposes).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) It inserts the stackleak_track_stack() call for the functions with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) a stack frame size greater than or equal to this parameter.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) If unsure, leave the default value 100.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) config STACKLEAK_METRICS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) bool "Show STACKLEAK metrics in the /proc file system"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) depends on GCC_PLUGIN_STACKLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) depends on PROC_FS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) If this is set, STACKLEAK metrics for every task are available in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) the /proc file system. In particular, /proc/<pid>/stack_depth
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) shows the maximum kernel stack consumption for the current and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) previous syscalls. Although this information is not precise, it
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) can be useful for estimating the STACKLEAK performance impact for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) your workloads.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) config STACKLEAK_RUNTIME_DISABLE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) bool "Allow runtime disabling of kernel stack erasing"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) depends on GCC_PLUGIN_STACKLEAK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) This option provides 'stack_erasing' sysctl, which can be used in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) runtime to control kernel stack erasing for kernels built with
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) CONFIG_GCC_PLUGIN_STACKLEAK.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) config INIT_ON_ALLOC_DEFAULT_ON
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) bool "Enable heap memory zeroing on allocation by default"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) This has the effect of setting "init_on_alloc=1" on the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) command line. This can be disabled with "init_on_alloc=0".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) When "init_on_alloc" is enabled, all page allocator and slab
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) allocator memory will be zeroed when allocated, eliminating
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) many kinds of "uninitialized heap memory" flaws, especially
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) heap content exposures. The performance impact varies by
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) workload, but most cases see <1% impact. Some synthetic
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) workloads have measured as high as 7%.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) config INIT_ON_FREE_DEFAULT_ON
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) bool "Enable heap memory zeroing on free by default"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) This has the effect of setting "init_on_free=1" on the kernel
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) command line. This can be disabled with "init_on_free=0".
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) Similar to "init_on_alloc", when "init_on_free" is enabled,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) all page allocator and slab allocator memory will be zeroed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) when freed, eliminating many kinds of "uninitialized heap memory"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) flaws, especially heap content exposures. The primary difference
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) with "init_on_free" is that data lifetime in memory is reduced,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) as anything freed is wiped immediately, making live forensics or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) cold boot memory attacks unable to recover freed memory contents.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) The performance impact varies by workload, but is more expensive
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) than "init_on_alloc" due to the negative cache effects of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) touching "cold" memory areas. Most cases see 3-5% impact. Some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) synthetic workloads have measured as high as 8%.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) endmenu
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) endmenu
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags