Skip to content

Commit

Permalink
ANDROID: gki_defconfig: enable heap and stack initialization.
Browse files Browse the repository at this point in the history 
This patch enables CONFIG_INIT_STACK_ALL=y and
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y, effectively turning on stack and heap
initialization in GKI kernels.

Doing so will help us mitigate information leaks and make code that
depends on uninitialized memory execute deterministically. We'll also
get coverage for the initialization features on the existing kernel
tests.

Bug: 144999193
Change-Id: I40ad526b2e595c84b122b0308d967a3874564252
Signed-off-by: Alexander Potapenko <glider@google.com>
  • Loading branch information
@ramosian-glider
ramosian-glider committed Feb 13, 2020
1 parent 91b8348 commit 236c394
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions arch/arm64/configs/gki_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,8 @@ CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_SECURITY_SELINUX=y
CONFIG_INIT_STACK_ALL=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_CRYPTO_ADIANTUM=y
CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_LZ4=y
Expand Down
2 changes: 2 additions & 0 deletions arch/x86/configs/gki_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,8 @@ CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_SECURITY_SELINUX=y
CONFIG_INIT_STACK_ALL=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
CONFIG_CRYPTO_ADIANTUM=y
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_AES_NI_INTEL=y
Expand Down

0 comments on commit 236c394

Please sign in to comment.