summaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2019-11-16 08:19:55 +0000
committersegfault <segfault@riseup.net>2020-01-05 20:01:16 +0100
commit360a8abc3ae2c2c8ffa0cf93ec5c617c77dbacb2 (patch)
treed248b4ac69613d67d7ae2a6286a7da35722d8ef4 /config
parent55793bf75bdf014b9f99f8baf5819f17cb8cb01c (diff)
Zero heap memory at allocation time and at free time (refs: #17236)
These options are "aimed at preventing possible information leaks and making the control-flow bugs that depend on uninitialized values more deterministic"¹. All kmalloc()s effectively become kzalloc()s and all kfree()s effectively become kzfree()s². In passing, apart of the defense-in-depth security benefits intended by the authors of this Linux feature, init_on_free=1 may ensure we clean more kernel memory at shutdown time. Benchmarks show: * a negligible performance hit with init_on_alloc=1 * a 7-25% performance hit with init_on_free=1 Let's see if/how this affects our use cases. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6471384af2a6530696fc0203bafe4de41a23c9ef [2] https://outflux.net/blog/archives/2019/11/14/security-things-in-linux-v5-3/
Diffstat (limited to 'config')
-rw-r--r--config/amnesia2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/amnesia b/config/amnesia
index 9f0a650..0a2c5e3 100644
--- a/config/amnesia
+++ b/config/amnesia
@@ -17,7 +17,7 @@ export SOURCE_DATE_FAKETIME="$(date --utc --date="$(dpkg-parsechangelog --show-f
# Base for the string that will be passed to "lb config --bootappend-live"
# FIXME: see [[bugs/sdmem_on_eject_broken_for_CD]] for explanation why we
# need to set block.events_dfl_poll_msecs
-AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 mds=full,nosmt union=aufs"
+AMNESIA_APPEND="live-media=removable nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_alloc=1 init_on_free=1 mds=full,nosmt union=aufs"
# Options passed to isohybrid
AMNESIA_ISOHYBRID_OPTS="-h 255 -s 63 --id 42 --verbose"