CONFIG_INIT_ON_FREE_DEFAULT_ON: Enable heap memory zeroing on free by default

General informations

The Linux kernel configuration item CONFIG_INIT_ON_FREE_DEFAULT_ON:

• prompt: Enable heap memory zeroing on free by default
• type: bool
• depends on: ! CONFIG_KMSAN
• defined in security/Kconfig.hardening
• found in Linux kernels: 5.3–5.19, 6.0–6.12, 6.13-rc+HEAD

Help text

This has the effect of setting "init_on_free=1" on the kernel command line. This can be disabled with "init_on_free=0". Similar to "init_on_alloc", when "init_on_free" is enabled, all page allocator and slab allocator memory will be zeroed when freed, eliminating many kinds of "uninitialized heap memory" flaws, especially heap content exposures. The primary difference with "init_on_free" is that data lifetime in memory is reduced, as anything freed is wiped immediately, making live forensics or cold boot memory attacks unable to recover freed memory contents. The performance impact varies by workload, but is more expensive than "init_on_alloc" due to the negative cache effects of touching "cold" memory areas. Most cases see 3-5% impact. Some synthetic workloads have measured as high as 8%.

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: