Update KSPP recommendations

config_files/kspp-recommendations/kspp-recommendations-arm.config

@@ -11,6 +11,9 @@ CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_DEBUG_WX=y
 
 # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+# Prior to v4.18, these are:
+#  CONFIG_CC_STACKPROTECTOR=y
+#  CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_STACKPROTECTOR=y
 CONFIG_STACKPROTECTOR_STRONG=y
 
@@ -41,11 +44,15 @@ CONFIG_SECURITY_YAMA=y
 # Perform usercopy bounds checking. (And disable fallback to gain full whitelist enforcement.)
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 
 # Randomize allocator freelists, harden metadata.
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 
+# Randomize high-order page allocation freelist.
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
+
 # Allow allocator validation checking to be enabled (see "slub_debug=P" below).
 CONFIG_SLUB_DEBUG=y
 
@@ -55,6 +62,15 @@ CONFIG_PAGE_POISONING=y
 CONFIG_PAGE_POISONING_NO_SANITY=y
 CONFIG_PAGE_POISONING_ZERO=y
 
+# Wipe slab and page allocations (since v5.3)
+# Instead of "slub_debug=P" and "page_poison=1", a single place can control memory allocation wiping now.
+# The init_on_free is only needed if there is concern about minimizing stale data lifetime.
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
+
+# Initialize all stack variables on function entry. (Clang builds only. For GCC, see CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y below)
+CONFIG_INIT_STACK_ALL=y
+
 # Adds guard pages to kernel stacks (not all architectures support this yet).
 CONFIG_VMAP_STACK=y
 
@@ -113,7 +129,6 @@ CONFIG_MODULE_SIG_SHA512=y
 CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 
-
 # GCC plugins
 
 # Enable GCC Plugins
@@ -123,15 +138,19 @@ CONFIG_GCC_PLUGINS=y
 CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
 
 # Force all structures to be initialized before they are passed to other functions.
+# When building with GCC:
 CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
 
+# Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
+CONFIG_GCC_PLUGIN_STACKLEAK=y
+
 # Randomize the layout of system structures. This may have dramatic performance impact, so
 # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y
 CONFIG_GCC_PLUGIN_RANDSTRUCT=y
 
 
-#arm
+# arm
 
 CONFIG_ARM=y
 

config_files/kspp-recommendations/kspp-recommendations-arm64.config

@@ -11,6 +11,9 @@ CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_DEBUG_WX=y
 
 # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+# Prior to v4.18, these are:
+#  CONFIG_CC_STACKPROTECTOR=y
+#  CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_STACKPROTECTOR=y
 CONFIG_STACKPROTECTOR_STRONG=y
 
@@ -41,11 +44,15 @@ CONFIG_SECURITY_YAMA=y
 # Perform usercopy bounds checking. (And disable fallback to gain full whitelist enforcement.)
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 
 # Randomize allocator freelists, harden metadata.
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 
+# Randomize high-order page allocation freelist.
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
+
 # Allow allocator validation checking to be enabled (see "slub_debug=P" below).
 CONFIG_SLUB_DEBUG=y
 
@@ -55,6 +62,15 @@ CONFIG_PAGE_POISONING=y
 CONFIG_PAGE_POISONING_NO_SANITY=y
 CONFIG_PAGE_POISONING_ZERO=y
 
+# Wipe slab and page allocations (since v5.3)
+# Instead of "slub_debug=P" and "page_poison=1", a single place can control memory allocation wiping now.
+# The init_on_free is only needed if there is concern about minimizing stale data lifetime.
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
+
+# Initialize all stack variables on function entry. (Clang builds only. For GCC, see CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y below)
+CONFIG_INIT_STACK_ALL=y
+
 # Adds guard pages to kernel stacks (not all architectures support this yet).
 CONFIG_VMAP_STACK=y
 
@@ -113,7 +129,6 @@ CONFIG_MODULE_SIG_SHA512=y
 CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 
-
 # GCC plugins
 
 # Enable GCC Plugins
@@ -123,15 +138,19 @@ CONFIG_GCC_PLUGINS=y
 CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
 
 # Force all structures to be initialized before they are passed to other functions.
+# When building with GCC:
 CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
 
+# Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
+CONFIG_GCC_PLUGIN_STACKLEAK=y
+
 # Randomize the layout of system structures. This may have dramatic performance impact, so
 # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y
 CONFIG_GCC_PLUGIN_RANDSTRUCT=y
 
 
-#arm64
+# arm64
 
 CONFIG_ARM64=y
 

config_files/kspp-recommendations/kspp-recommendations-x86-32.config

@@ -11,6 +11,9 @@ CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_DEBUG_WX=y
 
 # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+# Prior to v4.18, these are:
+#  CONFIG_CC_STACKPROTECTOR=y
+#  CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_STACKPROTECTOR=y
 CONFIG_STACKPROTECTOR_STRONG=y
 
@@ -41,11 +44,15 @@ CONFIG_SECURITY_YAMA=y
 # Perform usercopy bounds checking. (And disable fallback to gain full whitelist enforcement.)
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 
 # Randomize allocator freelists, harden metadata.
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 
+# Randomize high-order page allocation freelist.
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
+
 # Allow allocator validation checking to be enabled (see "slub_debug=P" below).
 CONFIG_SLUB_DEBUG=y
 
@@ -55,6 +62,15 @@ CONFIG_PAGE_POISONING=y
 CONFIG_PAGE_POISONING_NO_SANITY=y
 CONFIG_PAGE_POISONING_ZERO=y
 
+# Wipe slab and page allocations (since v5.3)
+# Instead of "slub_debug=P" and "page_poison=1", a single place can control memory allocation wiping now.
+# The init_on_free is only needed if there is concern about minimizing stale data lifetime.
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
+
+# Initialize all stack variables on function entry. (Clang builds only. For GCC, see CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y below)
+CONFIG_INIT_STACK_ALL=y
+
 # Adds guard pages to kernel stacks (not all architectures support this yet).
 CONFIG_VMAP_STACK=y
 
@@ -113,7 +129,6 @@ CONFIG_MODULE_SIG_SHA512=y
 CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 
-
 # GCC plugins
 
 # Enable GCC Plugins
@@ -123,15 +138,18 @@ CONFIG_GCC_PLUGINS=y
 CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
 
 # Force all structures to be initialized before they are passed to other functions.
+# When building with GCC:
 CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
 
+# Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
+CONFIG_GCC_PLUGIN_STACKLEAK=y
+
 # Randomize the layout of system structures. This may have dramatic performance impact, so
 # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y
 CONFIG_GCC_PLUGIN_RANDSTRUCT=y
 
-
-#x86_32
+# x86_32
 
 CONFIG_X86_32=y
 

config_files/kspp-recommendations/kspp-recommendations-x86-64.config

@@ -11,6 +11,9 @@ CONFIG_STRICT_KERNEL_RWX=y
 CONFIG_DEBUG_WX=y
 
 # Use -fstack-protector-strong (gcc 4.9+) for best stack canary coverage.
+# Prior to v4.18, these are:
+#  CONFIG_CC_STACKPROTECTOR=y
+#  CONFIG_CC_STACKPROTECTOR_STRONG=y
 CONFIG_STACKPROTECTOR=y
 CONFIG_STACKPROTECTOR_STRONG=y
 
@@ -41,11 +44,15 @@ CONFIG_SECURITY_YAMA=y
 # Perform usercopy bounds checking. (And disable fallback to gain full whitelist enforcement.)
 CONFIG_HARDENED_USERCOPY=y
 # CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 
 # Randomize allocator freelists, harden metadata.
 CONFIG_SLAB_FREELIST_RANDOM=y
 CONFIG_SLAB_FREELIST_HARDENED=y
 
+# Randomize high-order page allocation freelist.
+CONFIG_SHUFFLE_PAGE_ALLOCATOR=y
+
 # Allow allocator validation checking to be enabled (see "slub_debug=P" below).
 CONFIG_SLUB_DEBUG=y
 
@@ -55,6 +62,15 @@ CONFIG_PAGE_POISONING=y
 CONFIG_PAGE_POISONING_NO_SANITY=y
 CONFIG_PAGE_POISONING_ZERO=y
 
+# Wipe slab and page allocations (since v5.3)
+# Instead of "slub_debug=P" and "page_poison=1", a single place can control memory allocation wiping now.
+# The init_on_free is only needed if there is concern about minimizing stale data lifetime.
+CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
+
+# Initialize all stack variables on function entry. (Clang builds only. For GCC, see CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y below)
+CONFIG_INIT_STACK_ALL=y
+
 # Adds guard pages to kernel stacks (not all architectures support this yet).
 CONFIG_VMAP_STACK=y
 
@@ -113,7 +129,6 @@ CONFIG_MODULE_SIG_SHA512=y
 CONFIG_MODULE_SIG_HASH="sha512"
 CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 
-
 # GCC plugins
 
 # Enable GCC Plugins
@@ -123,9 +138,13 @@ CONFIG_GCC_PLUGINS=y
 CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
 
 # Force all structures to be initialized before they are passed to other functions.
+# When building with GCC:
 CONFIG_GCC_PLUGIN_STRUCTLEAK=y
 CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
 
+# Wipe stack contents on syscall exit (reduces stale data lifetime in stack)
+CONFIG_GCC_PLUGIN_STACKLEAK=y
+
 # Randomize the layout of system structures. This may have dramatic performance impact, so
 # use with caution or also use CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE=y
 CONFIG_GCC_PLUGIN_RANDSTRUCT=y