All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nick Desaulniers <ndesaulniers@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: Nathan Chancellor <nathan@kernel.org>,
	Will Deacon <will@kernel.org>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	"Gustavo A . R . Silva" <gustavoars@kernel.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [PATCH] hardening: Default to INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO
Date: Tue, 14 Sep 2021 12:22:24 -0700	[thread overview]
Message-ID: <CAKwvOdmP6mYwZ+0Z5iXFv5dtd_96SxYsUn469ZC=C=SFw-Hs-A@mail.gmail.com> (raw)
In-Reply-To: <202109141214.630BB3A@keescook>

On Tue, Sep 14, 2021 at 12:14 PM Kees Cook <keescook@chromium.org> wrote:
>
> On Tue, Sep 14, 2021 at 11:53:38AM -0700, Nick Desaulniers wrote:
> > Rather than create 2 new kconfigs with 1 new invocation of the
> > compiler via cc-option, how about just adding an `ifdef
> > CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to
> > `KBUILD_CFLAGS` in the top level Makefile?
>
> v2:

LGTM
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

I think the formal patch should have Will's Suggested-by on it.

>
> diff --git a/Makefile b/Makefile
> index 34a0afc3a8eb..72d165ffabdb 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -831,12 +831,12 @@ endif
>
>  # Initialize all stack variables with a zero value.
>  ifdef CONFIG_INIT_STACK_ALL_ZERO
> -# Future support for zero initialization is still being debated, see
> -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being
> -# renamed or dropped.
>  KBUILD_CFLAGS  += -ftrivial-auto-var-init=zero
> +ifdef CONFIG_CC_IS_CLANG
> +# https://bugs.llvm.org/show_bug.cgi?id=45497
>  KBUILD_CFLAGS  += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
>  endif
> +endif
>
>  # While VLAs have been removed, GCC produces unreachable stack probes
>  # for the randomize_kstack_offset feature. Disable it for all compilers.
> diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> index 90cbaff86e13..ded17b8abce2 100644
> --- a/security/Kconfig.hardening
> +++ b/security/Kconfig.hardening
> @@ -23,13 +23,16 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN
>         def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
>
>  config CC_HAS_AUTO_VAR_INIT_ZERO
> +       # GCC ignores the -enable flag, so we can test for the feature with
> +       # a single invocation using the flag, but drop it as appropriate in
> +       # the Makefile, depending on the presence of Clang.
>         def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
>
>  choice
>         prompt "Initialize kernel stack variables at function entry"
>         default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
>         default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
> -       default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN
> +       default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO
>         default INIT_STACK_NONE
>         help
>           This option enables initialization of stack variables at
>
> --
> Kees Cook



-- 
Thanks,
~Nick Desaulniers

  reply	other threads:[~2021-09-14 19:22 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-14 10:28 [PATCH] hardening: Default to INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO Will Deacon
2021-09-14 15:58 ` Nathan Chancellor
2021-09-14 17:21   ` Kees Cook
2021-09-14 18:53     ` Nick Desaulniers
2021-09-14 19:09       ` Kees Cook
2021-09-14 19:14       ` Kees Cook
2021-09-14 19:22         ` Nick Desaulniers [this message]
2021-09-14 19:36         ` Nathan Chancellor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAKwvOdmP6mYwZ+0Z5iXFv5dtd_96SxYsUn469ZC=C=SFw-Hs-A@mail.gmail.com' \
    --to=ndesaulniers@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=gustavoars@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=nathan@kernel.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.