Automatic variable initialization updates for v5.9-rc1
- Introduce CONFIG_INIT_STACK_ALL_ZERO (Alexander Potapenko) -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAl8oXX4WHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJt/FD/wJISl6Va3UvJrwGWcjLqb3iQh/ 38Nq7LV9ysUStpi5ibxhiB95uawFtAUsBLKyBKLtOERUz5RXiHrR9MI4UWNPBgNc 7/H5ZAkkD21LpzC76FH+a4SWQp1kQTiyu/iONn03LE8p4vSwSVZzoGqA1r4fpzGY Np++2Ym/bzWV7R0Xdq/LI5oH9109dm75PhcCqCZPAtlIq+USXpyNAozimgREplVl /clYmj7oruoRYiF5uheOlbpCEXYlybwVHfDKE2Uh5IcXcpm3OYZU9HEK5ot5oudJ Z7bIcMeS2mMtSH/hhyjFbi0cZBVtJFc9exHRmuiDiYzNkWzaT2/5xAMUzw65q7Yk BTpr5AU+nkVQwuAmkN3AyBLrqQYyhWL0+xnWRmbbjt2yoqCx5x3AyxaBgHDV4vgF sTNhczFQdGqhlmvbxOw93PARV+lU9pozcc6b8TpXVdsE+bFFN5mBuRljIOTCRvke yxFsLF9olfNB3CXTHXAWLC/RuqdH/Vk7zC0vS34tlmvWgVC07P9QXyWciqcldAgL BsFXsRt6bRvOukyunhRfQkLVRxsOCLhQuYC33cRX9xY9vwCkM5v6TQH5WRcfxK7Q swujqqvozYZ/njblBTeagg8sGg0OiqxpCvJZD6qA6s1mO3lG58CDqqwxd4DemIDF /BxVarzUtmvBuiMBSQ== =c2Rf -----END PGP SIGNATURE----- Merge tag 'var-init-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull automatic variable initialization updates from Kees Cook: "This adds the "zero" init option from Clang, which is being used widely in production builds of Android and Chrome OS (though it also keeps the "pattern" init, which is better for debug builds). - Introduce CONFIG_INIT_STACK_ALL_ZERO (Alexander Potapenko)" * tag 'var-init-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: security: allow using Clang's zero initialization for stack variables
This commit is contained in:
commit
5b5d3be5d6
13
Makefile
13
Makefile
|
@ -803,11 +803,20 @@ KBUILD_CFLAGS += -fomit-frame-pointer
|
|||
endif
|
||||
endif
|
||||
|
||||
# Initialize all stack variables with a pattern, if desired.
|
||||
ifdef CONFIG_INIT_STACK_ALL
|
||||
# Initialize all stack variables with a 0xAA pattern.
|
||||
ifdef CONFIG_INIT_STACK_ALL_PATTERN
|
||||
KBUILD_CFLAGS += -ftrivial-auto-var-init=pattern
|
||||
endif
|
||||
|
||||
# Initialize all stack variables with a zero value.
|
||||
ifdef CONFIG_INIT_STACK_ALL_ZERO
|
||||
# Future support for zero initialization is still being debated, see
|
||||
# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being
|
||||
# renamed or dropped.
|
||||
KBUILD_CFLAGS += -ftrivial-auto-var-init=zero
|
||||
KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
|
||||
endif
|
||||
|
||||
DEBUG_CFLAGS := $(call cc-option, -fno-var-tracking-assignments)
|
||||
|
||||
ifdef CONFIG_DEBUG_INFO
|
||||
|
|
12
init/main.c
12
init/main.c
|
@ -779,14 +779,16 @@ static void __init report_meminit(void)
|
|||
{
|
||||
const char *stack;
|
||||
|
||||
if (IS_ENABLED(CONFIG_INIT_STACK_ALL))
|
||||
stack = "all";
|
||||
if (IS_ENABLED(CONFIG_INIT_STACK_ALL_PATTERN))
|
||||
stack = "all(pattern)";
|
||||
else if (IS_ENABLED(CONFIG_INIT_STACK_ALL_ZERO))
|
||||
stack = "all(zero)";
|
||||
else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL))
|
||||
stack = "byref_all";
|
||||
stack = "byref_all(zero)";
|
||||
else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF))
|
||||
stack = "byref";
|
||||
stack = "byref(zero)";
|
||||
else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER))
|
||||
stack = "__user";
|
||||
stack = "__user(zero)";
|
||||
else
|
||||
stack = "off";
|
||||
|
||||
|
|
|
@ -19,13 +19,16 @@ config GCC_PLUGIN_STRUCTLEAK
|
|||
|
||||
menu "Memory initialization"
|
||||
|
||||
config CC_HAS_AUTO_VAR_INIT
|
||||
config CC_HAS_AUTO_VAR_INIT_PATTERN
|
||||
def_bool $(cc-option,-ftrivial-auto-var-init=pattern)
|
||||
|
||||
config CC_HAS_AUTO_VAR_INIT_ZERO
|
||||
def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)
|
||||
|
||||
choice
|
||||
prompt "Initialize kernel stack variables at function entry"
|
||||
default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
|
||||
default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT
|
||||
default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
|
||||
default INIT_STACK_NONE
|
||||
help
|
||||
This option enables initialization of stack variables at
|
||||
|
@ -88,9 +91,9 @@ choice
|
|||
of uninitialized stack variable exploits and information
|
||||
exposures.
|
||||
|
||||
config INIT_STACK_ALL
|
||||
config INIT_STACK_ALL_PATTERN
|
||||
bool "0xAA-init everything on the stack (strongest)"
|
||||
depends on CC_HAS_AUTO_VAR_INIT
|
||||
depends on CC_HAS_AUTO_VAR_INIT_PATTERN
|
||||
help
|
||||
Initializes everything on the stack with a 0xAA
|
||||
pattern. This is intended to eliminate all classes
|
||||
|
@ -98,6 +101,24 @@ choice
|
|||
exposures, even variables that were warned to have been
|
||||
left uninitialized.
|
||||
|
||||
Pattern initialization is known to provoke many existing bugs
|
||||
related to uninitialized locals, e.g. pointers receive
|
||||
non-NULL values, buffer sizes and indices are very big.
|
||||
|
||||
config INIT_STACK_ALL_ZERO
|
||||
bool "zero-init everything on the stack (strongest and safest)"
|
||||
depends on CC_HAS_AUTO_VAR_INIT_ZERO
|
||||
help
|
||||
Initializes everything on the stack with a zero
|
||||
value. This is intended to eliminate all classes
|
||||
of uninitialized stack variable exploits and information
|
||||
exposures, even variables that were warned to have been
|
||||
left uninitialized.
|
||||
|
||||
Zero initialization provides safe defaults for strings,
|
||||
pointers, indices and sizes, and is therefore
|
||||
more suitable as a security mitigation measure.
|
||||
|
||||
endchoice
|
||||
|
||||
config GCC_PLUGIN_STRUCTLEAK_VERBOSE
|
||||
|
|
Loading…
Reference in New Issue