| Message ID | 20210914102837.6172-1-will@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hardening: Default to INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO | expand |
On 9/14/2021 3:28 AM, Will Deacon wrote: > CC_HAS_AUTO_VAR_INIT_ZERO requires a supported set of compiler options > distinct from those needed by CC_HAS_AUTO_VAR_INIT_PATTERN, Fix up > the Kconfig dependency for INIT_STACK_ALL_ZERO to test for the former > instead of the latter, as these are the options passed by the top-level > Makefile. > > Cc: Kees Cook <keescook@chromium.org> > Cc: Nathan Chancellor <nathan@kernel.org> > Cc: Nick Desaulniers <ndesaulniers@google.com> > Cc: Gustavo A. R. Silva <gustavoars@kernel.org> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") > Signed-off-by: Will Deacon <will@kernel.org> Reviewed-by: Nathan Chancellor <nathan@kernel.org> One comment below. > --- > > I just noticed this while reading the code and I suspect it doesn't really > matter in practice. > > security/Kconfig.hardening | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 90cbaff86e13..341e2fdcba94 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -29,7 +29,7 @@ choice > prompt "Initialize kernel stack variables at function entry" > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > default INIT_STACK_NONE > help > This option enables initialization of stack variables at > While I think this change is correct in and of itself, CONFIG_INIT_STACK_ALL_ZERO is broken with GCC 12.x, as CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO won't be set even though GCC now supports -ftrivial-auto-var-init=zero because GCC does not implement the -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang flag for obvious reasons ;) the cc-option call probably needs to be adjusted. Cheers, Nathan
On Tue, Sep 14, 2021 at 08:58:12AM -0700, Nathan Chancellor wrote: > On 9/14/2021 3:28 AM, Will Deacon wrote: > > CC_HAS_AUTO_VAR_INIT_ZERO requires a supported set of compiler options > > distinct from those needed by CC_HAS_AUTO_VAR_INIT_PATTERN, Fix up > > the Kconfig dependency for INIT_STACK_ALL_ZERO to test for the former > > instead of the latter, as these are the options passed by the top-level > > Makefile. > > > > Cc: Kees Cook <keescook@chromium.org> > > Cc: Nathan Chancellor <nathan@kernel.org> > > Cc: Nick Desaulniers <ndesaulniers@google.com> > > Cc: Gustavo A. R. Silva <gustavoars@kernel.org> > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") > > Signed-off-by: Will Deacon <will@kernel.org> > > Reviewed-by: Nathan Chancellor <nathan@kernel.org> > > One comment below. > > > --- > > > > I just noticed this while reading the code and I suspect it doesn't really > > matter in practice. > > > > security/Kconfig.hardening | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > > index 90cbaff86e13..341e2fdcba94 100644 > > --- a/security/Kconfig.hardening > > +++ b/security/Kconfig.hardening > > @@ -29,7 +29,7 @@ choice > > prompt "Initialize kernel stack variables at function entry" > > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > > default INIT_STACK_NONE > > help > > This option enables initialization of stack variables at > > > > While I think this change is correct in and of itself, > CONFIG_INIT_STACK_ALL_ZERO is broken with GCC 12.x, as > CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO won't be set even though GCC now supports > -ftrivial-auto-var-init=zero because GCC does not implement the > -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > flag for obvious reasons ;) the cc-option call probably needs to be > adjusted. GCC silently ignores the -enable flag, so things actually work correctly as-is. But, yes, it makes the command line long and doesn't make sense. How about we do this instead: diff --git a/Makefile b/Makefile index 34a0afc3a8eb..34439deac939 100644 --- a/Makefile +++ b/Makefile @@ -831,12 +831,11 @@ endif # Initialize all stack variables with a zero value. ifdef CONFIG_INIT_STACK_ALL_ZERO -# Future support for zero initialization is still being debated, see -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being -# renamed or dropped. KBUILD_CFLAGS += -ftrivial-auto-var-init=zero +ifdef CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang endif +endif # While VLAs have been removed, GCC produces unreachable stack probes # for the randomize_kstack_offset feature. Disable it for all compilers. diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 90cbaff86e13..beea81df3081 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -22,14 +22,22 @@ menu "Memory initialization" config CC_HAS_AUTO_VAR_INIT_PATTERN def_bool $(cc-option,-ftrivial-auto-var-init=pattern) +config CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE + def_bool $(cc-option,-ftrivial-auto-var-init=zero) + +config CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE + # https://bugs.llvm.org/show_bug.cgi?id=45497 + def_bool !CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE && \ + $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) + config CC_HAS_AUTO_VAR_INIT_ZERO - def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) + def_bool CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE || CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE choice prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO default INIT_STACK_NONE help This option enables initialization of stack variables at
`On Tue, Sep 14, 2021 at 10:21 AM Kees Cook <keescook@chromium.org> wrote: > > On Tue, Sep 14, 2021 at 08:58:12AM -0700, Nathan Chancellor wrote: > > On 9/14/2021 3:28 AM, Will Deacon wrote: > > > CC_HAS_AUTO_VAR_INIT_ZERO requires a supported set of compiler options > > > distinct from those needed by CC_HAS_AUTO_VAR_INIT_PATTERN, Fix up > > > the Kconfig dependency for INIT_STACK_ALL_ZERO to test for the former > > > instead of the latter, as these are the options passed by the top-level > > > Makefile. > > > > > > Cc: Kees Cook <keescook@chromium.org> > > > Cc: Nathan Chancellor <nathan@kernel.org> > > > Cc: Nick Desaulniers <ndesaulniers@google.com> > > > Cc: Gustavo A. R. Silva <gustavoars@kernel.org> > > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > > Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") > > > Signed-off-by: Will Deacon <will@kernel.org> > > > > Reviewed-by: Nathan Chancellor <nathan@kernel.org> > > > > One comment below. > > > > > --- > > > > > > I just noticed this while reading the code and I suspect it doesn't really > > > matter in practice. > > > > > > security/Kconfig.hardening | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > > > index 90cbaff86e13..341e2fdcba94 100644 > > > --- a/security/Kconfig.hardening > > > +++ b/security/Kconfig.hardening > > > @@ -29,7 +29,7 @@ choice > > > prompt "Initialize kernel stack variables at function entry" > > > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > > > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > > > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > > > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > > > default INIT_STACK_NONE > > > help > > > This option enables initialization of stack variables at > > > > > > > While I think this change is correct in and of itself, > > CONFIG_INIT_STACK_ALL_ZERO is broken with GCC 12.x, as > > CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO won't be set even though GCC now supports > > -ftrivial-auto-var-init=zero because GCC does not implement the > > -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > > flag for obvious reasons ;) the cc-option call probably needs to be > > adjusted. > > GCC silently ignores the -enable flag, so things actually work correctly > as-is. So then would that mean that CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE evaluates to true then, in your patch below? Rather than create 2 new kconfigs with 1 new invocation of the compiler via cc-option, how about just adding an `ifdef CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to `KBUILD_CFLAGS` in the top level Makefile? > But, yes, it makes the command line long and doesn't make sense. > How about we do this instead: > > diff --git a/Makefile b/Makefile > index 34a0afc3a8eb..34439deac939 100644 > --- a/Makefile > +++ b/Makefile > @@ -831,12 +831,11 @@ endif > > # Initialize all stack variables with a zero value. > ifdef CONFIG_INIT_STACK_ALL_ZERO > -# Future support for zero initialization is still being debated, see > -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being > -# renamed or dropped. > KBUILD_CFLAGS += -ftrivial-auto-var-init=zero > +ifdef CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE > KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > endif > +endif > > # While VLAs have been removed, GCC produces unreachable stack probes > # for the randomize_kstack_offset feature. Disable it for all compilers. > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 90cbaff86e13..beea81df3081 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -22,14 +22,22 @@ menu "Memory initialization" > config CC_HAS_AUTO_VAR_INIT_PATTERN > def_bool $(cc-option,-ftrivial-auto-var-init=pattern) > > +config CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE > + def_bool $(cc-option,-ftrivial-auto-var-init=zero) > + > +config CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE > + # https://bugs.llvm.org/show_bug.cgi?id=45497 > + def_bool !CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE && \ > + $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) > + > config CC_HAS_AUTO_VAR_INIT_ZERO > - def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) > + def_bool CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE || CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE > > choice > prompt "Initialize kernel stack variables at function entry" > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > default INIT_STACK_NONE > help > This option enables initialization of stack variables at > > > > -- > Kees Cook
On Tue, Sep 14, 2021 at 11:53:38AM -0700, Nick Desaulniers wrote: > `On Tue, Sep 14, 2021 at 10:21 AM Kees Cook <keescook@chromium.org> wrote: > > > > On Tue, Sep 14, 2021 at 08:58:12AM -0700, Nathan Chancellor wrote: > > > On 9/14/2021 3:28 AM, Will Deacon wrote: > > > > CC_HAS_AUTO_VAR_INIT_ZERO requires a supported set of compiler options > > > > distinct from those needed by CC_HAS_AUTO_VAR_INIT_PATTERN, Fix up > > > > the Kconfig dependency for INIT_STACK_ALL_ZERO to test for the former > > > > instead of the latter, as these are the options passed by the top-level > > > > Makefile. > > > > > > > > Cc: Kees Cook <keescook@chromium.org> > > > > Cc: Nathan Chancellor <nathan@kernel.org> > > > > Cc: Nick Desaulniers <ndesaulniers@google.com> > > > > Cc: Gustavo A. R. Silva <gustavoars@kernel.org> > > > > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > > > > Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") > > > > Signed-off-by: Will Deacon <will@kernel.org> > > > > > > Reviewed-by: Nathan Chancellor <nathan@kernel.org> > > > > > > One comment below. > > > > > > > --- > > > > > > > > I just noticed this while reading the code and I suspect it doesn't really > > > > matter in practice. > > > > > > > > security/Kconfig.hardening | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > > > > index 90cbaff86e13..341e2fdcba94 100644 > > > > --- a/security/Kconfig.hardening > > > > +++ b/security/Kconfig.hardening > > > > @@ -29,7 +29,7 @@ choice > > > > prompt "Initialize kernel stack variables at function entry" > > > > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > > > > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > > > > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > > > > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > > > > default INIT_STACK_NONE > > > > help > > > > This option enables initialization of stack variables at > > > > > > > > > > While I think this change is correct in and of itself, > > > CONFIG_INIT_STACK_ALL_ZERO is broken with GCC 12.x, as > > > CONFIG_CC_HAS_AUTO_VAR_INIT_ZERO won't be set even though GCC now supports > > > -ftrivial-auto-var-init=zero because GCC does not implement the > > > -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > > > flag for obvious reasons ;) the cc-option call probably needs to be > > > adjusted. > > > > GCC silently ignores the -enable flag, so things actually work correctly > > as-is. > > So then would that mean that CC_HAS_AUTO_VAR_INIT_ZERO_WITH_ENABLE > evaluates to true then, in your patch below? No, I exclude it based on the results from CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE. here: > > + def_bool !CC_HAS_AUTO_VAR_INIT_ZERO_WITHOUT_ENABLE && \ > Rather than create 2 new kconfigs with 1 new invocation of the > compiler via cc-option, how about just adding an `ifdef > CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to > `KBUILD_CFLAGS` in the top level Makefile? That is a bit more sensible, yes. :) Let me try that...
On Tue, Sep 14, 2021 at 11:53:38AM -0700, Nick Desaulniers wrote: > Rather than create 2 new kconfigs with 1 new invocation of the > compiler via cc-option, how about just adding an `ifdef > CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to > `KBUILD_CFLAGS` in the top level Makefile? v2: diff --git a/Makefile b/Makefile index 34a0afc3a8eb..72d165ffabdb 100644 --- a/Makefile +++ b/Makefile @@ -831,12 +831,12 @@ endif # Initialize all stack variables with a zero value. ifdef CONFIG_INIT_STACK_ALL_ZERO -# Future support for zero initialization is still being debated, see -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being -# renamed or dropped. KBUILD_CFLAGS += -ftrivial-auto-var-init=zero +ifdef CONFIG_CC_IS_CLANG +# https://bugs.llvm.org/show_bug.cgi?id=45497 KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang endif +endif # While VLAs have been removed, GCC produces unreachable stack probes # for the randomize_kstack_offset feature. Disable it for all compilers. diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 90cbaff86e13..ded17b8abce2 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -23,13 +23,16 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN def_bool $(cc-option,-ftrivial-auto-var-init=pattern) config CC_HAS_AUTO_VAR_INIT_ZERO + # GCC ignores the -enable flag, so we can test for the feature with + # a single invocation using the flag, but drop it as appropriate in + # the Makefile, depending on the presence of Clang. def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) choice prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO default INIT_STACK_NONE help This option enables initialization of stack variables at
On Tue, Sep 14, 2021 at 12:14 PM Kees Cook <keescook@chromium.org> wrote: > > On Tue, Sep 14, 2021 at 11:53:38AM -0700, Nick Desaulniers wrote: > > Rather than create 2 new kconfigs with 1 new invocation of the > > compiler via cc-option, how about just adding an `ifdef > > CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to > > `KBUILD_CFLAGS` in the top level Makefile? > > v2: LGTM Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> I think the formal patch should have Will's Suggested-by on it. > > diff --git a/Makefile b/Makefile > index 34a0afc3a8eb..72d165ffabdb 100644 > --- a/Makefile > +++ b/Makefile > @@ -831,12 +831,12 @@ endif > > # Initialize all stack variables with a zero value. > ifdef CONFIG_INIT_STACK_ALL_ZERO > -# Future support for zero initialization is still being debated, see > -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being > -# renamed or dropped. > KBUILD_CFLAGS += -ftrivial-auto-var-init=zero > +ifdef CONFIG_CC_IS_CLANG > +# https://bugs.llvm.org/show_bug.cgi?id=45497 > KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > endif > +endif > > # While VLAs have been removed, GCC produces unreachable stack probes > # for the randomize_kstack_offset feature. Disable it for all compilers. > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 90cbaff86e13..ded17b8abce2 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -23,13 +23,16 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN > def_bool $(cc-option,-ftrivial-auto-var-init=pattern) > > config CC_HAS_AUTO_VAR_INIT_ZERO > + # GCC ignores the -enable flag, so we can test for the feature with > + # a single invocation using the flag, but drop it as appropriate in > + # the Makefile, depending on the presence of Clang. > def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) > > choice > prompt "Initialize kernel stack variables at function entry" > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > default INIT_STACK_NONE > help > This option enables initialization of stack variables at > > -- > Kees Cook
On Tue, Sep 14, 2021 at 12:14:47PM -0700, Kees Cook wrote: > On Tue, Sep 14, 2021 at 11:53:38AM -0700, Nick Desaulniers wrote: > > Rather than create 2 new kconfigs with 1 new invocation of the > > compiler via cc-option, how about just adding an `ifdef > > CONFIG_CC_IS_CLANG` guard around adding the obnoxious flag to > > `KBUILD_CFLAGS` in the top level Makefile? > > v2: Thanks for clarifying! (since I did not actually test before making the comment...) Reviewed-by: Nathan Chancellor <nathan@kernel.org> > diff --git a/Makefile b/Makefile > index 34a0afc3a8eb..72d165ffabdb 100644 > --- a/Makefile > +++ b/Makefile > @@ -831,12 +831,12 @@ endif > > # Initialize all stack variables with a zero value. > ifdef CONFIG_INIT_STACK_ALL_ZERO > -# Future support for zero initialization is still being debated, see > -# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being > -# renamed or dropped. > KBUILD_CFLAGS += -ftrivial-auto-var-init=zero > +ifdef CONFIG_CC_IS_CLANG > +# https://bugs.llvm.org/show_bug.cgi?id=45497 > KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang > endif > +endif > > # While VLAs have been removed, GCC produces unreachable stack probes > # for the randomize_kstack_offset feature. Disable it for all compilers. > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 90cbaff86e13..ded17b8abce2 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -23,13 +23,16 @@ config CC_HAS_AUTO_VAR_INIT_PATTERN > def_bool $(cc-option,-ftrivial-auto-var-init=pattern) > > config CC_HAS_AUTO_VAR_INIT_ZERO > + # GCC ignores the -enable flag, so we can test for the feature with > + # a single invocation using the flag, but drop it as appropriate in > + # the Makefile, depending on the presence of Clang. > def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang) > > choice > prompt "Initialize kernel stack variables at function entry" > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN > - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN > + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO > default INIT_STACK_NONE > help > This option enables initialization of stack variables at > > -- > Kees Cook >
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 90cbaff86e13..341e2fdcba94 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -29,7 +29,7 @@ choice prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN - default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_PATTERN + default INIT_STACK_ALL_ZERO if CC_HAS_AUTO_VAR_INIT_ZERO default INIT_STACK_NONE help This option enables initialization of stack variables at
CC_HAS_AUTO_VAR_INIT_ZERO requires a supported set of compiler options distinct from those needed by CC_HAS_AUTO_VAR_INIT_PATTERN, Fix up the Kconfig dependency for INIT_STACK_ALL_ZERO to test for the former instead of the latter, as these are the options passed by the top-level Makefile. Cc: Kees Cook <keescook@chromium.org> Cc: Nathan Chancellor <nathan@kernel.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Gustavo A. R. Silva <gustavoars@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Fixes: dcb7c0b9461c ("hardening: Clarify Kconfig text for auto-var-init") Signed-off-by: Will Deacon <will@kernel.org> --- I just noticed this while reading the code and I suspect it doesn't really matter in practice. security/Kconfig.hardening | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)