Merge tag 'var-init-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (5b5d3be5) · Commits · 戴 / test

Makefile

+11 −2

Original line number	Diff line number	Diff line
		@@ -803,11 +803,20 @@ KBUILD_CFLAGS += -fomit-frame-pointer
		endif
		endif

		# Initialize all stack variables with a pattern, if desired.
		ifdef CONFIG_INIT_STACK_ALL
		# Initialize all stack variables with a 0xAA pattern.
		ifdef CONFIG_INIT_STACK_ALL_PATTERN
		KBUILD_CFLAGS += -ftrivial-auto-var-init=pattern
		endif

		# Initialize all stack variables with a zero value.
		ifdef CONFIG_INIT_STACK_ALL_ZERO
		# Future support for zero initialization is still being debated, see
		# https://bugs.llvm.org/show_bug.cgi?id=45497. These flags are subject to being
		# renamed or dropped.
		KBUILD_CFLAGS += -ftrivial-auto-var-init=zero
		KBUILD_CFLAGS += -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
		endif

		DEBUG_CFLAGS := $(call cc-option, -fno-var-tracking-assignments)

		ifdef CONFIG_DEBUG_INFO

init/main.c

+7 −5

Original line number	Diff line number	Diff line
		@@ -779,14 +779,16 @@ static void __init report_meminit(void)
		{
		const char *stack;

		if (IS_ENABLED(CONFIG_INIT_STACK_ALL))
		stack = "all";
		if (IS_ENABLED(CONFIG_INIT_STACK_ALL_PATTERN))
		stack = "all(pattern)";
		else if (IS_ENABLED(CONFIG_INIT_STACK_ALL_ZERO))
		stack = "all(zero)";
		else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL))
		stack = "byref_all";
		stack = "byref_all(zero)";
		else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF))
		stack = "byref";
		stack = "byref(zero)";
		else if (IS_ENABLED(CONFIG_GCC_PLUGIN_STRUCTLEAK_USER))
		stack = "__user";
		stack = "__user(zero)";
		else
		stack = "off";

security/Kconfig.hardening

+25 −4

Original line number	Diff line number	Diff line
		@@ -19,13 +19,16 @@ config GCC_PLUGIN_STRUCTLEAK

		menu "Memory initialization"

		config CC_HAS_AUTO_VAR_INIT
		config CC_HAS_AUTO_VAR_INIT_PATTERN
		def_bool $(cc-option,-ftrivial-auto-var-init=pattern)

		config CC_HAS_AUTO_VAR_INIT_ZERO
		def_bool $(cc-option,-ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang)

		choice
		prompt "Initialize kernel stack variables at function entry"
		default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS
		default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT
		default INIT_STACK_ALL_PATTERN if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT_PATTERN
		default INIT_STACK_NONE
		help
		This option enables initialization of stack variables at
		@@ -88,9 +91,9 @@ choice
		of uninitialized stack variable exploits and information
		exposures.

		config INIT_STACK_ALL
		config INIT_STACK_ALL_PATTERN
		bool "0xAA-init everything on the stack (strongest)"
		depends on CC_HAS_AUTO_VAR_INIT
		depends on CC_HAS_AUTO_VAR_INIT_PATTERN
		help
		Initializes everything on the stack with a 0xAA
		pattern. This is intended to eliminate all classes
		@@ -98,6 +101,24 @@ choice
		exposures, even variables that were warned to have been
		left uninitialized.

		Pattern initialization is known to provoke many existing bugs
		related to uninitialized locals, e.g. pointers receive
		non-NULL values, buffer sizes and indices are very big.

		config INIT_STACK_ALL_ZERO
		bool "zero-init everything on the stack (strongest and safest)"
		depends on CC_HAS_AUTO_VAR_INIT_ZERO
		help
		Initializes everything on the stack with a zero
		value. This is intended to eliminate all classes
		of uninitialized stack variable exploits and information
		exposures, even variables that were warned to have been
		left uninitialized.

		Zero initialization provides safe defaults for strings,
		pointers, indices and sizes, and is therefore
		more suitable as a security mitigation measure.

		endchoice

		config GCC_PLUGIN_STRUCTLEAK_VERBOSE

Admin message