From patchwork Wed Apr 10 16:16:09 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 10894327
Return-Path: 
 <kernel-hardening-return-15595-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BAC6014DB
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Wed, 10 Apr 2019 16:16:37 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A8E3528CF9
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Wed, 10 Apr 2019 16:16:37 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A689D28D16; Wed, 10 Apr 2019 16:16:37 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham
	version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id E4C6928CF9
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Wed, 10 Apr 2019 16:16:36 +0000 (UTC)
Received: (qmail 16128 invoked by uid 550); 10 Apr 2019 16:16:32 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 16107 invoked from network); 10 Apr 2019 16:16:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id;
        bh=x2KYJib3dOzOX8W30eA/GdsrFGJ1QDL/O1I+P3kYlwg=;
        b=XpXvL2K4TmeTB6apty/+7j6PaDGjBWukrD4XgOwH9jLi+UosDmIFjrCJSyhUPwI24r
         t9Qz8BPGmRFt3uOj8lrdM/YocFw48FOg9wQe5zN745/WR4lqDEAOREOVv818ht6yOHhw
         oaMsZGMubKVo6KkCHERJnTkhBjwwymhVBTj/g=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=x2KYJib3dOzOX8W30eA/GdsrFGJ1QDL/O1I+P3kYlwg=;
        b=tDRIa5ytHnyHjFF8GqTzLLs9f5eOgqmaYvSqRLaimec0bQz3f6BWoXDtICprZ23XhJ
         eq/SK7LF4O1IBB1f42D00YHSz67P/qmoCFeQTDd511XsZIjVuvvSiJIN8aNwhRGY1G6N
         a4NTOAyhOSkaqMYxANrM4eb+JRdRUy7kxWOJipVTs+d2bGbj4UBhMMdVwwvoa+S5UsDv
         ZpAv4LGST8+Q6Dh9cVP7saBmpJtSke1P/F9Jw8XoJ8u4Q7cSVsnG98yA7IS/HymYvj4P
         MIBWU89ekkvaLqB88uh1GrvJcaeUThg/Xy9fzkjN0sbe1ZZBJcfTEtowDcuFzpMeIGLh
         T/Tw==
X-Gm-Message-State: APjAAAVzxeRNRTWdw6fuble+r9DqmdIYgf2LJaWyZZtZAOuHq3n6fei/
	Pt2/WjR29ty85EvRBmzcEEG9jA==
X-Google-Smtp-Source: 
 APXvYqxV7u4z3SP7rQZaoXm6DgmvlM21aDP/eOO6IxVz6Xq3ILyC5OTxhjHS1EiCzLNEbjzmkf0D4Q==
X-Received: by 2002:a65:6389:: with SMTP id h9mr42126678pgv.398.1554912979563;
        Wed, 10 Apr 2019 09:16:19 -0700 (PDT)
From: Kees Cook <keescook@chromium.org>
To: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Kees Cook <keescook@chromium.org>,
	Alexander Potapenko <glider@google.com>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Kostya Serebryany <kcc@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Sandeep Patil <sspatil@android.com>,
	Laura Abbott <labbott@redhat.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Alexander Popov <alpopov@ptsecurity.com>,
	Michal Marek <michal.lkml@markovi.net>,
	Emese Revfy <re.emese@gmail.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	linux-kbuild@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	kernel-hardening@lists.openwall.com
Subject: [PATCH 0/3] Kconfig: Refactor memory initialization hardening
Date: Wed, 10 Apr 2019 09:16:09 -0700
Message-Id: <20190410161612.18545-1-keescook@chromium.org>
X-Mailer: git-send-email 2.17.1
X-Virus-Scanned: ClamAV using ClamSMTP

This is a proposed alternative for the memory initialization series,
which refactoring the existing gcc plugins into a separate Kconfig
file and collects all the related options together with some more
language to describe their differences. The last patch adds the
Clang auto init option, as done by Alexander Potapenko.

Since there isn't really a good way to "select" with dependencies,
I've left out CONFIG_INIT_ALL_MEMORY for the moment...

-Kees

Kees Cook (3):
  Kconfig: Create "kernel hardening" config area
  kbuild: Move stackleak config to Kconfig.hardening
  kbuild: Implement Clang's stack initialization

 Makefile                    |   5 ++
 scripts/gcc-plugins/Kconfig | 121 +-------------------------
 security/Kconfig            |   2 +
 security/Kconfig.hardening  | 165 ++++++++++++++++++++++++++++++++++++
 4 files changed, 175 insertions(+), 118 deletions(-)
 create mode 100644 security/Kconfig.hardening