From patchwork Tue Feb 27 11:15:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prasad Pandit X-Patchwork-Id: 10244937 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 732A560208 for ; Tue, 27 Feb 2018 11:42:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 67DF81FF65 for ; Tue, 27 Feb 2018 11:42:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5BFA52040D; Tue, 27 Feb 2018 11:42:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 97F021FF65 for ; Tue, 27 Feb 2018 11:42:38 +0000 (UTC) Received: (qmail 26207 invoked by uid 550); 27 Feb 2018 11:42:36 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Delivered-To: moderator for kernel-hardening@lists.openwall.com Received: (qmail 32727 invoked from network); 27 Feb 2018 11:16:40 -0000 From: P J P To: kernel-hardening@lists.openwall.com Cc: Florian Weimer , P J P Subject: [PATCH 1/1] Add an option to build kernel with -finit-local-vars Date: Tue, 27 Feb 2018 16:45:32 +0530 Message-Id: <20180227111532.1144-2-ppandit@redhat.com> In-Reply-To: <20180227111532.1144-1-ppandit@redhat.com> References: <20180227111532.1144-1-ppandit@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Tue, 27 Feb 2018 11:16:29 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.1]); Tue, 27 Feb 2018 11:16:29 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'ppandit@redhat.com' RCPT:'' X-Virus-Scanned: ClamAV using ClamSMTP From: P J P Add a configuration option to build kernel with -finit-local-vars compiler option.[*] It'll zero initialize the automatic kernel function variables, thus helping to reduce kernel information leakage issues. [*] https://gcc.gnu.org/ml/gcc-patches/2014-06/msg00615.html Signed-off-by: P J P --- Makefile | 4 ++++ lib/Kconfig.debug | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/Makefile b/Makefile index 659a7780aeb3..7b25a77470ca 100644 --- a/Makefile +++ b/Makefile @@ -781,6 +781,10 @@ KBUILD_CFLAGS += $(call cc-option, -femit-struct-debug-baseonly) \ $(call cc-option,-fno-var-tracking) endif +ifdef CONFIG_FINIT_LOCAL_VARS +KBUILD_CFLAGS += $(call cc-option, -finit-local-vars) +endif + ifdef CONFIG_FUNCTION_TRACER ifndef CC_FLAGS_FTRACE CC_FLAGS_FTRACE := -pg diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 64155e310a9f..8da18d145c5b 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -206,6 +206,14 @@ config ENABLE_WARN_DEPRECATED Disable this to suppress the "warning: 'foo' is deprecated (declared at kernel/power/somefile.c:1234)" messages. +config FINIT_LOCAL_VARS + bool "Enable -finit-local-vars" + default n + help + Enable the -finit-local-vars compiler option during the kernel build. + It'll zero initialise the automatic kernel function variables, thus + helping to reduce kernel information leakage issues. + config ENABLE_MUST_CHECK bool "Enable __must_check logic" default y