From nobody Sat Jan 11 19:43:13 2025
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVpqz5FhGz4rfy1
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Sat, 11 Jan 2025 19:44:15 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "E6" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YVpqy6Vcwz46vx
	for <freebsd-arch@freebsd.org>; Sat, 11 Jan 2025 19:44:14 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=leidinger.net header.s=outgoing-alex header.b=Uc3KCEj8;
	spf=pass (mx1.freebsd.org: domain of Alexander@Leidinger.net designates 2a00:1828:2000:313::1:5 as permitted sender) smtp.mailfrom=Alexander@Leidinger.net;
	dmarc=pass (policy=quarantine) header.from=leidinger.net
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1736624643;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=05jD5kPle9mqFAHQ4+oqm5bTVdkg4Oy/oDcADZD/iBA=;
	b=Uc3KCEj8eNuc4gfuNmmw1a8TlT74bWmu0HuMIypcrLY46l6Fr4S6J6QfihkuSACqlMTlej
	pd+8auFL7Z39cz8MZGNNjdxuyobY4DTI7tAzqw8h14uH17N0Yfq5IhkTEJemzfsqHfLVwe
	ZFnAA8b8NzugvvP2zBkLC9lJZ8jVVXH/fPY3czzOSC/3Ap5ULStgktNy8lZW8xtYEdCXsS
	k9+MlGQfId6jBHJP5taeUD3/4CmMrRwXBsrWfBWvmHEIyHvhBPadcde6bKIFhm/MV/uNI6
	+E39JHwqBnQdmYPHALdTmfrX0DCtl8E1xkbye7dYdCAl3HlEGrlGEc7js3QnCQ==
Date: Sat, 11 Jan 2025 20:43:13 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Freebsd Arch <freebsd-arch@freebsd.org>
Subject: Setting a default value for OPT_INIT_ALL (stable=zero,
 current=pattern)
Message-ID: <f6921f188cc5f41067394ec358d37fa5@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_4cc9900c1284ca6241abe8b11db26d13";
 micalg=pgp-sha256
X-Rspamd-Queue-Id: 4YVpqy6Vcwz46vx
X-Spamd-Bar: ------
X-Spamd-Result: default: False [-6.10 / 15.00];
	SIGNED_PGP(-2.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-0.996];
	DMARC_POLICY_ALLOW(-0.50)[leidinger.net,quarantine];
	R_SPF_ALLOW(-0.20)[+mx];
	MIME_GOOD(-0.20)[multipart/signed,text/plain];
	R_DKIM_ALLOW(-0.20)[leidinger.net:s=outgoing-alex];
	ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE];
	RCPT_COUNT_ONE(0.00)[1];
	HAS_ORG_HEADER(0.00)[];
	MISSING_XM_UA(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	DKIM_TRACE(0.00)[leidinger.net:+];
	MID_RHS_MATCH_FROM(0.00)[];
	ARC_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	RCVD_COUNT_ZERO(0.00)[0];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org];
	TO_DN_ALL(0.00)[];
	HAS_ATTACHMENT(0.00)[]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_4cc9900c1284ca6241abe8b11db26d13
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Hi,

we have support to set a default initialization value for uninitialized 
variables (OPT_INIT_ALL in src.conf). Possible values are (copy&paste 
from 
https://gcc.gnu.org/pipermail/gcc-patches/2021-February/565514.html):
'-ftrivial-auto-var-init=CHOICE'
      Initialize automatic variables with either a pattern or with zeroes
      to increase program security by preventing uninitialized memory
      disclosure and use.

      The three values of CHOICE are:

         * 'uninitialized' doesn't initialize any automatic variables.
           This is C and C++'s default.

         * 'pattern' Initialize automatic variables with values which
           will likely transform logic bugs into crashes down the line,
           are easily recognized in a crash dump and without being values
           that programmers can rely on for useful program semantics.
           The values used for pattern initialization might be changed in
           the future.

         * 'zero' Initialize automatic variables with zeroes.

      The default is 'uninitialized'.

The main point of this option is to prevent leaking random data by 
accident.

What I propose is to have OPT_INIT_ALL set to "zero" in stable branches. 
We could maybe also set it to "pattern" in -current. In my opinion this 
a similar thing like the malloc production setting, or witness, and so 
on.

Any thoughts about this?

In case of a generic consensus of this, I would expect the release 
engineering team to take this into their procedure for branching a new 
stable branch. The locations where a OPT_INIT_ALL?=zero would need to be 
added are share/mk/bsd.lib.mk, share/mk/bsd.prog.mk and 
sys/conf/kern.mk.

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_4cc9900c1284ca6241abe8b11db26d13
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmeCyeEACgkQEg2wmwP4
2IYpPQ//QBeEIbUlqlLcG4RqFo9oB3TX+Db5bT6NH6V9raxRPdJf8uHzFkkKtabm
Oy4muDwhxSQYZlvpERvuLN1stUIVD61Pv5tPAIIDNIyyQknZ1hYVG2EtYOXFsSO9
p0KpIaPf6F3p5r9XvPjBScYi8hIwe2ZCacXLpeXE11QhJnekxAeRt2cVej2aVFV1
tNTpZHh1zClpFDr8N6IIPWN0c8GakE0JBshowCgcpXZ0mRuHC5b+IrACsuFf/CQX
Iv/skVP+5eDko9tiEA2osxAaXmob4G5983Coktzstet2f9RDEFMJCwssSex7+0rX
ebu0fQ+nFiLEjjqoO2dN96G7ZaN9jsOyKPZVkc+JNASiB/N2QJywwIot09K3DllA
FV8BqqIHn+gzQJP/DzfX1tsGUE+qCrNmTeO2w5Uw0knijUahbI1z+FV+Iqz/NBoR
VzOR9YoH1OiInSt498BTfRNKdh03PzpuQffjOAGuo6l0CJX6Sp8+1KKgVmioZ4Ak
WVjV1JB7SiZeoV3JcKOZ8Ux5LjkDYJSVn2V+m+1zqTdttWxKy/+adFgYHidhAbd/
vM/HtlPRRHQiqm5KCtmHqT3QD5eSmgVo8tqMDmG4+PrFP8jWSOBaKgVxZ7gzwre1
FRFIJA8DKkzQbTjWaYZAKBGEN0QF8sREESOKxyC64sKn55ADP+I=
=YNmk
-----END PGP SIGNATURE-----

--=_4cc9900c1284ca6241abe8b11db26d13--