From nobody Sat Jan 11 20:18:27 2025 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YVqbW5Ck0z4rjrs for ; Sat, 11 Jan 2025 20:18:31 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com [IPv6:2607:f8b0:4864:20::12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YVqbW2LMnz4Fnw for ; Sat, 11 Jan 2025 20:18:31 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-il1-x12c.google.com with SMTP id e9e14a558f8ab-3a813899384so9732415ab.1 for ; Sat, 11 Jan 2025 12:18:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1736626710; x=1737231510; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=2YPeJRJfR1ms+xb9tXioutNAFzVsW6+Tb2mpzRYalO0=; b=HzS6pzF3E36v2QSWCtNkygMCp6YWXZsV6pZw9QX5ZEGRTz7omIe+nd/9oHTuYWAFLD IAUOaxjpo4PwQ78IRmgbzL/Ng//G4rAm4zYGtsJfiQ71W0jCjG9wD4IeEtq/kTCA7yvC KklOJLLyJaF8qNj5dHA9XWXgY8amrKKTTWYshbnE8zKKZs+ftro8tMgs1+/M1kHjxjKC Z1mEgTlkvZHsug9udd+o5IIOaijwzSuSNQoAzvwUJe/E+uZp4NcQVbL9rUYaJtAKRpQm pucrPrarozkPsJs6Ozm/j2nYwFuiF9SjL3QUbv7t7DSPJDnSVJHP2OE57JdqmYJA8gOn um0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736626710; x=1737231510; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=2YPeJRJfR1ms+xb9tXioutNAFzVsW6+Tb2mpzRYalO0=; b=J4qJRwJzy3xDOwiZ/ULMHuWcF17i6dR9kWit6lxBicwO7w6uqGZMEwspgR5nn/3ts0 FPHkn07S6YaQsmandtl/Q1VRyqOL4P84Hn19CO2lpxxpyXcfRAsSA1b/fLvnOBcNK5hG /7gLtYwtFjMhCj4ycslzFBZpc7gcjYtZQCLU5rpH6WUEQcuJU1QsS28epRn99ZZdCnbi Zln6s8CZy2ku3WXx1W9R2STWHOW71BFax1TUF03x3a5ldb2bH0ZTKDOydZlR4kdyPuoC npY39r85/m7rn5TOiq8RUBgJyGxMvBx1qBuUAGRgI1Wh7BkZxYPHJ/lUiAO7jAjj4dDw dfiw== X-Gm-Message-State: AOJu0YxlcUQza8cvvrPLGjSHi80FlQaC0zbqV40jpLB1IapRZ0wxi0E1 UogKeZzKO4rfESxS5JXSoy7Rkg/LRXs28XpfErbucWm845MB5ozeE8SzFazC9nyFqk21XGYfykP 9 X-Gm-Gg: ASbGnctpwkOO9eDRAKmDvQWLBxy5yRXUgVJgP6DnL4j7Vg45aYcl/Kj8I0owg1YNWgf 3VoJGMUsNEG/uGp+rYjPdVED+XqIW9jgBdjg3VAJtZj1D4Ox0sM+z3eRf4qgc6T/V8cw0hErVjE XZqzz/Dkj6gT32L2Bh5+8QrI2wSWmRUoVSDxmq+JgttoRegj48fAV2e1hweYTK+Nk+PiO1wdl2m KS5I5EXQVx9N1AnuSdopp3lHnKEVPQKAuIr4Yc= X-Google-Smtp-Source: AGHT+IFiL4xuZgmVahz+nI89rMSuvleVJbOjnvhU5QnPB8+Y3u2cPb9N7fyHArjjn0ski2K/17ar0A== X-Received: by 2002:a05:6e02:1a4d:b0:3a7:c3aa:a82b with SMTP id e9e14a558f8ab-3ce3a90ee90mr115810845ab.1.1736626710114; Sat, 11 Jan 2025 12:18:30 -0800 (PST) Received: from mutt-hbsd ([2001:470:4001:1::95]) by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-3ce4add8827sm17187735ab.35.2025.01.11.12.18.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Jan 2025 12:18:29 -0800 (PST) Date: Sat, 11 Jan 2025 20:18:27 +0000 From: Shawn Webb To: Alexander Leidinger Cc: Freebsd Arch Subject: Re: Setting a default value for OPT_INIT_ALL (stable=zero, current=pattern) Message-ID: X-Operating-System: FreeBSD mutt-hbsd 14.2-STABLE-HBSD FreeBSD 14.2-STABLE-HBSD HARDENEDBSD-14-STABLE amd64 X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="x4vincl73vmmknnm" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4YVqbW2LMnz4Fnw X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --x4vincl73vmmknnm Content-Type: text/plain; protected-headers=v1; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Subject: Re: Setting a default value for OPT_INIT_ALL (stable=zero, current=pattern) MIME-Version: 1.0 On Sat, Jan 11, 2025 at 08:43:13PM +0100, Alexander Leidinger wrote: > Hi, >=20 > we have support to set a default initialization value for uninitialized > variables (OPT_INIT_ALL in src.conf). Possible values are (copy&paste from > https://gcc.gnu.org/pipermail/gcc-patches/2021-February/565514.html): > '-ftrivial-auto-var-init=3DCHOICE' > Initialize automatic variables with either a pattern or with zeroes > to increase program security by preventing uninitialized memory > disclosure and use. >=20 > The three values of CHOICE are: >=20 > * 'uninitialized' doesn't initialize any automatic variables. > This is C and C++'s default. >=20 > * 'pattern' Initialize automatic variables with values which > will likely transform logic bugs into crashes down the line, > are easily recognized in a crash dump and without being values > that programmers can rely on for useful program semantics. > The values used for pattern initialization might be changed in > the future. >=20 > * 'zero' Initialize automatic variables with zeroes. >=20 > The default is 'uninitialized'. >=20 > The main point of this option is to prevent leaking random data by accide= nt. >=20 > What I propose is to have OPT_INIT_ALL set to "zero" in stable branches. = We > could maybe also set it to "pattern" in -current. In my opinion this a > similar thing like the malloc production setting, or witness, and so on. >=20 > Any thoughts about this? >=20 > In case of a generic consensus of this, I would expect the release > engineering team to take this into their procedure for branching a new > stable branch. The locations where a OPT_INIT_ALL?=3Dzero would need to be > added are share/mk/bsd.lib.mk, share/mk/bsd.prog.mk and sys/conf/kern.mk. Hey Alex, To give some additional data points coming from the HardenedBSD side: 1. In 2019, we added support for this feature on an opt-in basis. * Commit 6b573e328baa44bf8b47d40ff72fc1cc8a86fb00 2. In 2021, we enabled -ftrivial-auto-var-init=3Dzero by default. * Commit e4494782e5015da340106ca81445c65121c55ae3 3. In 2022, we modified clang itself to enable it by default. * Commit 7557c8fd656c83a21e4d43071ea502445efb1ef3 4. In 2023, we added support for kernel modules to opt-in. * Commit dd21b931eca8e5370a6d0341908316538b52de71 The following kernel modules have opted in: 1. netlink (commit 10aa23df4d0ef6a527b1f2d2092126175f64899f) 2. virtio-net (commit c9a07fd0d828e4a8d0ee32f2143cca8e3eb55e8c) 3. zfs (commit fdabd703d9870b00c34837299253423ab4fa8ad6) 4. iwlwifi (commit 96d935f2f7328b3e2be0ceb557f09e7d2f9a9ea9) 5. linuxkpi (commit 803b838923ff76660ae9f5e25696725e77deb274) 6. tmpfs (commit 2e5d303a25c030664a6cbf2efd10de29de0da600) 7. tarfs (commit c08174516b33c58a771c46a17d94c2ba9ed4f1a0) 8. geli (commit 94ee2b3faa4712bd57f3cd82fe442b883a79b68a) 9. pf (commit bd836619adb5b502c594dfab0df98e40f8adefe2) 10. pfsync (commit a69ea2297d85a9537d2a08d4e4011d3e834b2cba) 11. pflog (commit 0ec32fb1fd6062ca9e185e73316ff06a26a1d7af) 12. vmm (commit 50d5dbec1c82cc568e0a621e4e405de7ec73b921) 13. fusefs (commit 3e58a69c9b83380d77ea432e58868a0b0f3c8374) Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --x4vincl73vmmknnm Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmeC0gwACgkQ/y5nonf4 4fqUgxAAkR/YXxYlogxEpHwXJZN8/rgBPsWQqrE0BCOxrLJ6+WRWTR8umdGCZKYL LVwdx3M6dWCbdCQQsWa5YmTVkqt/3FAGQKTaqL2YAlcgP9v+gbgDP2Bp3YPICN4o gX3GHzozZhkV3Z0JVyKekhkO14T2U+Ey+afprRyzr76thnINytyRxOQle61oAmUJ MDTDJ8uMz4IM4yhOeCxHbvbjCV8ntFYpqxPCw3OdM/aZSJiL2fsRneaTuz31FS1b oH2zzBeFDcjqEn+mK+0G6FYk2A+9JyIGYgXSf6jXM9u/pYgarOyVClVVBlqpacRN 2Oawuu7hShWR7LFo3C4tHEtm7/yyJEAAwhrce2837NERfb3GdRJOw+MQNY8WgSzg WgThja1YUbx1sIpJe+cNsZx6oPeDWSiH+Y8k2dplEMCGy2SKA5AHq4J9yEhvlTnR psK8bpY2ZEqxrhwW/NeWvLny8WVy2XDINAIe1L9oJBhisIDGEtDq7/G1gvVblsu6 +F17F9XVpHhw7T26qJZ1PHRM2QJi20/wFYeoD0IV3MH6HhdtaUcMOzi3YdgFGrh1 xb3pxwPAcRmjlu9gZkRxn2t9RPMgxY73Oy+WGxlElpk9EjM5/i3qNen7R1Ux4Y4J G+h0aczwJQQ3P5QDbaeNzhXOwZesTTv3pZrR68MBnnGVjH00Xzc= =Jy7o -----END PGP SIGNATURE----- --x4vincl73vmmknnm--