From nobody Sun Jan 12 12:06:06 2025
X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWDf510Y9z5kZ3k
	for <freebsd-arch@mlmmj.nyi.freebsd.org>; Sun, 12 Jan 2025 12:07:09 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "E6" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YWDf43gfwz4WLb
	for <freebsd-arch@freebsd.org>; Sun, 12 Jan 2025 12:07:08 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-arch
List-Help: <mailto:freebsd-arch+help@freebsd.org>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Subscribe: <mailto:freebsd-arch+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-arch+unsubscribe@freebsd.org>
Sender: owner-freebsd-arch@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1736683618;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=FIBHNZ18CdQD8oj3NBMfKVvtwXmGm9FctebPyDdx66Q=;
	b=24jGBJtDb3NSrxjG0DfQbqWvE8B8A7kAEnCqrN7jXe+dec8iY9qAEISPdnQMstcITodE9l
	CaMVd6Ehv8YvAgOC2Vlck+XPugJcF5JUU2XF9gmlQVdRm3JBANr2x71VY/5yL7tf4H0K9B
	rdU5IHWvSrMgRVBS7zcDJPev0WM9FkDyHvOTDSgQKZDP2dmqQgtz2TdhTCmnZ2LMF0zTsV
	+oYAqi1Kx7QRFQ/ThbXEEa1NjdBALWSacylqG/mNPH+krIJbteiXd+49A01XOhBzNEfnmJ
	lEVgp5hyJIegRGe6OLahAKAXXnJGbWzra7eHTZRqxR7IfBUe8iV4uh8MqlMJug==
Date: Sun, 12 Jan 2025 13:06:06 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: Freebsd Arch <freebsd-arch@freebsd.org>
Subject: Re: Setting a default value for OPT_INIT_ALL (stable=zero,
 current=pattern)
In-Reply-To: <pjlvri44wsgoolt5yhtsmlbcbysjlsfwwrj6lqtwj4b6pctqr5@qs5q3s5isucg>
References: <f6921f188cc5f41067394ec358d37fa5@Leidinger.net>
 <pjlvri44wsgoolt5yhtsmlbcbysjlsfwwrj6lqtwj4b6pctqr5@qs5q3s5isucg>
Message-ID: <e75ff74c80d74f7cfa15af6e0870f095@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_8d30bd7fa0be3da8a96827f6b1552f5e";
 micalg=pgp-sha256
X-Rspamd-Queue-Id: 4YWDf43gfwz4WLb
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_8d30bd7fa0be3da8a96827f6b1552f5e
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Am 2025-01-11 21:18, schrieb Shawn Webb:

> Hey Alex,
> 
> To give some additional data points coming from the HardenedBSD side:
> 
> 1. In 2019, we added support for this feature on an opt-in basis.
>    * Commit 6b573e328baa44bf8b47d40ff72fc1cc8a86fb00
> 2. In 2021, we enabled -ftrivial-auto-var-init=zero by default.
>    * Commit e4494782e5015da340106ca81445c65121c55ae3
> 3. In 2022, we modified clang itself to enable it by default.
>    * Commit 7557c8fd656c83a21e4d43071ea502445efb1ef3
> 4. In 2023, we added support for kernel modules to opt-in.
>    * Commit dd21b931eca8e5370a6d0341908316538b52de71

If it is enabled by default in clang, does it mean you have an opt-out 
per default in the kernel? Did you encounter parts of the kernel which 
don't work well with this?

If I read our bsd.kern.mk correctly, the OPT_INIT_ALL in src.conf is 
taken in the full kernel build. As such I have this "active" in the 
kernel on the jail host I test this on (with mysql, potsgresql, postfix, 
dovecot, redis, php, java, .......).

I have most of the kernel stuff as modules, so this should all be 
compiled with =zero (except the isal and nvidia modules, I have just 
compiled-tested the ports I use but not yet run tested with a similar 
feature for the ports collection):
Id Name
1 kernel
2 opensolaris.ko
3 usbhid.ko
4 hidbus.ko
5 hid.ko
6 kbdmux.ko
7 coretemp.ko
8 hsctrl.ko
9 hidmap.ko
10 tcphpts.ko
11 ahci.ko
12 hcons.ko
13 if_igb.ko
14 iflib.ko
15 cryptodev.ko
16 cc_chd.ko
17 aesni.ko
18 tcp_rack.ko
19 nvme.ko
20 smbios.ko
21 efirt.ko
22 vkbd.ko
23 zfs.ko
24 xdr.ko
25 cpufreq.ko
26 dpms.ko
27 hkbd.ko
28 umass.ko
29 miibus.ko
30 geom_eli.ko
31 geom_label.ko
32 tmpfs.ko
33 fdescfs.ko
34 if_bridge.ko
35 bridgestp.ko
36 if_epair.ko
37 xhci.ko
38 firewire.ko
39 if_fwip.ko
40 filemon.ko
41 sound.ko
42 ulpt.ko
43 accf_dns.ko
44 accf_data.ko
45 accf_http.ko
46 accf_tls.ko
47 cpuctl.ko
48 tpm.ko
49 ipmi.ko
50 linux.ko
51 mqueuefs.ko
52 linux_common.ko
53 linux64.ko
54 nullfs.ko
55 cuse.ko
56 isal.ko
57 nvidia-modeset.ko
58 nvidia.ko
59 hms.ko
60 ioat.ko
61 snd_uaudio.ko
62 pf.ko
63 procfs.ko
64 pseudofs.ko
65 linprocfs.ko
66 linsysfs.ko

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_8d30bd7fa0be3da8a96827f6b1552f5e
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmeDsD0ACgkQEg2wmwP4
2IYVAw/+PAApg9an44pBYzbtWSmWswZMz/T68rPeHzL3SPvjavqy24VxdX9o39zn
Y6m8BIwN8HBi+RmQpUbbUy9O3qN+pZnuosZ17oY2VaqmM5c1xe7p8aRkYe6AkKZy
qmfxc6OwoQQNi+83uNRX98Q/c5EBlH+Y99ybTYupNXrvm/5tETcY9hJKgiNqSpvb
W2/chotBgpptDKw+SIxE6WTysVOFKc4AELEqdS8iE+T1RfAgiwWKxmfsspzthmkL
3JCFr6aSeDbi7EcBdCnW0j2uF4AcNv3F1/I2LzR/TDapSGiham5tmxNLsO6NjiIC
uJkgEp99Vsrz9Vx+s6Ei7hlcgZHK8czEBGyilWAEbWTXVwRjj43vz8EjFXWxvIRy
N+dL5VaMbzDllkYb7LaGTI1z8rJc7aVZ+t3CqAt1LeC1WmQst5GqkuDXM3mo70a5
6Hn5asK6p5cU2MUuwov6IS9EHVQmSe5YERzu1r33uZmijWTCv/uEZUw52hSZffZ7
MJxaYuWYXnJUEQPzzJKpqWcWdF+pUwze963y99y4xQa086iNxsOe2ThLfpZ+b0lA
fpbjRFtM5nT++Eb/fNu+Q09KkXaGYnyS1EHRdNE70w6UHfFt5/VVszzp5d4crYos
m/wr9h67vNoUrdrc2Iuqy2+6asF0T0O4ewn0pFQQYGyJ4JL4eeo=
=vtLN
-----END PGP SIGNATURE-----

--=_8d30bd7fa0be3da8a96827f6b1552f5e--