Re: Setting a default value for OPT_INIT_ALL (stable=zero, current=pattern)

On Sun, Jan 12, 2025 at 01:06:06PM +0100, Alexander Leidinger wrote:
> Am 2025-01-11 21:18, schrieb Shawn Webb:
> 
> > Hey Alex,
> > 
> > To give some additional data points coming from the HardenedBSD side:
> > 
> > 1. In 2019, we added support for this feature on an opt-in basis.
> >    * Commit 6b573e328baa44bf8b47d40ff72fc1cc8a86fb00
> > 2. In 2021, we enabled -ftrivial-auto-var-init=zero by default.
> >    * Commit e4494782e5015da340106ca81445c65121c55ae3
> > 3. In 2022, we modified clang itself to enable it by default.
> >    * Commit 7557c8fd656c83a21e4d43071ea502445efb1ef3
> > 4. In 2023, we added support for kernel modules to opt-in.
> >    * Commit dd21b931eca8e5370a6d0341908316538b52de71
> 
> If it is enabled by default in clang, does it mean you have an opt-out per
> default in the kernel? Did you encounter parts of the kernel which don't
> work well with this?

We ahve a mechanism for kernel modules to say they work safely with
trivial variable auto-init[1]. In the module's Makefile, just set the
TRIVIAL_VAR_AUTO_INIT_ZERO_SAFE variable.

I haven't found success in enabling the feature for the kernel
itself--and I'm unsure why, though I have a few guesses (which could
be horrifically wrong, so I won't publicly speculate.) I've limited it
to kernel modules I myself use on a daily basis.

> 
> If I read our bsd.kern.mk correctly, the OPT_INIT_ALL in src.conf is taken
> in the full kernel build. As such I have this "active" in the kernel on the
> jail host I test this on (with mysql, potsgresql, postfix, dovecot, redis,
> php, java, .......).

HardenedBSD takes a slightly different approach than FreeBSD mainly
due to historic reasons. We could probably switch to the FreeBSD way,
but why change something if it works? ;-)

> 
> I have most of the kernel stuff as modules, so this should all be compiled
> with =zero (except the isal and nvidia modules, I have just compiled-tested
> the ports I use but not yet run tested with a similar feature for the ports
> collection):
> Id Name
> 1 kernel
> 2 opensolaris.ko
> 3 usbhid.ko
> 4 hidbus.ko
> 5 hid.ko
> 6 kbdmux.ko
> 7 coretemp.ko
> 8 hsctrl.ko
> 9 hidmap.ko
> 10 tcphpts.ko
> 11 ahci.ko
> 12 hcons.ko
> 13 if_igb.ko
> 14 iflib.ko
> 15 cryptodev.ko
> 16 cc_chd.ko
> 17 aesni.ko
> 18 tcp_rack.ko
> 19 nvme.ko
> 20 smbios.ko
> 21 efirt.ko
> 22 vkbd.ko
> 23 zfs.ko
> 24 xdr.ko
> 25 cpufreq.ko
> 26 dpms.ko
> 27 hkbd.ko
> 28 umass.ko
> 29 miibus.ko
> 30 geom_eli.ko
> 31 geom_label.ko
> 32 tmpfs.ko
> 33 fdescfs.ko
> 34 if_bridge.ko
> 35 bridgestp.ko
> 36 if_epair.ko
> 37 xhci.ko
> 38 firewire.ko
> 39 if_fwip.ko
> 40 filemon.ko
> 41 sound.ko
> 42 ulpt.ko
> 43 accf_dns.ko
> 44 accf_data.ko
> 45 accf_http.ko
> 46 accf_tls.ko
> 47 cpuctl.ko
> 48 tpm.ko
> 49 ipmi.ko
> 50 linux.ko
> 51 mqueuefs.ko
> 52 linux_common.ko
> 53 linux64.ko
> 54 nullfs.ko
> 55 cuse.ko
> 56 isal.ko
> 57 nvidia-modeset.ko
> 58 nvidia.ko
> 59 hms.ko
> 60 ioat.ko
> 61 snd_uaudio.ko
> 62 pf.ko
> 63 procfs.ko
> 64 pseudofs.ko
> 65 linprocfs.ko
> 66 linsysfs.ko

I would especially be curious about crypto and platform (like EFIRT)
kernel modules. If you do enable trivial variable auto-init for any of
what you listed, please let me know which ones work.

[1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/blob/hardened/current/master/sys/conf/kern.mk?ref_type=heads#L247-249

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc