From nobody Sun Jan 12 18:05:20 2025 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YWNbQ5PX0z5l37G for ; Sun, 12 Jan 2025 18:05:22 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YWNbQ4ZLkz4D1G for ; Sun, 12 Jan 2025 18:05:22 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd2e.google.com with SMTP id ca18e2360f4ac-844df397754so114859139f.2 for ; Sun, 12 Jan 2025 10:05:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1736705122; x=1737309922; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=nqBKYNWN935x9gGBi5oC3T/4lPnec/3uVaXexbu0kB4=; b=DRo2c8GeFGweVRpo22FBGqe4+uftJ4rj8kWmb/pLhwO5bNdzfQGlY0xRo0p4DmKQTC wfiAL8NEase/TM0QryL7RwP6gVeiX3mpNcFLiTeux6F5qTMeypNblK+0+cab0itnt1q0 VV6Ltdawsic9C1q21nPq73ro2M0PRQ+1qwwHZM65mKKbI36eEjgOBYIhY5+67//F6s3L Rbe0xII+Lx4q3mTXV7/iWiRJ4sjIloL95uQTN0JuuWLbqj+8lYg6hbJQ66Y2CKb64fld yUIHiq4FK+q40so1oSXZWaqGigT7l07ECZTiZ9mNeh0kIlqiOPdy1w5CBpcd+xpBZ0gt +ATQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736705122; x=1737309922; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nqBKYNWN935x9gGBi5oC3T/4lPnec/3uVaXexbu0kB4=; b=axjvXsCA0CD1u40yK85+eum6tulzw3FWw14CMSBBW68qXtjY2arrHTkf2zXWZDXhMB 1at+2tNrGmNHW4gZUO6hKtPIiB7guoa+869ScmRQ4Vkd6cqBSDeYJgW5jDzoMNc4ry4C aPN07CsLF+rRFNjSrI7tNOi9CUcBwt8Mq5oY3qEqyNOhhz4lcr8Yc48qdcrAowGGaY0U 3oiCiP32o3gqp97+Qu2eg5bLa4cqVw6LvzqOsXIUzcx1WRKR46xe11EXkl7InDIm87fr jRPlQE8wpTV6VYgqP75dtt5yfBO9Q1r/mJSUulJp6/utGQRD8+vc2jFQR94QzmxLcIKr gOyA== X-Gm-Message-State: AOJu0YwuCbD0iTa25kjFfkPsBoXhHpuXu9OI+gmKEGcX8Tbir3j8PN9N odLhZukUAGnsVtdv0uLbw9YGyMjTrj1P3z7yvtssMlC7HxpuVZFgSW7B1FIP3EMHhYniYO0Iavx k X-Gm-Gg: ASbGnct1mdCkg5RGjUreP2NQlnurZ4xQJjrkk6qnr8z5UHjKpFbRWCyB3ISMFT/W4k/ REtJydOzTDp3D6YrvRSgbKgAn4ukNl1vYo54vRbWr0iVc0GpDpXwAEaj4f5stSsRLVOEEgQN23a wzWeDIJk0h9ZiMRz5l9S8bBoGCZGn9c/T66DNqKB/wzZuBlYywQRZ/88oCa0w4p+rbB1esi81OX HQ54c2fpkD+PJf2lN0Ea97r76yC74Pku76R3Sw= X-Google-Smtp-Source: AGHT+IFoIzCdZSFnbyGo2SZhZDWtFCxEoF90CZx72Z19wdfM0cqeDS3Sf5YW7BeaUu6+/cwUzYxK9Q== X-Received: by 2002:a05:6e02:17cd:b0:3a7:dec1:de55 with SMTP id e9e14a558f8ab-3ce3a9d4381mr138206265ab.22.1736705121911; Sun, 12 Jan 2025 10:05:21 -0800 (PST) Received: from mutt-hbsd ([2001:470:4001:1::95]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4ea1b717809sm2256966173.86.2025.01.12.10.05.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Jan 2025 10:05:21 -0800 (PST) Date: Sun, 12 Jan 2025 18:05:20 +0000 From: Shawn Webb To: Alexander Leidinger Cc: Freebsd Arch Subject: Re: Setting a default value for OPT_INIT_ALL (stable=zero, current=pattern) Message-ID: X-Operating-System: FreeBSD mutt-hbsd 14.2-STABLE-HBSD FreeBSD 14.2-STABLE-HBSD HARDENEDBSD-14-STABLE amd64 X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nrqbrowxbgy5dz2l" Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: 4YWNbQ4ZLkz4D1G X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] --nrqbrowxbgy5dz2l Content-Type: text/plain; protected-headers=v1; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Subject: Re: Setting a default value for OPT_INIT_ALL (stable=zero, current=pattern) MIME-Version: 1.0 On Sun, Jan 12, 2025 at 01:06:06PM +0100, Alexander Leidinger wrote: > Am 2025-01-11 21:18, schrieb Shawn Webb: >=20 > > Hey Alex, > >=20 > > To give some additional data points coming from the HardenedBSD side: > >=20 > > 1. In 2019, we added support for this feature on an opt-in basis. > > * Commit 6b573e328baa44bf8b47d40ff72fc1cc8a86fb00 > > 2. In 2021, we enabled -ftrivial-auto-var-init=3Dzero by default. > > * Commit e4494782e5015da340106ca81445c65121c55ae3 > > 3. In 2022, we modified clang itself to enable it by default. > > * Commit 7557c8fd656c83a21e4d43071ea502445efb1ef3 > > 4. In 2023, we added support for kernel modules to opt-in. > > * Commit dd21b931eca8e5370a6d0341908316538b52de71 >=20 > If it is enabled by default in clang, does it mean you have an opt-out per > default in the kernel? Did you encounter parts of the kernel which don't > work well with this? We ahve a mechanism for kernel modules to say they work safely with trivial variable auto-init[1]. In the module's Makefile, just set the TRIVIAL_VAR_AUTO_INIT_ZERO_SAFE variable. I haven't found success in enabling the feature for the kernel itself--and I'm unsure why, though I have a few guesses (which could be horrifically wrong, so I won't publicly speculate.) I've limited it to kernel modules I myself use on a daily basis. >=20 > If I read our bsd.kern.mk correctly, the OPT_INIT_ALL in src.conf is taken > in the full kernel build. As such I have this "active" in the kernel on t= he > jail host I test this on (with mysql, potsgresql, postfix, dovecot, redis, > php, java, .......). HardenedBSD takes a slightly different approach than FreeBSD mainly due to historic reasons. We could probably switch to the FreeBSD way, but why change something if it works? ;-) >=20 > I have most of the kernel stuff as modules, so this should all be compiled > with =3Dzero (except the isal and nvidia modules, I have just compiled-te= sted > the ports I use but not yet run tested with a similar feature for the por= ts > collection): > Id Name > 1 kernel > 2 opensolaris.ko > 3 usbhid.ko > 4 hidbus.ko > 5 hid.ko > 6 kbdmux.ko > 7 coretemp.ko > 8 hsctrl.ko > 9 hidmap.ko > 10 tcphpts.ko > 11 ahci.ko > 12 hcons.ko > 13 if_igb.ko > 14 iflib.ko > 15 cryptodev.ko > 16 cc_chd.ko > 17 aesni.ko > 18 tcp_rack.ko > 19 nvme.ko > 20 smbios.ko > 21 efirt.ko > 22 vkbd.ko > 23 zfs.ko > 24 xdr.ko > 25 cpufreq.ko > 26 dpms.ko > 27 hkbd.ko > 28 umass.ko > 29 miibus.ko > 30 geom_eli.ko > 31 geom_label.ko > 32 tmpfs.ko > 33 fdescfs.ko > 34 if_bridge.ko > 35 bridgestp.ko > 36 if_epair.ko > 37 xhci.ko > 38 firewire.ko > 39 if_fwip.ko > 40 filemon.ko > 41 sound.ko > 42 ulpt.ko > 43 accf_dns.ko > 44 accf_data.ko > 45 accf_http.ko > 46 accf_tls.ko > 47 cpuctl.ko > 48 tpm.ko > 49 ipmi.ko > 50 linux.ko > 51 mqueuefs.ko > 52 linux_common.ko > 53 linux64.ko > 54 nullfs.ko > 55 cuse.ko > 56 isal.ko > 57 nvidia-modeset.ko > 58 nvidia.ko > 59 hms.ko > 60 ioat.ko > 61 snd_uaudio.ko > 62 pf.ko > 63 procfs.ko > 64 pseudofs.ko > 65 linprocfs.ko > 66 linsysfs.ko I would especially be curious about crypto and platform (like EFIRT) kernel modules. If you do enable trivial variable auto-init for any of what you listed, please let me know which ones work. [1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/blob/hardened/cu= rrent/master/sys/conf/kern.mk?ref_type=3Dheads#L247-249 Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --nrqbrowxbgy5dz2l Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmeEBFkACgkQ/y5nonf4 4foZ2A//eZkOpi9xLU+d+Gy2+mBt/h6oaTbzG4Wl1pnAxpbtb3tz4OdzANjoFAqn GYaaTAJrMlC2tCdyCmNT6q+uXqTI27d2us/s4ZOaiJIwppXw2/CTdV14/zriy4e1 l5ch1B5qz7hofMqufgFN1XnlyZXkZpFUDsy/pGUPNz+H5pEfx5jt9HrtQcYJ3WIV B0wGdy5pySrB/DmA2OqVvuDH5wzk9wCKKaegyltVzdn+/6L3x0773ysX1Z11wRBg gc3xo3CBCLpu7OTx5uW+/mjH1fIU5E1YNShjLY2JpCSQGgN6Phvt11mxSrbj611j NwnEAET+t9+fNZlxML2OklncRb90sZ3hk0660XPKt5ERJtLDCEdquqIcYpTUFMHw pj2vx+KOT9zL4XJjVXsXNestxoFSRCULHhWYlE/duULJ4VNqg/4hLAuWL0IqQSK+ qdcTD3mj53sefJIDSd/U0LKdRKbvH0FkuFWL2aljB4E1BXZgXbWyhAsLSkvqjh2U wNvgmayYyrA/sqqTdNtc4JeLGwek8k5trysACl0g2TAtBJYarWv9n/hBgmQRyB/N dg4pUjTsa3PJwrIHKBFCUJ3ivAlHl8T6ITmvsynpquEQjUcB8FZeM32sgqdLNJsW ymrAIvvy7iZhC7+maGJNrrTvfdex3iNZAhhW3A8LekSEO5UAQZQ= =d06n -----END PGP SIGNATURE----- --nrqbrowxbgy5dz2l--