Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6054083yba; Thu, 11 Apr 2019 11:03:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqxBZO1SVC4a6bMmecESe+WglrQ8pNUhorCAok+Mb/dUO+4Ui5czWkjl1kVj7cO1fA8HOjRK X-Received: by 2002:a65:47c6:: with SMTP id f6mr48198082pgs.173.1555005823465; Thu, 11 Apr 2019 11:03:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555005823; cv=none; d=google.com; s=arc-20160816; b=gSmCzCtRwqkD3JHUvbvXmS9ympZolmH6xN/uiCoKudniJdwL9kYvJl9aGYI/z+3joz zKdNVbl3bkWVgQCr1jCRIAjonwDGWrY4LUCj+CDg+19c2zkcF0kPOW4slGZsavGEhnx0 A7KW7eCd0ZnR1hCkxLzH5mp9BwKsMRm+XnyKV9I2wS26wZaUvj8cNfSbmMfwhaToES94 jN9u1cIEAqY6oizRHfi11sZfrssBiOAf5LWh/4ADbdgKbqv4AN9hcqgJYW5QVDgtgJhc z1CO6WirQwY9MisQUmr2oYYz3y1qvjhLKx5KGMz/rKmb2u8+1v6Wz8PeM2qKV/UihNmF DGgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=LnXY2JQ+AvT2TeKIyUF3DHjJXBSRjqaNrPZu85aDqX4=; b=sZVtXk5wCXywsqvmTgj0wRf5lkKoSqxcGW9hUmIMHZYgX2D+JApVBB+db4YZpUb/fr ymJLp8eiPwSpfDdesIJPVo2l0PIO9Ylq7CWwooPCBnuIDjZFp4SugR5/j2D4EQ9if68R 3wAcV3NvF1sbD3RNFluFuGzbhgYfeo01JMulRrGm+KjF3+lWqA0Ybfn8/vVNKgGjNiE7 vT2FCFDbXKSUyvq2XOjk/zTsiQPpJwBTjG2Aei2G3zc8loTbEwHICiVKgF+p85pSisai Y0V4S9PV2XSe0cGv1JztVMaR3xY0FureOE/fSDhRIEuRLCZ9YYUU31tvb0Q4XrQzubYv aH+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DEWG5Ord; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l25si36628026pfi.9.2019.04.11.11.03.23; Thu, 11 Apr 2019 11:03:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DEWG5Ord; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726736AbfDKSB1 (ORCPT + 99 others); Thu, 11 Apr 2019 14:01:27 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:45197 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726699AbfDKSB0 (ORCPT ); Thu, 11 Apr 2019 14:01:26 -0400 Received: by mail-pf1-f196.google.com with SMTP id e24so3804303pfi.12 for ; Thu, 11 Apr 2019 11:01:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id; bh=LnXY2JQ+AvT2TeKIyUF3DHjJXBSRjqaNrPZu85aDqX4=; b=DEWG5OrdS7RnpwpCQdS8YfVJrZd6LZ/hLP5o2cAEJFMNg77rhhRSIF99CALXU0t4Nw b61UA/0mK5HXbDxjxt7jndpUYbmVs1gGAk/DbGgrivMNtpbgX6uuvLvpnp4m/5ro2mol lW4mnnZ2qu9RJ5/EAW4wqLEAhFw4CNdzaeq8s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=LnXY2JQ+AvT2TeKIyUF3DHjJXBSRjqaNrPZu85aDqX4=; b=SrKKreRwwbZ1SgHYJEEAiHFhlEH+Z0d0Nd6LaFV2M2wTEY/GIjT2n5q6g5HyRvGAjA aiN76dtUN24zU57oNveJxL3mDOlIdi2XuFPwxN7INQdjqKeO4lnJFQ3Y5wZoelSKJrL7 HA1Mn8sS9/8kkwXr6zT10U2OAdI62cOJ8K+sv1oExUS5M+YEL4S/i6geAVI5tDnCCKAH zJA22LhUkcAHmGwGJPFf2eMnfEL64BlIJeOqlPXKInTP1xm2jECkQdHFqXS55aIZFyY4 dfKa9N8JkOTFMLhe9vtYgLCa4CEp6F3ykLV4Lhhizl6Yo/34r//gmkKzDcuuP+AK4JVI U55w== X-Gm-Message-State: APjAAAUOToaanGuhg0NVgAYwrjeIVHo48mWEinPRlYOuH6WCKd/b3ebN YvsoBCfv7e+CTsj33tCsSHRPMw== X-Received: by 2002:a63:1d26:: with SMTP id d38mr44965807pgd.357.1555005686261; Thu, 11 Apr 2019 11:01:26 -0700 (PDT) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id v12sm52331660pfe.148.2019.04.11.11.01.25 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 11 Apr 2019 11:01:25 -0700 (PDT) From: Kees Cook To: Alexander Potapenko Cc: Kees Cook , Masahiro Yamada , James Morris , Alexander Popov , Nick Desaulniers , Kostya Serebryany , Dmitry Vyukov , Sandeep Patil , Laura Abbott , Randy Dunlap , Michal Marek , Emese Revfy , "Serge E. Hallyn" , kernel-hardening@lists.openwall.com, linux-security-module@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 0/3] Refactor memory initialization hardening Date: Thu, 11 Apr 2019 11:01:14 -0700 Message-Id: <20190411180117.27704-1-keescook@chromium.org> X-Mailer: git-send-email 2.17.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a proposed alternative for the memory initialization series, which refactoring the existing gcc plugins into a separate Kconfig file and collects all the related options together with some more language to describe their differences. The last patch adds the Clang auto init option, as done by Alexander Potapenko. Since there isn't really a good way to "select" with dependencies, I've left out CONFIG_INIT_ALL_MEMORY for the moment... I intend to carry this in the gcc-plugins tree, but I'd really like to get Acks from Masahiro (Kconfig changes, Makefile change), and from James (adding the new Kconfig.hardening to security/Kconfig). Thanks! -Kees v2: - add plugin menu (masahiro) - adjust patch subject prefixes (masahiro) - drop redundent "depends" (masahiro) - fixed early use of CC_HAS_AUTO_VAR_INIT (masahiro) - dropped default-enabled for STACK_INIT_ALL (masahiro) Kees Cook (3): security: Create "kernel hardening" config area security: Move stackleak config to Kconfig.hardening security: Implement Clang's stack initialization Makefile | 5 ++ scripts/gcc-plugins/Kconfig | 125 ++------------------------- security/Kconfig | 2 + security/Kconfig.hardening | 163 ++++++++++++++++++++++++++++++++++++ 4 files changed, 177 insertions(+), 118 deletions(-) create mode 100644 security/Kconfig.hardening -- 2.17.1