Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3971734yba; Tue, 23 Apr 2019 12:43:52 -0700 (PDT) X-Google-Smtp-Source: APXvYqyqLMY6JafHDQpmDtZteeMNVLtdVgNcV4ou9khV+uWCIBF0Tfl7sRtADpewaCGkORvFs4qZ X-Received: by 2002:aa7:8edd:: with SMTP id b29mr29425729pfr.241.1556048631974; Tue, 23 Apr 2019 12:43:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556048631; cv=none; d=google.com; s=arc-20160816; b=C1gUD5ocyXjxoQjUxpBIl4G7vHsp0RYqfIFeYnZJQ40WvM/+lY9jWKtPSEhM7oLMS3 ozIsg3A8Q9OwLdbu+aHrZJBsPyK2OrVXjkniDpJ2sleIroYrx+aPKGdtn9Y7vUl9YM0B LdeOCEgQXyyb4NbfCx+1vUu+AkVG+sULyA+I5vCwAb+8FNlhkMzn7Vz7eJmShbxsIOc4 JsNM6SfWGFDbP6I1LZMqF+jLetw68SJPdWnAjaDGIGaWfvWAoF/2pphlDIVqKPhaTs9X AFq7UwyRDyUfhj7OMxikgggo3M82b3jWptxrvMdZ5BFAGyPD6U+/sOOIfa4p3tgS+n3n 5fmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nfae1L7qQtGmcEC0kaUhc8lAK/W6bAcsEpn3yxXkxig=; b=QgHqtVtXRcLH5p5r7cpE1cG8hUwbDcfu/SZS5iDdSPYcUU3nRju4Lwvg/aABIY9dzu h8K+cUpsblOgBM1W1vL0TLKn6fFUpEpoVOETxngTUDGSboF2I785K62M1zr96vC0bSiq qRZYqRowhv2m+k0eUnvIFvSAWC86FNpHqgPm9rM+9V1e4CnAcMVPwDRvKL4IKL4HArvH U1wi1afrU8mOYrulPa7+TvVRLNK8Ild23ui1oK71tg6QlYjHnVN7y+j3GOsZLyDO6owi 5tFfYJZ3xCWU9ioVCM+oFhJhlNyJl3MLsHyMC4FuqcPAYlm4zEKGYntIjhVV4utBO9S4 aR1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=UIoYEyIF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j23si2904213pff.108.2019.04.23.12.43.36; Tue, 23 Apr 2019 12:43:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=UIoYEyIF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726790AbfDWTmF (ORCPT + 99 others); Tue, 23 Apr 2019 15:42:05 -0400 Received: from mail-vs1-f65.google.com ([209.85.217.65]:34389 "EHLO mail-vs1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725945AbfDWTmF (ORCPT ); Tue, 23 Apr 2019 15:42:05 -0400 Received: by mail-vs1-f65.google.com with SMTP id n17so695729vsr.1 for ; Tue, 23 Apr 2019 12:42:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nfae1L7qQtGmcEC0kaUhc8lAK/W6bAcsEpn3yxXkxig=; b=UIoYEyIFIWQgCLjOzYoQ6qTU+folQszrYetmsA9uX1etgnIt/SniEXJwDIr+waZZBy u7oyknqBHgkluOmDWiVGxLC/JLF862NLsCuWt/cC2ebLFszfLNOoxcd1OgHzFLE3Yp3O 4HTySG1EgUuCUJ9tbK0cmMBdiR2/bEN9lpvCQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nfae1L7qQtGmcEC0kaUhc8lAK/W6bAcsEpn3yxXkxig=; b=gwnsFbM843CZ05/VHA5ya2Exk50SARxD1RopapDXAPJ1qinhGM24Y62TUR6r5t78xC 96pMKxNukRhA1JaEGWvzJ7u7H4iwrOvGeDGtqyCaz+LoBKLsz0/fh7VPZj8Tai1IX5VI GHiK9yIP5joAn5BiRFBqqlvSCVVqnL58ZNWoZuzzTv1RZL7Akdau4S0NkAmBkAl4Hgj7 9G4IPaEZUKLhb9/KOT6QFwKrA0KFB5xcoOPqtI27/e+S+5t03yAfQGq1cDmRnKmIVA/S fvAwGtUGA4zBVtcVwEPTnqT0mxraoF4nqdp/YwoLIGIqz9EdxZWFtHmrfWOzqAo2wbSU cb2Q== X-Gm-Message-State: APjAAAX3SbIGRYTiMrrYaIFsrglqlnmsg0tABHxHPA8OKSG9/4Jn/GAp 103AkKtdb5zc+utpB4zt6pgibakQq2w= X-Received: by 2002:a67:ea53:: with SMTP id r19mr14684987vso.12.1556048523856; Tue, 23 Apr 2019 12:42:03 -0700 (PDT) Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com. [209.85.217.45]) by smtp.gmail.com with ESMTPSA id 2sm18645652vke.27.2019.04.23.12.42.03 for (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 12:42:03 -0700 (PDT) Received: by mail-vs1-f45.google.com with SMTP id d8so8943328vsp.2 for ; Tue, 23 Apr 2019 12:42:03 -0700 (PDT) X-Received: by 2002:a67:f849:: with SMTP id b9mr14431245vsp.188.1556048215473; Tue, 23 Apr 2019 12:36:55 -0700 (PDT) MIME-Version: 1.0 References: <20190411180117.27704-1-keescook@chromium.org> <20190411180117.27704-2-keescook@chromium.org> In-Reply-To: From: Kees Cook Date: Tue, 23 Apr 2019 12:36:43 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 1/3] security: Create "kernel hardening" config area To: Masahiro Yamada Cc: Alexander Potapenko , James Morris , Alexander Popov , Nick Desaulniers , Kostya Serebryany , Dmitry Vyukov , Sandeep Patil , Laura Abbott , Randy Dunlap , Michal Marek , Emese Revfy , "Serge E. Hallyn" , Kernel Hardening , linux-security-module , Linux Kbuild mailing list , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 11, 2019 at 6:39 PM Masahiro Yamada wrote: > > On Fri, Apr 12, 2019 at 3:01 AM Kees Cook wrote: > > > > Right now kernel hardening options are scattered around various Kconfig > > files. This can be a central place to collect these kinds of options > > going forward. This is initially populated with the memory initialization > > options from the gcc-plugins. > > > > Signed-off-by: Kees Cook > > --- > > scripts/gcc-plugins/Kconfig | 74 +++-------------------------- > > security/Kconfig | 2 + > > security/Kconfig.hardening | 93 +++++++++++++++++++++++++++++++++++++ > > 3 files changed, 102 insertions(+), 67 deletions(-) > > create mode 100644 security/Kconfig.hardening > > > > diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig > > index 74271dba4f94..84d471dea2b7 100644 > > --- a/scripts/gcc-plugins/Kconfig > > +++ b/scripts/gcc-plugins/Kconfig > > @@ -13,10 +13,11 @@ config HAVE_GCC_PLUGINS > > An arch should select this symbol if it supports building with > > GCC plugins. > > > > -menuconfig GCC_PLUGINS > > - bool "GCC plugins" > > +config GCC_PLUGINS > > + bool > > depends on HAVE_GCC_PLUGINS > > depends on PLUGIN_HOSTCC != "" > > + default y > > help > > GCC plugins are loadable modules that provide extra features to the > > compiler. They are useful for runtime instrumentation and static analysis. > > @@ -25,6 +26,8 @@ menuconfig GCC_PLUGINS > > > > if GCC_PLUGINS > > > > +menu "GCC plugins" > > + > > > > Just a tip to save "if" ... "endif" block. > > > If you like, you can write like follows: > > > menu "GCC plugins" > depends on GCC_PLUGINS > > > > endmenu Ah yes, thanks! Adjusted. > > +menu "Memory initialization" > > + > > +choice > > + prompt "Initialize kernel stack variables at function entry" > > + depends on GCC_PLUGINS > > On second thought, > this 'depends on' is unnecessary > because INIT_STACK_NONE should be always visible. Oh yes, excellent point. Adjusted. > Another behavior change is > GCC_PLUGIN_STRUCTLEAK was previously enabled by all{yes,mod}config, > and in the compile-test coverage. I could set the defaults based on CONFIG_COMPILE_TEST, though? I.e.: prompt "Initialize kernel stack variables at function entry" default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT default INIT_STACK_NONE > > It will be disabled for all{yes,mod}config with this patch. > > This is up to you. Just FYI. Thanks for looking this over! -- Kees Cook