Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp128405yba; Tue, 23 Apr 2019 21:08:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqyPGDMQ2c43mgeIKV467/Sjb6aOB6eSAUGvtEVFmEl2F+m04Z5jSZqot779YJR3yW3mprJx X-Received: by 2002:a62:e816:: with SMTP id c22mr31829787pfi.54.1556078939513; Tue, 23 Apr 2019 21:08:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556078939; cv=none; d=google.com; s=arc-20160816; b=oJgkoxFf/Qg+JOhjeZIxgk/sa00/wR/xbNxZavQHn8NqroiwTaBSVvSYNFKfBy8lbP i2r9Tu9FMGmpAGO8SIvdBr8O5JD/NdKwmJ0oiI6rEHrOYc3QKF07JLaV4Cp5rbwuB4tX VqDMVP7dFtEHngEwwMyY6oMOm9CvtGPm02r9HKL11K7dsBZplf1ZlH3rLpLOXxWuNYPr NQSVS5XCqWVmWR5Q+lHn6yeYp/hy9FCY/6cxN3lL+OneQQIP5Aat1cCSNYJSCV68b9Y8 eiZsgDQWzPG3NevdZQok5ptu45xLovoUNOlOnbFcl/m4iOTR3j4Qh35vytnz2ZAdc6tE pxQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature:dkim-filter; bh=/KSEYoat6LdzsbxXgMcr4MX80mtIOerKRK2HdrGWHQQ=; b=KBywJKMYpZaJhkcXFqPtHPROAZSHnDcYZV+gTRIVWMthtVTw94gX4uR/ngY2W2dF4U +IhpmU2RTjh72Cy8u2tZvWjTrtY3jgpm4oq0OGyOrG6kMsHzoVawIGWW1qcBR27GTjON tpGaQj1huYqJ1JK2flhxhZ4LYN0lj1ihKqwSt7o4iGJeGOYuS3/lAssNQz/dQxzE2XuZ aUS0kOJpt+9oHbig7DZ78U9ydbgKw6y50ka2T6csMi+5qzC4rl8znR2a5FHOffwleNPz YhJUTPizGWV0W3JMXBwk/NDeLeiRwoOG1Mahncjwo3zoidV52ntByyfpTvwPvv+wBMAk vpzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=xkmh8J4Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si9947414pgj.369.2019.04.23.21.08.43; Tue, 23 Apr 2019 21:08:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=xkmh8J4Z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726404AbfDXEG2 (ORCPT + 99 others); Wed, 24 Apr 2019 00:06:28 -0400 Received: from conssluserg-03.nifty.com ([210.131.2.82]:23762 "EHLO conssluserg-03.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725440AbfDXEG2 (ORCPT ); Wed, 24 Apr 2019 00:06:28 -0400 Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50]) (authenticated) by conssluserg-03.nifty.com with ESMTP id x3O46KOO031253; Wed, 24 Apr 2019 13:06:21 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-03.nifty.com x3O46KOO031253 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1556078781; bh=/KSEYoat6LdzsbxXgMcr4MX80mtIOerKRK2HdrGWHQQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=xkmh8J4ZfQ8Jv8ZiBZTXJiU3QlIJsOYxzUFfYTg81WqTo/LH2EkWCT0oRz8EdYjQV E/boOREQ++2a55DMsygvqrDs2/87jjAOnrAazIQEU1I+t8vYmFMPbH3OkbTzOa55Mx eKqnaHYPV5b5MBlSzbEfW+9TGdXcGb/BZHlBmqubTpWqaLFaRq47+p+GlTeATFn28Z eYQAoE6eEMotBg81zSv13VIpYazJPVmlyA7RvPt2dQIfbcDaw+/Ovcq5tq/ZML5tRe rrlq2Pw8PA9hqbW1Drw5dNIZMzxjX2og4Jtsf6aGmidFFWiEfSklGjzb6SvIq2SIaV PpM8CUWNiiTzQ== X-Nifty-SrcIP: [209.85.217.50] Received: by mail-vs1-f50.google.com with SMTP id n17so1298198vsr.1; Tue, 23 Apr 2019 21:06:21 -0700 (PDT) X-Gm-Message-State: APjAAAUgx1bK0wtHhEro+W/5AMVTURHl9H6oVjhagBg16YCFBDtUQ/FI mM75J0mCtizxHF+fHiL1xOR+sTxSmpqT0Uq1NSM= X-Received: by 2002:a67:7a43:: with SMTP id v64mr16435712vsc.54.1556078780008; Tue, 23 Apr 2019 21:06:20 -0700 (PDT) MIME-Version: 1.0 References: <20190411180117.27704-1-keescook@chromium.org> <20190411180117.27704-2-keescook@chromium.org> In-Reply-To: From: Masahiro Yamada Date: Wed, 24 Apr 2019 13:05:44 +0900 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 1/3] security: Create "kernel hardening" config area To: Kees Cook Cc: Alexander Potapenko , James Morris , Alexander Popov , Nick Desaulniers , Kostya Serebryany , Dmitry Vyukov , Sandeep Patil , Laura Abbott , Randy Dunlap , Michal Marek , Emese Revfy , "Serge E. Hallyn" , Kernel Hardening , linux-security-module , Linux Kbuild mailing list , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 24, 2019 at 4:36 AM Kees Cook wrote: > > On Thu, Apr 11, 2019 at 6:39 PM Masahiro Yamada > wrote: > > > > On Fri, Apr 12, 2019 at 3:01 AM Kees Cook wrote: > > > > > > Right now kernel hardening options are scattered around various Kconfig > > > files. This can be a central place to collect these kinds of options > > > going forward. This is initially populated with the memory initialization > > > options from the gcc-plugins. > > > > > > Signed-off-by: Kees Cook > > > --- > > > scripts/gcc-plugins/Kconfig | 74 +++-------------------------- > > > security/Kconfig | 2 + > > > security/Kconfig.hardening | 93 +++++++++++++++++++++++++++++++++++++ > > > 3 files changed, 102 insertions(+), 67 deletions(-) > > > create mode 100644 security/Kconfig.hardening > > > > > > diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig > > > index 74271dba4f94..84d471dea2b7 100644 > > > --- a/scripts/gcc-plugins/Kconfig > > > +++ b/scripts/gcc-plugins/Kconfig > > > @@ -13,10 +13,11 @@ config HAVE_GCC_PLUGINS > > > An arch should select this symbol if it supports building with > > > GCC plugins. > > > > > > -menuconfig GCC_PLUGINS > > > - bool "GCC plugins" > > > +config GCC_PLUGINS > > > + bool > > > depends on HAVE_GCC_PLUGINS > > > depends on PLUGIN_HOSTCC != "" > > > + default y > > > help > > > GCC plugins are loadable modules that provide extra features to the > > > compiler. They are useful for runtime instrumentation and static analysis. > > > @@ -25,6 +26,8 @@ menuconfig GCC_PLUGINS > > > > > > if GCC_PLUGINS > > > > > > +menu "GCC plugins" > > > + > > > > > > > > Just a tip to save "if" ... "endif" block. > > > > > > If you like, you can write like follows: > > > > > > menu "GCC plugins" > > depends on GCC_PLUGINS > > > > > > > > endmenu > > Ah yes, thanks! Adjusted. > > > > +menu "Memory initialization" > > > + > > > +choice > > > + prompt "Initialize kernel stack variables at function entry" > > > + depends on GCC_PLUGINS > > > > On second thought, > > this 'depends on' is unnecessary > > because INIT_STACK_NONE should be always visible. > > Oh yes, excellent point. Adjusted. > > > Another behavior change is > > GCC_PLUGIN_STRUCTLEAK was previously enabled by all{yes,mod}config, > > and in the compile-test coverage. > > I could set the defaults based on CONFIG_COMPILE_TEST, though? I.e.: > > prompt "Initialize kernel stack variables at function entry" > default GCC_PLUGIN_STRUCTLEAK_BYREF_ALL if COMPILE_TEST && GCC_PLUGINS > default INIT_STACK_ALL if COMPILE_TEST && CC_HAS_AUTO_VAR_INIT > default INIT_STACK_NONE Looks a good idea to me. Thanks. -- Best Regards Masahiro Yamada