Date: Thu, 6 Jul 2017 16:16:52 -0700 From: Kees Cook <keescook@...omium.org> To: Arnd Bergmann <arnd@...db.de> Cc: Ard Biesheuvel <ard.biesheuvel@...aro.org>, Kernel Hardening <kernel-hardening@...ts.openwall.com>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [RFC/RFT PATCH] gcc-plugins: force initialize auto variables whose addresses are taken On Thu, Jul 6, 2017 at 2:44 PM, Kees Cook <keescook@...omium.org> wrote: > On Thu, Jul 6, 2017 at 4:09 AM, Arnd Bergmann <arnd@...db.de> wrote: >> On Thu, Jul 6, 2017 at 12:13 PM, Ard Biesheuvel >> <ard.biesheuvel@...aro.org> wrote: >>> To prevent leaking stack contents in cases where it is not possible >>> for the compiler to figure out whether an automatic variable has been >>> initialized or not, add a plugin that forcibly initializes all automatic >>> variables of struct/union types if their address is taken at any point. >>> >>> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@...aro.org> > > Ard, I'd be curious what you see for "size" difference between builds > and if it's visible with hackbench or other things? Hm, not all that bad on the size front: text data bss dec hex filename 10950705 5592525 13955072 30498302 1d15dfe vmlinux 11048035 5592365 13955072 30595472 1d2d990 vmlinux.initautobyref And yes, as expected, wow there are a lot of notices in verbose mode. ;) My pet favorite, from the NAKed patch I sent forever ago, is covered (as expected): net/socket.c: In function ‘SYSC_getsockname’: net/socket.c:1605:26: note: auto variable will be forcibly initialized struct sockaddr_storage address; ^~~~~~~ -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.