| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250121003646.work.168-kees@kernel.org>
Date: Mon, 20 Jan 2025 16:36:53 -0800
From: Kees Cook <kees@...nel.org>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: Kees Cook <kees@...nel.org>,
Jakub Jelinek <jakub@...hat.com>,
Nathan Chancellor <nathan@...nel.org>,
Nicolas Schier <nicolas@...sle.eu>,
linux-kbuild@...r.kernel.org,
Stephen Hemminger <stephen@...workplumber.org>,
linux-kernel@...r.kernel.org,
linux-hardening@...r.kernel.org
Subject: [PATCH] kbuild: Use -fzero-init-padding-bits=all
Enable -fzero-init-padding-bits=all when available (GCC 15+). This will
correctly zero padding bits in structs and unions that might have been
left uninitialized, and will make sure there is no regression in union
initializations[1]. This fixes the following stackinit KUnit selftest
cases that had been XFAIL until now because there was no compiler
support:
ok 38 test_small_hole_static_all # SKIP XFAIL uninit bytes: 3
ok 39 test_big_hole_static_all # SKIP XFAIL uninit bytes: 124
ok 40 test_trailing_hole_static_all # SKIP XFAIL uninit bytes: 7
ok 42 test_small_hole_dynamic_all # SKIP XFAIL uninit bytes: 3
ok 43 test_big_hole_dynamic_all # SKIP XFAIL uninit bytes: 124
ok 44 test_trailing_hole_dynamic_all # SKIP XFAIL uninit bytes: 7
ok 58 test_small_hole_assigned_static_all # SKIP XFAIL uninit bytes: 3
ok 59 test_big_hole_assigned_static_all # SKIP XFAIL uninit bytes: 124
ok 60 test_trailing_hole_assigned_static_all # SKIP XFAIL uninit bytes: 7
ok 62 test_small_hole_assigned_dynamic_all # SKIP XFAIL uninit bytes: 3
ok 63 test_big_hole_assigned_dynamic_all # SKIP XFAIL uninit bytes: 124
ok 64 test_trailing_hole_assigned_dynamic_all # SKIP XFAIL uninit bytes: 7
All of the above now pass when built under GCC 15:
./tools/testing/kunit/kunit.py run stackinit --arch=x86_64 \
--make_option CC=gcc-15
Suggested-by: Jakub Jelinek <jakub@...hat.com>
Link: https://lore.kernel.org/linux-toolchains/Z0hRrrNU3Q+ro2T7@tucnak/ [1]
Signed-off-by: Kees Cook <kees@...nel.org>
---
Cc: Masahiro Yamada <masahiroy@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>
Cc: Nicolas Schier <nicolas@...sle.eu>
Cc: linux-kbuild@...r.kernel.org
---
scripts/Makefile.extrawarn | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
index 1d13cecc7cc7..eb719f6d8d53 100644
--- a/scripts/Makefile.extrawarn
+++ b/scripts/Makefile.extrawarn
@@ -77,6 +77,9 @@ KBUILD_CFLAGS += $(call cc-option,-Werror=designated-init)
# Warn if there is an enum types mismatch
KBUILD_CFLAGS += $(call cc-option,-Wenum-conversion)
+# Explicitly clear padding bits during variable initialization
+KBUILD_CFLAGS += $(call cc-option,-fzero-init-padding-bits=all)
+
KBUILD_CFLAGS += -Wextra
KBUILD_CFLAGS += -Wunused
--
2.34.1
Powered by blists - more mailing lists