Support initializing stack variables on function entry

There are two options: - WITH_INIT_ALL_ZERO: Zero all variables on the stack. - WITH_INIT_ALL_PATTERN: Initialize variables with well-defined patterns. The exact pattern are a compiler implementation detail and vary by type. They are somewhat documented in the LLVM commit message: https://reviews.llvm.org/rL349442 I've used WITH_INIT_ALL_* to match Microsoft's InitAll feature rather than naming them after the LLVM specific compiler flags. In a range of consumer products, options like these are used in both debug and production builds with debugs builds using patterns (intended to provoke crashes on use of uninitialized values) and production using zeros (deemed more likely to lead to harmless misbehavior or NULL-pointer dereferences). Reviewed by: emaste Obtained from: CheriBSD Sponsored by: DARPA Differential Revision: https://reviews.freebsd.org/D27131
2020-11-10 19:15:13 +00:00 · 2020-11-10 19:15:13 +00:00 · 142137080c
commit 142137080c
parent e85e8ebb30
7 changed files with 73 additions and 1 deletions
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@ -24,6 +24,7 @@
 # - c++11:     supports full (or nearly full) C++11 programming environment.
 # - retpoline: supports the retpoline speculative execution vulnerability
 #              mitigation.
+# - init-all:  supports stack variable initialization.
 #
 # These variables with an X_ prefix will also be provided if XCC is set.
 #
@ -214,7 +215,7 @@ ${X_}COMPILER_FEATURES=		c++11 c++14
 ${X_}COMPILER_FEATURES+=	c++17
 .endif
 .if ${${X_}COMPILER_TYPE} == "clang"
-${X_}COMPILER_FEATURES+=	retpoline
+${X_}COMPILER_FEATURES+=	retpoline init-all
 .endif

 .else
--- a/share/mk/bsd.lib.mk
+++ b/share/mk/bsd.lib.mk
@ -85,6 +85,25 @@ LDFLAGS+= -Wl,-zretpolineplt
 .endif
 .endif

+# Initialize stack variables on function entry
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+CXXFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
 .if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \
    empty(DEBUG_FLAGS:M-gdwarf*)
 CFLAGS+= ${DEBUG_FILES_CFLAGS}
--- a/share/mk/bsd.opts.mk
+++ b/share/mk/bsd.opts.mk
@ -71,6 +71,8 @@ __DEFAULT_NO_OPTIONS = \
    BIND_NOW \
    CCACHE_BUILD \
    CTF \
+    INIT_ALL_PATTERN \
+    INIT_ALL_ZERO \
    INSTALL_AS_USER \
    PIE \
    RETPOLINE \
@ -85,6 +87,10 @@ __DEFAULT_DEPENDENT_OPTIONS = \

 .include <bsd.mkopt.mk>

+.if ${MK_INIT_ALL_PATTERN} == "yes" && ${MK_INIT_ALL_ZERO} == "yes"
+.error WITH_INIT_ALL_PATTERN and WITH_INIT_ALL_ZERO are mutually exclusive.
+.endif
+
 #
 # Supported NO_* options (if defined, MK_* will be forced to "no",
 # regardless of user's setting).
--- a/share/mk/bsd.prog.mk
+++ b/share/mk/bsd.prog.mk
@ -60,6 +60,25 @@ LDFLAGS+= -Wl,-zretpolineplt
 .endif
 .endif

+# Initialize stack variables on function entry
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+CXXFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
 .if ${MACHINE_CPUARCH} == "riscv" && ${LINKER_FEATURES:Mriscv-relaxations} == ""
 CFLAGS += -mno-relax
 .endif
--- a/sys/conf/kern.mk
+++ b/sys/conf/kern.mk
@ -227,6 +227,24 @@ CFLAGS+=	-fstack-protector
 CFLAGS+=	-mretpoline
 .endif

+#
+# Initialize stack variables on function entry
+#
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
 #
 # Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
 # and gcc 4.8 is to generate DWARF version 4. However, our tools don't
--- a/tools/build/options/WITH_INIT_ALL_PATTERN
+++ b/tools/build/options/WITH_INIT_ALL_PATTERN
@ -0,0 +1,5 @@
+.\" $FreeBSD$
+Set to build the base system or kernel with stack variables initialized to
+.Pq compiler defined
+debugging patterns on function entry.
+This option requires the clang compiler.
--- a/tools/build/options/WITH_INIT_ALL_ZERO
+++ b/tools/build/options/WITH_INIT_ALL_ZERO
@ -0,0 +1,4 @@
+.\" $FreeBSD$
+Set to build the base system or kernel with stack variables initialized
+to zero on function entry.
+This option requires that the clang compiler be used.