https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87210
Bug ID: 87210
Summary: [RFE] introduce build time options to zero initialize
automatic stack variables
Product: gcc
Version: 8.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: pjp at fedoraproject dot org
Target Milestone: ---
Hello,
Please see:
-> http://www.openwall.com/lists/kernel-hardening/2018/02/27/33
-> http://www.openwall.com/lists/kernel-hardening/2018/02/27/41
Some time back, a proposal to zero(0) initialize various automatic stack
variables(inc arrays/structs/etc.) inside kernel was proposed based on an
experimental glibc patch, with an intention to remove kernel information
leakage issues.
As from the reply, it would be nice to have four options/features available
from the compiler, from least to most performance impact:
- initialize padding to zero when static initializers are used (this would
make foo = { .field = something }; identical to memset(&foo, 0,
sizeof(foo)); foo.field = something for all structures, but now, any
structures with padding _must_ use the latter to be safe, which is highly
error-prone).
- initialize all uninitialized variables that contain a structure marked
with a special attribute (e.g. __attribute__((force_initialize)) ).
- initialize all uninitialized variables that are passed by reference (see
GCC_PLUGIN_STRUCTLEAK_BYREF_ALL).
- initialize all uninitialized variables (-finit-local-vars seems to do
this)
The advent of h/w vulnerabilities like Spectre and Meltdown and more recently
L1TF has not only opened a new research area but has also reiterated the
importance of initializing memory bytes with known values.
Also see:
->
https://googleprojectzero.blogspot.com/2018/06/detecting-kernel-memory-disclosure.html
Would it be possible to introduce new gcc(1) command-line options to initialize
automatic stack variables(inc arrays/structs/etc.) of a program?
Thank you.
