From owner-svn-src-head@freebsd.org  Tue Nov 10 19:15:15 2020
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C4C5B461E6B;
 Tue, 10 Nov 2020 19:15:15 +0000 (UTC)
 (envelope-from brooks@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CVyHR5DF0z4n2X;
 Tue, 10 Nov 2020 19:15:15 +0000 (UTC)
 (envelope-from brooks@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A63D727BB4;
 Tue, 10 Nov 2020 19:15:15 +0000 (UTC)
 (envelope-from brooks@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AAJFFKO059415;
 Tue, 10 Nov 2020 19:15:15 GMT (envelope-from brooks@FreeBSD.org)
Received: (from brooks@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AAJFEWf059408;
 Tue, 10 Nov 2020 19:15:14 GMT (envelope-from brooks@FreeBSD.org)
Message-Id: <202011101915.0AAJFEWf059408@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: brooks set sender to
 brooks@FreeBSD.org using -f
From: Brooks Davis <brooks@FreeBSD.org>
Date: Tue, 10 Nov 2020 19:15:14 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r367577 - in head: share/mk sys/conf tools/build/options
X-SVN-Group: head
X-SVN-Commit-Author: brooks
X-SVN-Commit-Paths: in head: share/mk sys/conf tools/build/options
X-SVN-Commit-Revision: 367577
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 19:15:15 -0000

Author: brooks
Date: Tue Nov 10 19:15:13 2020
New Revision: 367577
URL: https://svnweb.freebsd.org/changeset/base/367577

Log:
  Support initializing stack variables on function entry
  
  There are two options:
   - WITH_INIT_ALL_ZERO: Zero all variables on the stack.
   - WITH_INIT_ALL_PATTERN: Initialize variables with well-defined patterns.
  
  The exact pattern are a compiler implementation detail and vary by type.
  They are somewhat documented in the LLVM commit message:
  https://reviews.llvm.org/rL349442
  I've used WITH_INIT_ALL_* to match Microsoft's InitAll feature rather
  than naming them after the LLVM specific compiler flags.
  
  In a range of consumer products, options like these are used in
  both debug and production builds with debugs builds using patterns
  (intended to provoke crashes on use of uninitialized values) and
  production using zeros (deemed more likely to lead to harmless
  misbehavior or NULL-pointer dereferences).
  
  Reviewed by:	emaste
  Obtained from:	CheriBSD
  Sponsored by:	DARPA
  Differential Revision:	https://reviews.freebsd.org/D27131

Added:
  head/tools/build/options/WITH_INIT_ALL_PATTERN   (contents, props changed)
  head/tools/build/options/WITH_INIT_ALL_ZERO   (contents, props changed)
Modified:
  head/share/mk/bsd.compiler.mk
  head/share/mk/bsd.lib.mk
  head/share/mk/bsd.opts.mk
  head/share/mk/bsd.prog.mk
  head/sys/conf/kern.mk

Modified: head/share/mk/bsd.compiler.mk
==============================================================================
--- head/share/mk/bsd.compiler.mk	Tue Nov 10 19:09:35 2020	(r367576)
+++ head/share/mk/bsd.compiler.mk	Tue Nov 10 19:15:13 2020	(r367577)
@@ -24,6 +24,7 @@
 # - c++11:     supports full (or nearly full) C++11 programming environment.
 # - retpoline: supports the retpoline speculative execution vulnerability
 #              mitigation.
+# - init-all:  supports stack variable initialization.
 #
 # These variables with an X_ prefix will also be provided if XCC is set.
 #
@@ -214,7 +215,7 @@ ${X_}COMPILER_FEATURES=		c++11 c++14
 ${X_}COMPILER_FEATURES+=	c++17
 .endif
 .if ${${X_}COMPILER_TYPE} == "clang"
-${X_}COMPILER_FEATURES+=	retpoline
+${X_}COMPILER_FEATURES+=	retpoline init-all
 .endif
 
 .else

Modified: head/share/mk/bsd.lib.mk
==============================================================================
--- head/share/mk/bsd.lib.mk	Tue Nov 10 19:09:35 2020	(r367576)
+++ head/share/mk/bsd.lib.mk	Tue Nov 10 19:15:13 2020	(r367577)
@@ -85,6 +85,25 @@ LDFLAGS+= -Wl,-zretpolineplt
 .endif
 .endif
 
+# Initialize stack variables on function entry
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+CXXFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
 .if ${MK_DEBUG_FILES} != "no" && empty(DEBUG_FLAGS:M-g) && \
     empty(DEBUG_FLAGS:M-gdwarf*)
 CFLAGS+= ${DEBUG_FILES_CFLAGS}

Modified: head/share/mk/bsd.opts.mk
==============================================================================
--- head/share/mk/bsd.opts.mk	Tue Nov 10 19:09:35 2020	(r367576)
+++ head/share/mk/bsd.opts.mk	Tue Nov 10 19:15:13 2020	(r367577)
@@ -71,6 +71,8 @@ __DEFAULT_NO_OPTIONS = \
     BIND_NOW \
     CCACHE_BUILD \
     CTF \
+    INIT_ALL_PATTERN \
+    INIT_ALL_ZERO \
     INSTALL_AS_USER \
     PIE \
     RETPOLINE \
@@ -84,6 +86,10 @@ __DEFAULT_DEPENDENT_OPTIONS = \
 
 
 .include <bsd.mkopt.mk>
+
+.if ${MK_INIT_ALL_PATTERN} == "yes" && ${MK_INIT_ALL_ZERO} == "yes"
+.error WITH_INIT_ALL_PATTERN and WITH_INIT_ALL_ZERO are mutually exclusive.
+.endif
 
 #
 # Supported NO_* options (if defined, MK_* will be forced to "no",

Modified: head/share/mk/bsd.prog.mk
==============================================================================
--- head/share/mk/bsd.prog.mk	Tue Nov 10 19:09:35 2020	(r367576)
+++ head/share/mk/bsd.prog.mk	Tue Nov 10 19:15:13 2020	(r367577)
@@ -60,6 +60,25 @@ LDFLAGS+= -Wl,-zretpolineplt
 .endif
 .endif
 
+# Initialize stack variables on function entry
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+CXXFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+CXXFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
 .if ${MACHINE_CPUARCH} == "riscv" && ${LINKER_FEATURES:Mriscv-relaxations} == ""
 CFLAGS += -mno-relax
 .endif

Modified: head/sys/conf/kern.mk
==============================================================================
--- head/sys/conf/kern.mk	Tue Nov 10 19:09:35 2020	(r367576)
+++ head/sys/conf/kern.mk	Tue Nov 10 19:15:13 2020	(r367577)
@@ -228,6 +228,24 @@ CFLAGS+=	-mretpoline
 .endif
 
 #
+# Initialize stack variables on function entry
+#
+.if ${MK_INIT_ALL_ZERO} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=zero \
+    -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
+.else
+.warning InitAll (zeros) requested but not support by compiler
+.endif
+.elif ${MK_INIT_ALL_PATTERN} == "yes"
+.if ${COMPILER_FEATURES:Minit-all}
+CFLAGS+= -ftrivial-auto-var-init=pattern
+.else
+.warning InitAll (pattern) requested but not support by compiler
+.endif
+.endif
+
+#
 # Add -gdwarf-2 when compiling -g. The default starting in clang v3.4
 # and gcc 4.8 is to generate DWARF version 4. However, our tools don't
 # cope well with DWARF 4, so force it to genereate DWARF2, which they

Added: head/tools/build/options/WITH_INIT_ALL_PATTERN
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/build/options/WITH_INIT_ALL_PATTERN	Tue Nov 10 19:15:13 2020	(r367577)
@@ -0,0 +1,5 @@
+.\" $FreeBSD$
+Set to build the base system or kernel with stack variables initialized to
+.Pq compiler defined
+debugging patterns on function entry.
+This option requires the clang compiler.

Added: head/tools/build/options/WITH_INIT_ALL_ZERO
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/build/options/WITH_INIT_ALL_ZERO	Tue Nov 10 19:15:13 2020	(r367577)
@@ -0,0 +1,4 @@
+.\" $FreeBSD$
+Set to build the base system or kernel with stack variables initialized
+to zero on function entry.
+This option requires that the clang compiler be used.