From owner-svn-src-head@freebsd.org Tue Nov 10 19:44:48 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 611AD462C3F for ; Tue, 10 Nov 2020 19:44:48 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CVyxX22lsz4pkv for ; Tue, 10 Nov 2020 19:44:48 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt1-x829.google.com with SMTP id t5so9495520qtp.2 for ; Tue, 10 Nov 2020 11:44:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=TgsRsgtiZodzuo3EyIy74NAg6z7fJQb7KaLegRltPVI=; b=LtzrefZBYVaCBMnaDX46gf+Il4S6ZSMoCg89Zq3NBQO4M8ZMkElnwLB2tl6JkObt1Y EP4DXw7UEYCFSxNIxsubbkU/0fdi0YC1uLr+ZcEatdHxEQ6AGwa8yTqrjGDlp3vFy52Y zed9N6txhlxmb4lXGPjmBJ4cRo94ptVQewn+rR0OVrU7K0yK59qIafKxFR4MULsq09HE sDV0KOHLpvCpoPYC2vm5AGKrguW9WvMmZgqOYM0k2IZp2DqKFhpdhgjw6XKt80K/nNZe l612j2NQp1T83UKr0EiskpNcUfneqEKv7yAky1HA5xmSciFvUdxCntH4XtVuWPLctrqV WvNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=TgsRsgtiZodzuo3EyIy74NAg6z7fJQb7KaLegRltPVI=; b=d0fxZsD8TO2Kq2d9pLE6MLU4gamIYZ1Az0mQQZafa61hLi2xVYCQ7OinLdQDjVAcLG 91z/1mYvnw5sR3cOmj7h3bCHLLcb6logl/4D/KBXfiDKiy5/1KDurTbqafs+xM+REfkl mBV+3ePOCx0ZHj+JjrSedtxhagrjlgHzx8W+9QTF9oUp60ExpDEz7btYHX9/4chEyyvS 9RhP+g0cDVWh/EEINjDcBoeD/MHIzw5rLjGEcJpxIYADrwnZ+8h8AK9TK3uu90weBjZi wGIUMgMIWWm+gb+oxZ4Rqg1BoB2e4FeSuZYxAWzIhf//6TabReCQjNwvH76ok7+Szqvz 5LHg== X-Gm-Message-State: AOAM531nz2EB06d+36c+t2hotL1XlCht3JqlejbnG2wBo7OQ8O+vMRpr CLAnLv56/TsN+NBxMhuUjZWeihEUGwoyG+UH X-Google-Smtp-Source: ABdhPJxa12lTtv1eYmwqQkMlxO3rUEp1UqN0uNRO7HHp6K7futuwBTOs43Nx1Qs8cvEKJ9PU2wEhmQ== X-Received: by 2002:aed:3325:: with SMTP id u34mr20346601qtd.263.1605037487240; Tue, 10 Nov 2020 11:44:47 -0800 (PST) Received: from mutt-hbsd (pool-100-16-222-53.bltmmd.fios.verizon.net. [100.16.222.53]) by smtp.gmail.com with ESMTPSA id j63sm5264248qke.67.2020.11.10.11.44.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Nov 2020 11:44:46 -0800 (PST) Date: Tue, 10 Nov 2020 14:44:45 -0500 From: Shawn Webb To: Brooks Davis Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r367577 - in head: share/mk sys/conf tools/build/options Message-ID: <20201110194445.wf5v63trwcv7fmzs@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA References: <202011101915.0AAJFEWf059408@repo.freebsd.org> <20201110191729.GC1959@spindle.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nfmjjteyn4azmpyh" Content-Disposition: inline In-Reply-To: <20201110191729.GC1959@spindle.one-eyed-alien.net> X-Rspamd-Queue-Id: 4CVyxX22lsz4pkv X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2020 19:44:48 -0000 --nfmjjteyn4azmpyh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 10, 2020 at 07:17:29PM +0000, Brooks Davis wrote: > On Tue, Nov 10, 2020 at 07:15:14PM +0000, Brooks Davis wrote: > > Author: brooks > > Date: Tue Nov 10 19:15:13 2020 > > New Revision: 367577 > > URL: https://svnweb.freebsd.org/changeset/base/367577 > >=20 > > Log: > > Support initializing stack variables on function entry > > =20 > > There are two options: > > - WITH_INIT_ALL_ZERO: Zero all variables on the stack. > > - WITH_INIT_ALL_PATTERN: Initialize variables with well-defined patt= erns. > > =20 > > The exact pattern are a compiler implementation detail and vary by ty= pe. > > They are somewhat documented in the LLVM commit message: > > https://reviews.llvm.org/rL349442 > > I've used WITH_INIT_ALL_* to match Microsoft's InitAll feature rather > > than naming them after the LLVM specific compiler flags. > > =20 > > In a range of consumer products, options like these are used in > > both debug and production builds with debugs builds using patterns > > (intended to provoke crashes on use of uninitialized values) and > > production using zeros (deemed more likely to lead to harmless > > misbehavior or NULL-pointer dereferences). >=20 > We've tested this extensively in CheriBSD on RISC-V, in the wild it's > probably most tested on Arm64 and x86. >=20 > Despite the silly compiler flag you'll spot in the code, the zeroing > option isn't going away in practice as Apple, Google, and Microsoft all > ship with this feature in some of their products. HardenedBSD's testing of this last year on amd64 have (privately) shown the feature to really hinder performance on more complex applications (like when applied to clang/lld). A build of base without init all zero applied to clang/lld would take around 1.5 hours on my system. A build with it applied to clang/lld took around four hours, if my memory serves correctly. I would probably advise against applying it system-wide. But YMMV. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --nfmjjteyn4azmpyh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl+q7aoACgkQ/y5nonf4 4frTbBAAlm1FhCeENfnR8wP7eEF6ZN5zJ9OKgIdg4KuNJdjqk63h19XaOknMMd3Z CIDP4Lnmc7Uou8vhU6GBhlTrzf+D5CHWi4v9HbJSpF++jLbWn+p6r1eYMvH/jIok Sj4WyzPqBRyHyrp+1A2b9+UhpsiAZPdCccJRHuT8IPVWGUhP6W89xVNw2JFipc/t mmXKmxoQ61d2xQk5mx9vPxceDOxLTcZZDaF2O9MT9n91DeS1KheAfddler4z03zb lhbi+wzLRghI5ErQruonEdeleoIxQzDauwk0mGluzo/UMugOy+rab3SVf2+ogCgx Af5gMpXyHGfNJ7HCWyNzNnZ2GRUVecgSmNXnoSiGibBicvn1aXi2UkvaAKl4wwM+ JJrbJCctypDlGQcu8AoDTRHAdoAGWItFx+R8xDcz2sOxdn1crKJJE5ZzXsnrt4pO xad+IkwX9sHsInMGkIdsredIhzkZqNNJauEQ4tkQzt25cdhnngd55wK/Q61nxNEp /d+P61RjCn+4IO87Djrq6BPNKyG5p2lUgrA7Uu/2hgun0sskxtGvsZftZMlywZQq 7n/a0pvedQv0sxFsWSxZEqdA9aYFFHVYxB0hVRg9ank/3zOxwx+DO1NOe1+bd4bZ TVFecJX3rVKnZqfH+otPVK2V8qc5LjjeIxRj+9SaCSRtgQkF2+0= =AEdV -----END PGP SIGNATURE----- --nfmjjteyn4azmpyh--