diff options
| author | Brian Gianforcaro <bgianf@serenityos.org> | 2022-06-24 00:34:38 -0700 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2022-06-24 12:35:36 +0100 |
| commit | 458244c0c1c8f077030fa0d8964fad8d75c60d4a (patch) | |
| tree | 89c36c23839435d4e8c335eec51c9c7143b115dd /Kernel/CMakeLists.txt | |
| parent | a0eb0a275db2aab1719172f8b7e16c661ec4bd0c (diff) | |
| download | serenity-458244c0c1c8f077030fa0d8964fad8d75c60d4a.zip | |
Kernel: Enable -ftrivial-auto-var-init as a security mitigation
The flag will automatically initialize all variables to a pattern based
on it's type. The goal being here is to eradicate an entire bug class
of issues that can originate from uninitialized stack memory.
Some examples include:
- Kernel information disclosure, where uninitialized struct members
or struct padding is copied back to usermode, leaking kernel
information such as stack or heap addresses, or secret data like
stack cookies.
- Control flow based on uninitialized memory can cause a variety of
issues at runtime, including stack corruptions like buffer
overflows, heap corruptions due to deleting stray pointers.
Even basic logic bugs can result from control flow operating on
uninitialized data.
As of GCC 12 this flag is now supported.
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a25e0b5e6ac8a77a71c229e0a7b744603365b0e9
Clang has already supported it for a few releases.
https://reviews.llvm.org/D54604
Diffstat (limited to 'Kernel/CMakeLists.txt')
| -rw-r--r-- | Kernel/CMakeLists.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt index 0923972992..74bb9cb5d7 100644 --- a/Kernel/CMakeLists.txt +++ b/Kernel/CMakeLists.txt @@ -495,6 +495,18 @@ add_compile_options(-fno-exceptions) # FIXME: remove -nodefaultlibs after the next toolchain update add_compile_options(-nodefaultlibs -nostdlib) +# Auto initialize trivial types on the stack, we use "pattern" as +# it's the only option portable across compilers going forward. +# +# This is designed to help avoid uninitialized variables bugs and +# information disclosures coming from the kernel stack. +# +# FIXME: It appears to conflict with something during the boot of the +# aarch64 kernel, we should investigate and remove this special case. +if (NOT "${SERENITY_ARCH}" STREQUAL "aarch64") + add_compile_options(-ftrivial-auto-var-init=pattern) +endif() + if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU") # Apply any flags that are only available on >= GCC 11.1 if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "11.1") |