From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by sourceware.org (Postfix) with ESMTPS id D04633853823 for ; Tue, 8 Jun 2021 16:59:51 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D04633853823 Received: by mail-pg1-x532.google.com with SMTP id 27so17022761pgy.3 for ; Tue, 08 Jun 2021 09:59:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=I8EDm98ZcJF2cWD/355UTqWX9zb0NA87pDH3RzphfEs=; b=UbTaqHtMhwsvquMfSc9HliDYSy6bZFYSN8sK2Br6JJsxS0kb1JU9jMyUUzuzBmDhrJ yHb/7222EYm77kZa2tPvPnCIlfzNlvHBVhIDq+LeN33M2flomytHNA+3yj1h131jR06n jda5CuTphHO1IX9cJWuauhcp5wzgSDU0siUUgGuQTRvaZSbDf5GXc2wwuQXc2MHlILNp vN6eSMGS3/05NxFd/iS2O5gOWExIC215WFmkRWpI5+rRlcbOIJr4ln4VD7I/wi0DrFOw 3GbE9ehgwGtNftv4rQzp62+xRLzRnM8K95ZJOp07hLedy1DIlm1zQYKx5i11oA24sSqU 8rjg== X-Gm-Message-State: AOAM532cXof2ToiSt3EbRKvC9gZvf1524XIvCqe8HKbPGBn4xE0a4wtM JcJEku962W77jSwKlnvVBC2N1w== X-Google-Smtp-Source: ABdhPJy7F08B4rMaPhqIx9ToCN+YnSrEzMJgYJ81L0wxALiRwpIEKQjdPO5/Px3wcVAUcxzFN98geg== X-Received: by 2002:a62:7f15:0:b029:2e9:c6b8:516d with SMTP id a21-20020a627f150000b02902e9c6b8516dmr874395pfd.52.1623171590790; Tue, 08 Jun 2021 09:59:50 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id b6sm6647857pgw.67.2021.06.08.09.59.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Jun 2021 09:59:50 -0700 (PDT) Date: Tue, 8 Jun 2021 09:59:49 -0700 From: Kees Cook To: Richard Biener Cc: Qing Zhao , richard Sandiford , gcc-patches Qing Zhao via Subject: Re: [PATCH][version 3]add -ftrivial-auto-var-init and variable attribute "uninitialized" to gcc Message-ID: <202106080956.DD4A2CAA02@keescook> References: <52959802-6AF1-4BFC-B984-3BC495C535BD@ORACLE.COM> <720A8309-1964-4861-BE1C-7F7E1EB9FE18@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, JMQ_SPF_NEUTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jun 2021 16:59:53 -0000 On Tue, Jun 08, 2021 at 09:41:38AM +0200, Richard Biener wrote: > On Mon, 7 Jun 2021, Qing Zhao wrote: > > > Hi, > > > > > On Jun 7, 2021, at 2:53 AM, Richard Biener wrote: > > > > > >> > > >> To address the above suggestion: > > >> > > >> My study shows: the call to __builtin_clear_padding is expanded during gimplification phase. > > >> And there is no __bultin_clear_padding expanding during rtx expanding phase. > > >> However, for -ftrivial-auto-var-init, padding initialization should be done both in gimplification phase and rtx expanding phase. > > >> since the __builtin_clear_padding might not be good for rtx expanding, reusing __builtin_clear_padding might not work. > > >> > > >> Let me know if you have any more comments on this. > > > > > > Yes, I didn't suggest to literally emit calls to __builtin_clear_padding > > > but instead to leverage the lowering code, more specifically share the > > > code that figures _what_ is to be initialized (where the padding is) > > > and eventually the actual code generation pieces. That might need some > > > refactoring but the code where padding resides should be present only > > > a single time (since it's quite complex). > > > > Okay, I see your point here. > > > > > > > > Which is also why I suggested to split out the padding initialization > > > bits to a separate patch (and option). > > > > Personally, I am okay with splitting padding initialization from this current patch, > > Kees, what’s your opinion on this? i.e, the current -ftrivial-auto-var-init will NOT initialize padding, we will add another option to > > Explicitly initialize padding. > > It would also be possible to have -fauto-var-init, -fauto-var-init-padding > and have -ftrivial-auto-var-init for clang compatibility enabling both. Sounds good to me! > Or -fauto-var-init={zero,pattern,padding} and allow > -fauto-var-init=pattern,padding to be specified. Note there's also > padding between auto variables on the stack - that "trailing" > padding isn't initialized either? (yes, GCC sorts variables to minimize > that padding) For example for > > void foo() > { > char a[3]; > bar (a); > } > > there's 12 bytes padding after 'a', shouldn't we initialize that? If not, > why's other padding important to be initialized? This isn't a situation that I'm aware of causing real-world problems. The issues have all come from padding within an addressable object. I haven't tested Clang's behavior on this (and I have no kernel tests for this padding), but I do check for trailing padding, like: struct test_trailing_hole { char *one; char *two; char *three; char four; /* "sizeof(unsigned long) - 1" byte padding hole here. */ }; -Kees -- Kees Cook