Page MenuHomeFreeBSD
Files F144555969

D48427.1775437118.diff
No OneTemporary
Actions

Size
3 KB
Referenced Files
None
Subscribers
None

D48427.1775437118.diff
View Options

diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@ -1,5 +1,5 @@
.\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
-.Dd November 22, 2024
+.Dd January 8, 2025
.Dt SRC.CONF 5
.Os
.Sh NAME
@@ -1862,6 +1862,11 @@
without support for the IEEE 802.1X protocol and without
support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS
protocols (usable only via 802.1X).
+.It Va WITH_ZEROREGS
+Build the basesystem with code to zero caller-used register contents
+on function return.
+This prevents leaking temporary values for side channel attacks.
+Additionally this reduces the number of usable ROP gadgets for attackers.
.It Va WITHOUT_ZFS
Do not build the ZFS file system kernel module, libraries such as
.Xr libbe 3 ,
diff --git a/share/mk/bsd.compiler.mk b/share/mk/bsd.compiler.mk
--- a/share/mk/bsd.compiler.mk
+++ b/share/mk/bsd.compiler.mk
@@ -24,6 +24,7 @@
# - retpoline: supports the retpoline speculative execution vulnerability
# mitigation.
# - init-all: supports stack variable initialization.
+# - zeroregs: supports zeroing used registers on return
# - aarch64-sha512: supports the AArch64 sha512 intrinsic functions.
#
# When bootstrapping on macOS, 'apple-clang' will be set in COMPILER_FEATURES
@@ -263,6 +264,11 @@
${X_}COMPILER_FEATURES+= fileprefixmap
.endif
+.if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 150000) || \
+ (${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 110000)
+${X_}COMPILER_FEATURES+= zeroregs
+.endif
+
.if (${${X_}COMPILER_TYPE} == "clang" && ${${X_}COMPILER_VERSION} >= 130000) || \
(${${X_}COMPILER_TYPE} == "gcc" && ${${X_}COMPILER_VERSION} >= 90000)
# AArch64 sha512 intrinsics are supported (and have been tested) in
diff --git a/share/mk/bsd.lib.mk b/share/mk/bsd.lib.mk
--- a/share/mk/bsd.lib.mk
+++ b/share/mk/bsd.lib.mk
@@ -118,6 +118,15 @@
.endif
.endif
+# Zero used registers on return (mitigate some ROP)
+.if ${MK_ZEROREGS} != "no"
+.if ${COMPILER_FEATURES:Mzeroregs}
+ZEROREG_TYPE?= used
+CFLAGS+= -fzero-call-used-regs=${ZEROREG_TYPE}
+CXXFLAGS+= -fzero-call-used-regs=${ZEROREG_TYPE}
+.endif
+.endif
+
# bsd.sanitizer.mk is not installed, so don't require it (e.g. for ports).
.sinclude "bsd.sanitizer.mk"
diff --git a/share/mk/bsd.opts.mk b/share/mk/bsd.opts.mk
--- a/share/mk/bsd.opts.mk
+++ b/share/mk/bsd.opts.mk
@@ -81,7 +81,8 @@
RETPOLINE \
STALE_STAGED \
UBSAN \
- UNDEFINED_VERSION
+ UNDEFINED_VERSION \
+ ZEROREGS
__DEFAULT_DEPENDENT_OPTIONS = \
MAKE_CHECK_USE_SANDBOX/TESTS \
diff --git a/share/mk/bsd.prog.mk b/share/mk/bsd.prog.mk
--- a/share/mk/bsd.prog.mk
+++ b/share/mk/bsd.prog.mk
@@ -90,6 +90,15 @@
.endif
.endif
+# Zero used registers on return (mitigate some ROP)
+.if ${MK_ZEROREGS} != "no"
+.if ${COMPILER_FEATURES:Mzeroregs}
+ZEROREG_TYPE?= used
+CFLAGS+= -fzero-call-used-regs=${ZEROREG_TYPE}
+CXXFLAGS+= -fzero-call-used-regs=${ZEROREG_TYPE}
+.endif
+.endif
+
# bsd.sanitizer.mk is not installed, so don't require it (e.g. for ports).
.sinclude "bsd.sanitizer.mk"
diff --git a/stand/defs.mk b/stand/defs.mk
--- a/stand/defs.mk
+++ b/stand/defs.mk
@@ -11,6 +11,7 @@
MK_CTF= no
MK_SSP= no
MK_PIE= no
+MK_ZEROREGS= no
MAN=
.if !defined(PIC)
NO_PIC=
diff --git a/tools/build/options/WITHOUT_ZEROREGS b/tools/build/options/WITHOUT_ZEROREGS
new file mode 100644
--- /dev/null
+++ b/tools/build/options/WITHOUT_ZEROREGS
@@ -0,0 +1,2 @@
+Do not build build the basesystem with code to zero caller-used register
+contents on function return.
diff --git a/tools/build/options/WITH_ZEROREGS b/tools/build/options/WITH_ZEROREGS
new file mode 100644
--- /dev/null
+++ b/tools/build/options/WITH_ZEROREGS
@@ -0,0 +1,4 @@
+Build the basesystem with code to zero caller-used register contents
+on function return.
+This prevents leaking temporary values for side channel attacks.
+Additionally this reduces the number of usable ROP gadgets for attackers.

File Metadata

Mime Type
text/plain
Expires
Mon, Apr 6, 12:58 AM (12 m, 57 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28270055
Default Alt Text
D48427.1775437118.diff (3 KB)

Event Timeline