ANDROID: GKI: x86: Enable register zeroing on function exit
At the end of functions, always zero any caller-used register
contents. This helps ensure that temporary values are not
leaked beyond the function boundary. This means that register
contents are less likely to be available for side channels
and information exposures. Additionally, this helps reduce the
number of useful ROP gadgets by about 20% (and removes compiler
generated "write-what-where" gadgets) in the resulting kernel
image. This has a less than 1% performance impact on most
workloads. Image size growth depends on architecture, and should
be evaluated for suitability. For example, x86_64 grows by less
than 1%, and arm64 grows by about 5%.
Bug: 348034565
Change-Id: I27745c550f40f122826df5afcb2aa35de1019b4d
Signed-off-by: Slawomir Rosek <[email protected]>
diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig
index 76ff70d..9043212 100644
--- a/arch/x86/configs/gki_defconfig
+++ b/arch/x86/configs/gki_defconfig
@@ -667,6 +667,7 @@
CONFIG_SECURITY_SAFESETID=y
CONFIG_SECURITY_LANDLOCK=y
CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
+CONFIG_ZERO_CALL_USED_REGS=y
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_CRYPTO_ECDH=y
CONFIG_CRYPTO_DES=y
