On Thu, Aug 06, 2020 at 10:37:43AM +0200, Richard Biener wrote: > OK, so -fzero-call-used-regs is a ROP mitigation technique. To me > it sounded more like a mitigation against information leaks which > then would be highly incomplete w/o spill slot clearing. Like > we had that discussion on secure erase of memory that should not > be DSEd.
I've viewed stack erasure as separate from register clearing. The "when" of stack erasure tends to define which things are being defended against. If the stack is being erased on function entry, you're defending against all the various "uninitialized" variable attacks (which can be info exposures, flow control redirection, etc). If it's on function exit, this is more aimed at avoiding stale data and minimizing what's available during an attack (and it also provides similar "uninit" defenses, just in a different way). And FWIW, past benchmarks on this appear to indicate erase-on-entry is more cache-friendly. -- Kees Cook
