lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 May 2022 08:22:57 -0700 From: Sami Tolvanen <samitolvanen@...gle.com> To: Peter Zijlstra <peterz@...radead.org> Cc: Kees Cook <keescook@...omium.org>, Mark Rutland <mark.rutland@....com>, Josh Poimboeuf <jpoimboe@...hat.com>, Will Deacon <will@...nel.org>, Catalin Marinas <catalin.marinas@....com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Joao Moreira <joao@...rdrivepizza.com>, Sedat Dilek <sedat.dilek@...il.com>, Steven Rostedt <rostedt@...dmis.org>, LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>, linux-hardening@...r.kernel.org, linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>, llvm@...ts.linux.dev Subject: Re: [RFC PATCH 00/21] KCFI support On Sat, Apr 30, 2022 at 2:02 AM Peter Zijlstra <peterz@...radead.org> wrote: > > On Fri, Apr 29, 2022 at 03:53:12PM -0700, Kees Cook wrote: > > On Fri, Apr 29, 2022 at 01:36:23PM -0700, Sami Tolvanen wrote: > > > KCFI is a proposed forward-edge control-flow integrity scheme for > > > Clang, which is more suitable for kernel use than the existing CFI > > > scheme used by CONFIG_CFI_CLANG. KCFI doesn't require LTO, doesn't > > > alter function references to point to a jump table, and won't break > > > function address equality. > > > > 🎉 :) > > > > > The latest LLVM patches are here: > > > > > > https://reviews.llvm.org/D119296 > > > https://reviews.llvm.org/D124211 > > > > > > [...] > > > To test this series, you'll need to compile your own Clang toolchain > > > with the patches linked above. You can also find the complete source > > > tree here: > > > > > > https://github.com/samitolvanen/llvm-project/commits/kcfi-rfc > > > > And note that this RFC is seeking to break a bit of a circular dependency > > with regard to the design of __builtin_kcfi_call_unchecked (D124211 > > above), as the implementation has gone around a few times in review within > > LLVM, and we want to make sure that kernel folks are okay with what was > > settled on. If there are no objections on the kernel side, then we can > > land the KCFI patches, as this is basically the only remaining blocker. > > So aside from the static_call usage, was there any other? Not at the moment, and it looks like we can get rid of that too. > Anyway, I think I hate that __builtin, I'd *much* rather see a variable > attribute or qualifier for this, such that one can mark a function > pointer as not doing CFI. > > I simply doesn't make sense to have a builtin that operates on an > expression. The whole thing is about indirect calls, IOW function > pointers. I also thought an attribute would be more convenient, but the compiler folks prefer a built-in: https://reviews.llvm.org/D122673 Sami
Powered by blists - more mailing lists