| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202509121443.77F7CF7F@keescook> Date: Fri, 12 Sep 2025 23:29:20 -0700 From: Kees Cook <kees@...nel.org> To: Qing Zhao <qing.zhao@...cle.com> Cc: Andrew Pinski <pinskia@...il.com>, Richard Biener <rguenther@...e.de>, Joseph Myers <josmyers@...hat.com>, Jan Hubicka <hubicka@....cz>, Richard Earnshaw <richard.earnshaw@....com>, Richard Sandiford <richard.sandiford@....com>, Marcus Shawcroft <marcus.shawcroft@....com>, Kyrylo Tkachov <kyrylo.tkachov@....com>, Kito Cheng <kito.cheng@...il.com>, Palmer Dabbelt <palmer@...belt.com>, Andrew Waterman <andrew@...ive.com>, Jim Wilson <jim.wilson.gcc@...il.com>, Peter Zijlstra <peterz@...radead.org>, Dan Li <ashimida.1990@...il.com>, Sami Tolvanen <samitolvanen@...gle.com>, Ramon de C Valle <rcvalle@...gle.com>, Joao Moreira <joao@...rdrivepizza.com>, Nathan Chancellor <nathan@...nel.org>, Bill Wendling <morbo@...gle.com>, "gcc-patches@....gnu.org" <gcc-patches@....gnu.org>, "linux-hardening@...r.kernel.org" <linux-hardening@...r.kernel.org> Subject: Re: [PATCH v2 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure On Fri, Sep 12, 2025 at 02:01:57PM +0000, Qing Zhao wrote: > > > On Sep 12, 2025, at 03:32, Kees Cook <kees@...nel.org> wrote: > > > > On Thu, Sep 11, 2025 at 03:04:01PM +0000, Qing Zhao wrote: > >> > >> > >>> On Sep 10, 2025, at 23:05, Kees Cook <kees@...nel.org> wrote: > >>> > >>> On Tue, Sep 09, 2025 at 06:49:22PM +0000, Qing Zhao wrote: > >>>> > >>>> Why the type-id attached as the attribute is not enough? > >>> > >>> Doing the wrapping avoided needing to update multiple optimization passes > >>> to check for the attribute. > > Do you remember which optimization passes need to be updated for these purpose? I had patched at least old_insns_match_p: https://lore.kernel.org/linux-hardening/20250821072708.3109244-3-kees@kernel.org/#Z31gcc:cfgcleanup.cc The rest that I patched were about dealing with retaining notes, which aren't used any more now (an attribute is used, not a note). > >>> And it still needed a way to distinguish > >>> between direct and indirect calls, so I need to wrap only the indirect > >>> calls, where as the typeid attribute is for all functions for all typeid > >>> needs, like preamble generation, etc. > >> > >> Okay, this sounds like a reasonable justification for these additional temporaries > >> and assignment stmts. > >> One more question, are these additional temporaries and assignment stmts are > >> finally eliminated by later optimizations? Any runtime overhead due to them? > > > > Yeah, they totally vanish as far as I've been able to determine. > > That’s good. Then you might add this too in the design doc as a justification of the > New wrapper type, temporaries and new assignment stmt. I spent some time today experimenting with annotations and discovered that the KCFI RTL changes actually ended up solving all the issue I'd found. Combined with moving the DECL attributes to TYPE attributes, everything got MUCH simpler. I'll send v3 out soon with all of this redundancy removed. I want to test it a little more first. -- Kees Cook
Powered by blists - more mailing lists