| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202512121756.68957E18@keescook>
Date: Fri, 12 Dec 2025 18:30:17 -0800
From: Kees Cook <kees@...nel.org>
To: Andrew Pinski <andrew.pinski@....qualcomm.com>
Cc: Qing Zhao <qing.zhao@...cle.com>, Uros Bizjak <ubizjak@...il.com>,
Joseph Myers <josmyers@...hat.com>,
Richard Biener <rguenther@...e.de>,
Jeff Law <jeffreyalaw@...il.com>, Andrew Pinski <pinskia@...il.com>,
Jakub Jelinek <jakub@...hat.com>, Martin Uecker <uecker@...raz.at>,
Peter Zijlstra <peterz@...radead.org>,
Ard Biesheuvel <ardb@...nel.org>, Jan Hubicka <hubicka@....cz>,
Richard Earnshaw <richard.earnshaw@....com>,
Richard Sandiford <richard.sandiford@....com>,
Marcus Shawcroft <marcus.shawcroft@....com>,
Kyrylo Tkachov <kyrylo.tkachov@....com>,
Kito Cheng <kito.cheng@...il.com>,
Palmer Dabbelt <palmer@...belt.com>,
Andrew Waterman <andrew@...ive.com>,
Jim Wilson <jim.wilson.gcc@...il.com>,
Dan Li <ashimida.1990@...il.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
Ramon de C Valle <rcvalle@...gle.com>,
Joao Moreira <joao@...rdrivepizza.com>,
Nathan Chancellor <nathan@...nel.org>,
Bill Wendling <morbo@...gle.com>,
"Osterlund, Sebastian" <sebastian.osterlund@...el.com>,
"Constable, Scott D" <scott.d.constable@...el.com>,
gcc-patches@....gnu.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity
infrastructure
On Tue, Dec 09, 2025 at 08:00:28PM -0800, Andrew Pinski wrote:
> On Tue, Dec 9, 2025 at 6:24 PM Kees Cook <kees@...nel.org> wrote:
> [...]
> > diff --git a/gcc/rtl.def b/gcc/rtl.def
> > index 15ae7d10fcc1..af643d187b95 100644
> > --- a/gcc/rtl.def
> > +++ b/gcc/rtl.def
> > @@ -318,6 +318,12 @@ DEF_RTL_EXPR(CLOBBER, "clobber", "e", RTX_EXTRA)
> >
> > DEF_RTL_EXPR(CALL, "call", "ee", RTX_EXTRA)
> >
> > +/* KCFI wrapper for call expressions.
> > + Operand 0 is the call expression.
> > + Operand 1 is the KCFI type ID (const_int). */
> > +
> > +DEF_RTL_EXPR(KCFI, "kcfi", "ee", RTX_EXTRA)
>
> You don't document this new rtl in doc/rtl.texi.
> Also I think it would be better if it was:
> DEF_RTL_EXPR(KCFI, "kcfi", "ei", RTX_EXTRA)
>
> So you don't need an extra indirection to the KCFI type ID. You can
> just access it like `XUINT (kcficall, 2)`.
> const_int seems too heavy weight for this.
> I assume it fits in `unsigned int`.
I can't figure out how to do the RTL matching when it's not a const_int
expr. For stand-alone stuff ("match_dup") I think I see it, but that seems
to be for stand-alone hard-coded values? Specifically what I can't figure
out is how to change the .md pattern matching with match_operand which
expects RTX operands, to something else. Format specifier i stores a raw
integer, not an RTX, so it can't be matched with match_operand. This
also breaks define_subst, which also seems to require patterns using
match_operand.
As always, I'm open to alternatives, but right now I don't see how to
do this with "ei".
> > + case KCFI:
> > + /* For KCFI wrapper, check both the wrapped call and the type ID. */
> > + return (reg_overlap_mentioned_p (x, XEXP (body, 0))
> > + || reg_overlap_mentioned_p (x, XEXP (body, 1)));
>
> Isn't the type ID always a const_int if so then you don't need to
> check if reg_overlap_mentioned_p here.
True, yes. I've adjusted this now. I wasn't sure if I needed this to check
the const_int value too, but testing seems to suggest I didn't need that
part.
-Kees
--
Kees Cook
Powered by blists - more mailing lists