| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Dec 2022 21:54:28 -0800
From: Dan Li <ashimida.1990@...il.com>
To: gcc-patches@....gnu.org,
Richard Sandiford <richard.sandiford@....com>,
Masahiro Yamada <masahiroy@...nel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Kees Cook <keescook@...omium.org>,
Nathan Chancellor <nathan@...nel.org>,
Tom Rix <trix@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Josh Poimboeuf <jpoimboe@...nel.org>,
Frederic Weisbecker <frederic@...nel.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Dan Li <ashimida.1990@...il.com>,
Marco Elver <elver@...gle.com>,
Christophe Leroy <christophe.leroy@...roup.eu>,
Song Liu <song@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Uros Bizjak <ubizjak@...il.com>,
Kumar Kartikeya Dwivedi <memxor@...il.com>,
Juergen Gross <jgross@...e.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Borislav Petkov <bp@...e.de>,
Masami Hiramatsu <mhiramat@...nel.org>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
Aaron Tomlin <atomlin@...hat.com>,
Kalesh Singh <kaleshsingh@...gle.com>,
Yuntao Wang <ytcoode@...il.com>,
Changbin Du <changbin.du@...el.com>
Cc: linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, llvm@...ts.linux.dev,
linux-hardening@...r.kernel.org
Subject: [RFC/RFT 0/3] Add compiler support for Control Flow Integrity
This series of patches is mainly used to support the control flow
integrity protection of the linux kernel [1], which is similar to
-fsanitize=kcfi in clang 16.0 [2,3].
I hope that this feature will also support user-mode CFI in the
future (at least for developers who can recompile the runtime),
so I use -fsanitize=cfi as a compilation option here.
Any suggestion please let me know :).
Thanks, Dan.
[1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/
[2] https://clang.llvm.org/docs/ControlFlowIntegrity.html
[3] https://reviews.llvm.org/D119296
Dan Li (3):
[PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to
64 bits to support more features
[PR102768] Support CFI: Add new pass for Control Flow Integrity
[PR102768] aarch64: Add support for Control Flow Integrity
Signed-off-by: Dan Li <ashimida.1990@...il.com>
---
gcc/Makefile.in | 1 +
gcc/asan.h | 4 +-
gcc/c-family/c-attribs.cc | 10 +-
gcc/c-family/c-common.h | 2 +-
gcc/c/c-parser.cc | 4 +-
gcc/cgraphunit.cc | 34 +++
gcc/common.opt | 4 +-
gcc/config/aarch64/aarch64.cc | 106 ++++++++
gcc/cp/typeck.cc | 2 +-
gcc/doc/invoke.texi | 35 +++
gcc/doc/passes.texi | 10 +
gcc/doc/tm.texi | 27 +++
gcc/doc/tm.texi.in | 8 +
gcc/dwarf2asm.cc | 2 +-
gcc/flag-types.h | 67 ++---
gcc/opt-suggestions.cc | 2 +-
gcc/opts.cc | 26 +-
gcc/opts.h | 8 +-
gcc/output.h | 3 +
gcc/passes.def | 1 +
gcc/target.def | 39 +++
.../aarch64/control_flow_integrity_1.c | 14 ++
.../aarch64/control_flow_integrity_2.c | 25 ++
.../aarch64/control_flow_integrity_3.c | 23 ++
gcc/toplev.cc | 4 +
gcc/tree-cfg.cc | 2 +-
gcc/tree-cfi.cc | 229 ++++++++++++++++++
gcc/tree-pass.h | 1 +
gcc/tree.cc | 144 +++++++++++
gcc/tree.h | 1 +
gcc/varasm.cc | 29 +++
31 files changed, 803 insertions(+), 64 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_1.c
create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_2.c
create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_3.c
create mode 100644 gcc/tree-cfi.cc
--
2.17.1
Powered by blists - more mailing lists