From: Dan Li <ashimida.1990@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
Nick Desaulniers <ndesaulniers@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Nathan Chancellor <nathan@kernel.org>, Tom Rix <trix@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Qing Zhao <qing.zhao@oracle.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Frederic Weisbecker <frederic@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Marco Elver <elver@google.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Song Liu <song@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Uros Bizjak <ubizjak@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Juergen Gross <jgross@suse.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Borislav Petkov <bp@suse.de>,
Masami Hiramatsu <mhiramat@kernel.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Aaron Tomlin <atomlin@redhat.com>,
Kalesh Singh <kaleshsingh@google.com>,
Yuntao Wang <ytcoode@gmail.com>,
Changbin Du <changbin.du@intel.com>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev
Subject: Re: [RFC/RFT] CFI: Add support for gcc CFI in aarch64
Date: Sat, 7 Jan 2023 07:42:13 -0800 [thread overview]
Message-ID: <20230107154213.ocyghxd2k66gbvv6@ubuntu> (raw)
In-Reply-To: <202301061929.6881F6CD40@keescook>
Hi Kees,
On 01/06, Kees Cook wrote:
> On Mon, Dec 19, 2022 at 05:32:04AM -0800, Dan Li wrote:
> > Hi Peter,
> Hi!
>
> First of all, thank you thank you for working on this in GCC. This will
> make a big difference for folks that don't have the option to build with
> Clang to gain CFI coverage.
>
> As for the implementation details, the core issue is really that this
> type of CFI is specifically designed for the Linux kernel, and it took a
> rather long time to figure out all the specifics needed (down to the
> byte counts and instruction layouts). GCC's version will ultimately need
> to exactly match the Clang output, or Linux is unlikely to support it.
>
> We're already on our second CFI -- the original Clang CFI was just too
> clunky for long-term use in Linux, so unless we're going to improve on
> the latest Clang KCFI implementation in some way, it's better to stick
> to exactly byte-for-byte identical results. The KCFI support in Linux
> depends on the arm64 and x86_64 runtimes for catching the traps, and the
> post-processing done (on x86_64) with objtool that prepares the kernel
> for IBT use, and converts to the optional FineIBT CFI mechanism. With
> all those moving parts, there needs to be a very compelling reason to
> have GCC KCFI implementation differ from Clang's.
>
> Hopefully that context helps a little. I'm excited to try out future
> versions!
Thanks for the context, it makes sense and helped me a lot. :)
In the next version I'll make the gcc implementation consistent with clang.
Thanks,
Dan.
>
> -Kees
>
> --
> Kees Cook
WARNING: multiple messages have this Message-ID (diff)
From: Dan Li <ashimida.1990@gmail.com>
To: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Masahiro Yamada <masahiroy@kernel.org>,
Michal Marek <michal.lkml@markovi.net>,
Nick Desaulniers <ndesaulniers@google.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Nathan Chancellor <nathan@kernel.org>, Tom Rix <trix@redhat.com>,
Mark Rutland <mark.rutland@arm.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Qing Zhao <qing.zhao@oracle.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Frederic Weisbecker <frederic@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Marco Elver <elver@google.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Song Liu <song@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Uros Bizjak <ubizjak@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Juergen Gross <jgross@suse.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Borislav Petkov <bp@suse.de>,
Masami Hiramatsu <mhiramat@kernel.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Aaron Tomlin <atomlin@redhat.com>,
Kalesh Singh <kaleshsingh@google.com>,
Yuntao Wang <ytcoode@gmail.com>,
Changbin Du <changbin.du@intel.com>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev
Subject: Re: [RFC/RFT] CFI: Add support for gcc CFI in aarch64
Date: Sat, 7 Jan 2023 07:42:13 -0800 [thread overview]
Message-ID: <20230107154213.ocyghxd2k66gbvv6@ubuntu> (raw)
In-Reply-To: <202301061929.6881F6CD40@keescook>
Hi Kees,
On 01/06, Kees Cook wrote:
> On Mon, Dec 19, 2022 at 05:32:04AM -0800, Dan Li wrote:
> > Hi Peter,
> Hi!
>
> First of all, thank you thank you for working on this in GCC. This will
> make a big difference for folks that don't have the option to build with
> Clang to gain CFI coverage.
>
> As for the implementation details, the core issue is really that this
> type of CFI is specifically designed for the Linux kernel, and it took a
> rather long time to figure out all the specifics needed (down to the
> byte counts and instruction layouts). GCC's version will ultimately need
> to exactly match the Clang output, or Linux is unlikely to support it.
>
> We're already on our second CFI -- the original Clang CFI was just too
> clunky for long-term use in Linux, so unless we're going to improve on
> the latest Clang KCFI implementation in some way, it's better to stick
> to exactly byte-for-byte identical results. The KCFI support in Linux
> depends on the arm64 and x86_64 runtimes for catching the traps, and the
> post-processing done (on x86_64) with objtool that prepares the kernel
> for IBT use, and converts to the optional FineIBT CFI mechanism. With
> all those moving parts, there needs to be a very compelling reason to
> have GCC KCFI implementation differ from Clang's.
>
> Hopefully that context helps a little. I'm excited to try out future
> versions!
Thanks for the context, it makes sense and helped me a lot. :)
In the next version I'll make the gcc implementation consistent with clang.
Thanks,
Dan.
>
> -Kees
>
> --
> Kees Cook
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-01-07 15:42 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-19 6:17 [RFC/RFT] CFI: Add support for gcc CFI in aarch64 Dan Li
2022-12-19 6:17 ` Dan Li
2022-12-19 6:38 ` Dan Li
2022-12-19 6:38 ` Dan Li
2022-12-19 10:40 ` Peter Zijlstra
2022-12-19 10:40 ` Peter Zijlstra
2022-12-19 13:32 ` Dan Li
2022-12-19 13:32 ` Dan Li
2022-12-19 15:04 ` Peter Zijlstra
2022-12-19 15:04 ` Peter Zijlstra
2022-12-19 23:38 ` Dan Li
2022-12-19 23:38 ` Dan Li
2023-01-03 8:55 ` Mark Rutland
2023-01-03 8:55 ` Mark Rutland
2023-01-07 3:36 ` Kees Cook
2023-01-07 3:36 ` Kees Cook
2023-01-07 15:42 ` Dan Li [this message]
2023-01-07 15:42 ` Dan Li
2023-02-08 19:35 ` Kees Cook
2023-02-08 19:35 ` Kees Cook
2023-02-10 16:14 ` Dan Li
2023-02-10 16:14 ` Dan Li
2023-01-03 8:53 ` Mark Rutland
2023-01-03 8:53 ` Mark Rutland
2023-01-07 15:37 ` Dan Li
2023-01-07 15:37 ` Dan Li
2023-03-25 8:54 ` [RFC/RFT,V2] " Dan Li
2023-03-27 9:30 ` Peter Zijlstra
2023-03-27 22:17 ` Sami Tolvanen
2023-04-05 11:49 ` Dan Li
2023-12-13 8:48 ` Dan Li
[not found] ` <4a84af95-6270-6764-6a40-875ec20fc3e1@lixiang.com>
2023-12-13 14:45 ` Mark Rutland
2023-12-13 19:35 ` Kees Cook
2023-04-05 11:48 ` Dan Li
2023-12-13 8:28 ` [RFC/RFT] " Dan Li
2023-12-13 8:28 ` Dan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230107154213.ocyghxd2k66gbvv6@ubuntu \
--to=ashimida.1990@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=atomlin@redhat.com \
--cc=bp@suse.de \
--cc=catalin.marinas@arm.com \
--cc=changbin.du@intel.com \
--cc=christophe.leroy@csgroup.eu \
--cc=dmitry.torokhov@gmail.com \
--cc=ebiederm@xmission.com \
--cc=elver@google.com \
--cc=frederic@kernel.org \
--cc=jgross@suse.com \
--cc=jpoimboe@kernel.org \
--cc=kaleshsingh@google.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=memxor@gmail.com \
--cc=mhiramat@kernel.org \
--cc=michal.lkml@markovi.net \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=qing.zhao@oracle.com \
--cc=samitolvanen@google.com \
--cc=song@kernel.org \
--cc=trix@redhat.com \
--cc=ubizjak@gmail.com \
--cc=will@kernel.org \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.