From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C8417EA0 for ; Fri, 2 Sep 2022 00:34:07 +0000 (UTC) Received: by mail-ed1-f53.google.com with SMTP id z8so756500edb.6 for ; Thu, 01 Sep 2022 17:34:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=g0W4XosBFsOU9OJyk6RCXP1Ph74BaHmTWPXYbDZyi0E=; b=g7NAxXDM5jwt2ZQIuC23zS+Gj6bX7gmaIfqxEAECYQiGWpEAFQa1f2CsL5nh5ft/Y9 AIr2al38oLiJRpzGtrGgnk4w9IfIMWUonkE+9DZ6k2P21Kl0EvuSxr29PbDA1+1em1cd dYTEjCtfgKnZWDVIJDxxMjQp1lOCGSGhpovijuO0b3qiav5w11KiSdLi8IeR1Geo5r/F b3Rjza8J92KowwOKuk21IB4N0MxylAQhqeD2/xpXuUb7S+NMLxhQTDWf08GnJke1P5zt 6uPpCh2NkLp/0pddJFPMNAMbbgzJsAElawX2udhNU0JRHIMRapcX8PefW1fFTfaGdcet aB2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=g0W4XosBFsOU9OJyk6RCXP1Ph74BaHmTWPXYbDZyi0E=; b=Qp4XnCNvik4RkZbpUBnBM1IFgtOsBsSqUpZNR+TfWtFfyMVITozCkTnz5cazxm4QrS JhcCWOa+bWXlmGFmZDBbwG6j8J7VxMSb4lwjcRpM1y0kog8iJDo7VEZgZ9BcNFwAM6oK wt9FOU+RxgEXRqh1g0+546cY5uxFxci3JYyl3M4igbWFb7MpPPJZu8FUd2vUfZwXPcEh WTX3ypM5tz9XiSEYfb6fIWeBy+Mtw5vKh8J1Sw5LO1rl3TwUXkAsPDNRE3Q4hAgYhIc6 XK3CgfAn1QXXrZeNx43qtfUji9FMxbkz9bjgheAh0byt2o1ImdWZODf8Attv3DSgklwB 4DRw== X-Gm-Message-State: ACgBeo2ZfmTFJIo4njWeH0M1COxeLzchdnlwZEa+zFquIyPzbg+5YUEB +VJEFvgW2R1qfL5CUirODvrmENsU8NPkqxxR9RS9HA== X-Google-Smtp-Source: AA6agR7L1g+GrifIuIL2RvuO0MF4C2Vtm6LL1S4dqJ/PngqADbOmXg04ta+aDasVtIdRN9a8Nlvw5KjebtJPyg0x6M0= X-Received: by 2002:a05:6402:3227:b0:448:706c:185d with SMTP id g39-20020a056402322700b00448706c185dmr18264220eda.357.1662078845879; Thu, 01 Sep 2022 17:34:05 -0700 (PDT) Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20220830233129.30610-1-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Thu, 1 Sep 2022 17:33:29 -0700 Message-ID: Subject: Re: [PATCH v4 00/21] KCFI support To: Nathan Chancellor Cc: LKML , Kees Cook , Josh Poimboeuf , Peter Zijlstra , X86 ML , Catalin Marinas , Will Deacon , Mark Rutland , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel , llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Hi Nathan, On Thu, Sep 1, 2022 at 2:19 PM Nathan Chancellor wrote: > I took this series for a spin on arm64 and x86_64. Thanks for testing! > I did not see any runtime issues on my arm64 or AMD test machines but I > do see a set of failures on my two Intel test machines when accessing > the files in /sys/devices/pci0000:00/0000:00:02.0/drm/card0/gt/gt0: Yes, I suspect there are a few sysfs type mismatches left to fix still. I believe Kees was looking into these earlier. > The source of those is drivers/gpu/drm/i915/gt/intel_gt_sysfs_pm.c. I > have not looked too closely yet but the fix should be something along > the lines of commit 58606220a2f1 ("drm/i915: Fix CFI violation with > show_dynamic_id()"). I don't have hardware for testing this driver, but that looks like a typical kobj_attribute / device_attribute mismatch, which happens to work because struct device starts with a kobject and the attribute structure is identical. I can take a look at this next week. > Interestingly, I do not see the KVM failure [1] that I reported anymore. > I do not see an obvious fix for it in this series or -next though, could > it have been an issue with an earlier revision of kCFI on the compiler > side? Most likely the compiler either converted it into a direct call, or inlined it. There are a few type mismatches in the kernel still that don't trip KCFI because they're optimized into direct calls. > I do see a few new objtool warnings as well: > > vmlinux.o: warning: objtool: apply_relocate_add+0x34: relocation to !ENDBR: memcpy+0x0 > vmlinux.o: warning: objtool: ___ksymtab+__memcpy+0x0: data relocation to !ENDBR: memcpy+0x0 > vmlinux.o: warning: objtool: ___ksymtab+memcpy+0x0: data relocation to !ENDBR: memcpy+0x0 That's interesting. I can only reproduce this warning with allmodconfig+LTO, even though the relocation exists in all builds (the code makes an indirect call to memcpy) and memcpy (aliased to __memcpy) doesn't start with endbr. I'll have to take a closer look at why this warning only appears with LTO. Sami From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F0AC7ECAAD3 for ; Fri, 2 Sep 2022 00:35:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=PVErhSPHCVE556d/n2WC0sF1HvAC6Q/KUPbeJzJm6wA=; b=bk9Co9Fd6JUjlt kqe2EhDCJVpp2lOdj1IrirzSh5M/Uv+lZMG+oGaZC3M9lMu2hG0/Lu1oHnSdnIOozaYnXhnmhN3x7 o1JJjw6tztgtxuVEkHkvo9ZWjgtvCY1Wwn8ADDncXw0GLdBaYB95VUKZ7TCm1AHqdBDAKE8jKHES7 l3Gh5/XhCI93+hQBEGDAOc32adRmOuA40CVRKe2icjkktJB9+Clt3v4l59KrY9t28co9UpAQY+EaL 0YzoCrtKooop9nc34bvx2ZtBIqm+uJLFeNvc+P+Bhf4aISrvzwxMbEmqiXmNdOoYBnfhsLahGigOp iKtFk0aB8XLpY7bYL30A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1oTudS-00GEU7-Hm; Fri, 02 Sep 2022 00:34:14 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1oTudP-00GEQJ-9s for linux-arm-kernel@lists.infradead.org; Fri, 02 Sep 2022 00:34:12 +0000 Received: by mail-ed1-x533.google.com with SMTP id z8so756499edb.6 for ; Thu, 01 Sep 2022 17:34:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=g0W4XosBFsOU9OJyk6RCXP1Ph74BaHmTWPXYbDZyi0E=; b=g7NAxXDM5jwt2ZQIuC23zS+Gj6bX7gmaIfqxEAECYQiGWpEAFQa1f2CsL5nh5ft/Y9 AIr2al38oLiJRpzGtrGgnk4w9IfIMWUonkE+9DZ6k2P21Kl0EvuSxr29PbDA1+1em1cd dYTEjCtfgKnZWDVIJDxxMjQp1lOCGSGhpovijuO0b3qiav5w11KiSdLi8IeR1Geo5r/F b3Rjza8J92KowwOKuk21IB4N0MxylAQhqeD2/xpXuUb7S+NMLxhQTDWf08GnJke1P5zt 6uPpCh2NkLp/0pddJFPMNAMbbgzJsAElawX2udhNU0JRHIMRapcX8PefW1fFTfaGdcet aB2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=g0W4XosBFsOU9OJyk6RCXP1Ph74BaHmTWPXYbDZyi0E=; b=ZfKohI5Aic9Vo7kMWUhjzBzSw++1PqSGSZdAlpELrey8lJTtSxRLymmKUgjpqYG03Y cC3IdPC2L3TK7WCAIL9RkKNcS6zyZOiLSTr9WZDa1bgxk3Aa9lTrj3lWN3jFarK30mR5 Bqdsra3MPLKRbAuEzaVCZfShYyAxUZLkKBMHtqfST/XCH+zNY5ta64l76M55itVHdKad 6RqHaPA2Cnp2C8wrKBPgXOT469T1WAFoCfu45Qkt1YPe8rfvl5EveJoOGm4QvvhCg4t9 e6qMNyiiKZb/JRadSwi4xE4hwwGbBSfsqqVEPOth6cc3H0HH1LeCiyFd9gadQvMV5vTG Akfw== X-Gm-Message-State: ACgBeo2Igntm4AZFEs3mkd5dFsPhJ9F7Mxiqd2V0FTe6VJZ0VvzVy/4j G4zac4aC21DJglZO3NWoBRWA0k3KxM5agdv3VebO0w== X-Google-Smtp-Source: AA6agR7L1g+GrifIuIL2RvuO0MF4C2Vtm6LL1S4dqJ/PngqADbOmXg04ta+aDasVtIdRN9a8Nlvw5KjebtJPyg0x6M0= X-Received: by 2002:a05:6402:3227:b0:448:706c:185d with SMTP id g39-20020a056402322700b00448706c185dmr18264220eda.357.1662078845879; Thu, 01 Sep 2022 17:34:05 -0700 (PDT) MIME-Version: 1.0 References: <20220830233129.30610-1-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Thu, 1 Sep 2022 17:33:29 -0700 Message-ID: Subject: Re: [PATCH v4 00/21] KCFI support To: Nathan Chancellor Cc: LKML , Kees Cook , Josh Poimboeuf , Peter Zijlstra , X86 ML , Catalin Marinas , Will Deacon , Mark Rutland , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel , llvm@lists.linux.dev X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220901_173411_360660_F8B31FEF X-CRM114-Status: GOOD ( 24.90 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Nathan, On Thu, Sep 1, 2022 at 2:19 PM Nathan Chancellor wrote: > I took this series for a spin on arm64 and x86_64. Thanks for testing! > I did not see any runtime issues on my arm64 or AMD test machines but I > do see a set of failures on my two Intel test machines when accessing > the files in /sys/devices/pci0000:00/0000:00:02.0/drm/card0/gt/gt0: Yes, I suspect there are a few sysfs type mismatches left to fix still. I believe Kees was looking into these earlier. > The source of those is drivers/gpu/drm/i915/gt/intel_gt_sysfs_pm.c. I > have not looked too closely yet but the fix should be something along > the lines of commit 58606220a2f1 ("drm/i915: Fix CFI violation with > show_dynamic_id()"). I don't have hardware for testing this driver, but that looks like a typical kobj_attribute / device_attribute mismatch, which happens to work because struct device starts with a kobject and the attribute structure is identical. I can take a look at this next week. > Interestingly, I do not see the KVM failure [1] that I reported anymore. > I do not see an obvious fix for it in this series or -next though, could > it have been an issue with an earlier revision of kCFI on the compiler > side? Most likely the compiler either converted it into a direct call, or inlined it. There are a few type mismatches in the kernel still that don't trip KCFI because they're optimized into direct calls. > I do see a few new objtool warnings as well: > > vmlinux.o: warning: objtool: apply_relocate_add+0x34: relocation to !ENDBR: memcpy+0x0 > vmlinux.o: warning: objtool: ___ksymtab+__memcpy+0x0: data relocation to !ENDBR: memcpy+0x0 > vmlinux.o: warning: objtool: ___ksymtab+memcpy+0x0: data relocation to !ENDBR: memcpy+0x0 That's interesting. I can only reproduce this warning with allmodconfig+LTO, even though the relocation exists in all builds (the code makes an indirect call to memcpy) and memcpy (aliased to __memcpy) doesn't start with endbr. I'll have to take a closer look at why this warning only appears with LTO. Sami _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel