From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7601B136B for ; Mon, 16 May 2022 17:57:52 +0000 (UTC) Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-2ff155c239bso17399737b3.2 for ; Mon, 16 May 2022 10:57:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=L6QoMgtwgL3tJe4GB/Ih7yflwSG3aQ00OepOaXpJEe4=; b=Zc6rshDMluaKoextbWcKCqT45DJDCK0JaPZ3RS4WxflJ5a/2R1FtVZTwvZq/ZC+Hvw EfTgd2+B7ClPEcqSvU7y+b3GnV3yZWIyV0f1D6fXPWl0YrRfJlN8YBXVUZIakI1yYwgV W4b5WxKlmQsSVJR+9wPV9YQIYhgG0gWlW6dezlkbaCdnwmnqx3jrkWESEoyVo3pBP70l Qlwl1jFhJ0WQL2n/xxb4UQS1lDEFsNc2shbbjfcRimzgDljTstePWW/JNSIYVgBB78oh oE9ddI7QjLL2xzK+HSxXR23YnlhEVDKmwQwb9PS+RBv0cSQTk6RBLlYpJBELdGn4zXxI i1qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=L6QoMgtwgL3tJe4GB/Ih7yflwSG3aQ00OepOaXpJEe4=; b=FlthVyviSjrlWqNxzMfu90rlf7t+lCeozhhRrhu5UVKkh02QeHc606tu3lUq3xs4y7 J+rPPFFWqAMUcSgIxfqlvnxGRwiIKeooAOLNlmrQqQ/dPJzyKwRerfgCsnY07+ks/1to dmKdykqIYuGwkZdWuU9AmvsxqOyXIsNU1KsBXo5/+T75AKXPYBeMuhH7fj6+Vf5k82JI netFTQ6s7FzG/9kakO7JGpb2OvHITDzm5oYgaaosdgAthb7JygiDRxPSHpyZfeNo8eRV kxbAjF7LY+FJi7Uc3ySfZ2tyNzN/OerPX3PGaj2EkX8CcpkiB3selOXJ4PMrNNSO3k8R 4u1g== X-Gm-Message-State: AOAM531Esmb7l0z3H+elFA/ULDWr5KviMCJfWrHi/OrMCqQv2Mhbixzc /YVJh+9Dee3wVZAO1OZN17+lMiQSzutwovoY0yM0gw== X-Google-Smtp-Source: ABdhPJyidyZ+9MInh37119ah6yTP6kCC84bdJzFaKW0zxyWyF1nd0YJqkrMB3Pbhc+Z/UFHH1FjJwSyi6hpdSvHXSCM= X-Received: by 2002:a81:7953:0:b0:2fe:f8a9:7e45 with SMTP id u80-20020a817953000000b002fef8a97e45mr6834348ywc.23.1652723871208; Mon, 16 May 2022 10:57:51 -0700 (PDT) Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Mon, 16 May 2022 10:57:15 -0700 Message-ID: Subject: Re: [RFC PATCH v2 00/21] KCFI support To: sedat.dilek@gmail.com Cc: linux-kernel@vger.kernel.org, Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, May 16, 2022 at 10:31 AM Sedat Dilek wrote: >> Anything Like LLVM cmake Options to be condidered and Set? > > > I activate Clang and LLD ad projects - OK - enough? Clang and LLD should be sufficient. >> This series is also available in GitHub: >> >> https://github.com/samitolvanen/linux/commits/kcfi-rfc-v2 >> >> >> > >> Can you please add a history of what changed? Oops, I forgot to include that. Changes in v2: - Changed the compiler patch to encode arm64 target and type details in the ESR, and updated the kernel error handling patch accordingly. - Changed the compiler patch to embed the x86_64 type hash in a valid instruction to avoid special casing objtool instruction decoding, and added a __cfi_ symbol for the preamble. Changed the kernel error handling and manual type annotations to match. - Dropped the .kcfi_types section as that=E2=80=99s no longer needed by objtool, and changed the objtool patch to simply ignore the __cfi_ preambles falling through. - Dropped the .kcfi_traps section on arm64 as it=E2=80=99s no longer needed= , and moved the trap look-up code behind CONFIG_ARCH_USES_CFI_TRAPS, which is selected only for x86_64. - Dropped __nocfi attributes from arm64 code where CFI was disabled due to address space confusion issues, and added type annotations to relevant assembly functions. - Dropped __nocfi from __init. > Nathan has a i915 cfi patch in His personal kernel.org Git. > Is this relevant to kcfi? It fixes a type mismatch, so in that sense it's relevant. > To distinguish between clang-cfi we should use different kbuild variables= for kcfi. The plan is to replace the current CFI implementation. Does reusing the kbuild variable names cause a problem? Sami From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E9BBFC433EF for ; Mon, 16 May 2022 17:58:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From: In-Reply-To:References:MIME-Version:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ykmHKOGwjl5QroNLKB81qwYSZiR8n4VIxrxou0fvu/Q=; b=zGUyXSAa0KPfhO 8WUiiEQY0QupRHOnSV5bCq9Cnev+aiBR9MEELyjSB31b1BMY7VW7j0Kgk7KFu4gBa7mmUPvsIu+vB G4F0tWlhViB7ubKQ1O7yVbsn2/oqVrQUTyPSAkuyq1TNx04iFkAKjo+WWuBngPrTbi9hK1Y9dd5he l46Bt6Kq57Ubu9ENOyQjlVMxQAwKG0A6q8ie98pxYIw8ML/ocf/KQF0qyprA2KICW88ERcS08ZsoN DU5jE19UqRbAIQjzRu/g8JlnCYrBqHJvAittIGJae0x6L0W1Yrlq/G/rzBas0e+fJ94zMljNvggtv /OiRuuV1sK0jy6l5DzBg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nqeyi-009SCu-DR; Mon, 16 May 2022 17:57:56 +0000 Received: from mail-yw1-x1130.google.com ([2607:f8b0:4864:20::1130]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nqeye-009SC2-E7 for linux-arm-kernel@lists.infradead.org; Mon, 16 May 2022 17:57:53 +0000 Received: by mail-yw1-x1130.google.com with SMTP id 00721157ae682-2fb9a85a124so158963547b3.13 for ; Mon, 16 May 2022 10:57:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=L6QoMgtwgL3tJe4GB/Ih7yflwSG3aQ00OepOaXpJEe4=; b=Zc6rshDMluaKoextbWcKCqT45DJDCK0JaPZ3RS4WxflJ5a/2R1FtVZTwvZq/ZC+Hvw EfTgd2+B7ClPEcqSvU7y+b3GnV3yZWIyV0f1D6fXPWl0YrRfJlN8YBXVUZIakI1yYwgV W4b5WxKlmQsSVJR+9wPV9YQIYhgG0gWlW6dezlkbaCdnwmnqx3jrkWESEoyVo3pBP70l Qlwl1jFhJ0WQL2n/xxb4UQS1lDEFsNc2shbbjfcRimzgDljTstePWW/JNSIYVgBB78oh oE9ddI7QjLL2xzK+HSxXR23YnlhEVDKmwQwb9PS+RBv0cSQTk6RBLlYpJBELdGn4zXxI i1qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=L6QoMgtwgL3tJe4GB/Ih7yflwSG3aQ00OepOaXpJEe4=; b=yZ5tOvhPUGNPeGnE25OacWFoXnIzunc9SMhtC/HrmJBjJjyTIsC6k8A0FztVp2bAHd nBv+CUaBRFiSau94NgycoYDKVLOKk6XbmoZhMRAX/WP/YVLyzqliBLtcm8iUEAEoZlYO rWFXWK3aA4BqegsHKTgu3x00NTxV5v84xCc4iEuoZR26HdIBUg0kTBlPS3025Xcugga9 4EhVotvGyYVEP9p3ubZjGdrLbpoX/teQfU1x2hNoVbR/I2Oss6vUAtnLARsUsK44eEiy ExoDIu5CbWguWjUgoiw8RhtqyqWdTgUGIubHS4ln5HbIoyCEkE+UuJTIq4ZmB4YxY0YT rQlg== X-Gm-Message-State: AOAM531gbkcfDNuJyU+a2Xz+3i19SXKydnB96GbwuHFkP5UAg8wOJ4IS Ew1vhPFrzwNCC6KigVV6QEXF10P6bv7FrjvfTsG2iw== X-Google-Smtp-Source: ABdhPJyidyZ+9MInh37119ah6yTP6kCC84bdJzFaKW0zxyWyF1nd0YJqkrMB3Pbhc+Z/UFHH1FjJwSyi6hpdSvHXSCM= X-Received: by 2002:a81:7953:0:b0:2fe:f8a9:7e45 with SMTP id u80-20020a817953000000b002fef8a97e45mr6834348ywc.23.1652723871208; Mon, 16 May 2022 10:57:51 -0700 (PDT) MIME-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Mon, 16 May 2022 10:57:15 -0700 Message-ID: Subject: Re: [RFC PATCH v2 00/21] KCFI support To: sedat.dilek@gmail.com Cc: linux-kernel@vger.kernel.org, Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220516_105752_512949_1C8277E3 X-CRM114-Status: GOOD ( 19.01 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org T24gTW9uLCBNYXkgMTYsIDIwMjIgYXQgMTA6MzEgQU0gU2VkYXQgRGlsZWsgPHNlZGF0LmRpbGVr QGdtYWlsLmNvbT4gd3JvdGU6Cj4+IEFueXRoaW5nIExpa2UgTExWTSBjbWFrZSBPcHRpb25zIHRv IGJlIGNvbmRpZGVyZWQgYW5kIFNldD8KPgo+Cj4gSSBhY3RpdmF0ZSBDbGFuZyBhbmQgTExEIGFk IHByb2plY3RzIC0gT0sgLSBlbm91Z2g/CgpDbGFuZyBhbmQgTExEIHNob3VsZCBiZSBzdWZmaWNp ZW50LgoKPj4gVGhpcyBzZXJpZXMgaXMgYWxzbyBhdmFpbGFibGUgaW4gR2l0SHViOgo+Pgo+PiAg IGh0dHBzOi8vZ2l0aHViLmNvbS9zYW1pdG9sdmFuZW4vbGludXgvY29tbWl0cy9rY2ZpLXJmYy12 Mgo+Pgo+Pgo+Pgo+Cj4+IENhbiB5b3UgcGxlYXNlIGFkZCBhIGhpc3Rvcnkgb2Ygd2hhdCBjaGFu Z2VkPwoKT29wcywgSSBmb3Jnb3QgdG8gaW5jbHVkZSB0aGF0LgoKQ2hhbmdlcyBpbiB2MjoKLSBD aGFuZ2VkIHRoZSBjb21waWxlciBwYXRjaCB0byBlbmNvZGUgYXJtNjQgdGFyZ2V0IGFuZCB0eXBl IGRldGFpbHMKaW4gdGhlIEVTUiwgYW5kIHVwZGF0ZWQgdGhlIGtlcm5lbCBlcnJvciBoYW5kbGlu ZyBwYXRjaCBhY2NvcmRpbmdseS4KLSBDaGFuZ2VkIHRoZSBjb21waWxlciBwYXRjaCB0byBlbWJl ZCB0aGUgeDg2XzY0IHR5cGUgaGFzaCBpbiBhIHZhbGlkCmluc3RydWN0aW9uIHRvIGF2b2lkIHNw ZWNpYWwgY2FzaW5nIG9ianRvb2wgaW5zdHJ1Y3Rpb24gZGVjb2RpbmcsIGFuZAphZGRlZCBhIF9f Y2ZpXyBzeW1ib2wgZm9yIHRoZSBwcmVhbWJsZS4gQ2hhbmdlZCB0aGUga2VybmVsIGVycm9yCmhh bmRsaW5nIGFuZCBtYW51YWwgdHlwZSBhbm5vdGF0aW9ucyB0byBtYXRjaC4KLSBEcm9wcGVkIHRo ZSAua2NmaV90eXBlcyBzZWN0aW9uIGFzIHRoYXTigJlzIG5vIGxvbmdlciBuZWVkZWQgYnkKb2Jq dG9vbCwgYW5kIGNoYW5nZWQgdGhlIG9ianRvb2wgcGF0Y2ggdG8gc2ltcGx5IGlnbm9yZSB0aGUg X19jZmlfCnByZWFtYmxlcyBmYWxsaW5nIHRocm91Z2guCi0gRHJvcHBlZCB0aGUgLmtjZmlfdHJh cHMgc2VjdGlvbiBvbiBhcm02NCBhcyBpdOKAmXMgbm8gbG9uZ2VyIG5lZWRlZCwKYW5kIG1vdmVk IHRoZSB0cmFwIGxvb2stdXAgY29kZSBiZWhpbmQgQ09ORklHX0FSQ0hfVVNFU19DRklfVFJBUFMs CndoaWNoIGlzIHNlbGVjdGVkIG9ubHkgZm9yIHg4Nl82NC4KLSBEcm9wcGVkIF9fbm9jZmkgYXR0 cmlidXRlcyBmcm9tIGFybTY0IGNvZGUgd2hlcmUgQ0ZJIHdhcyBkaXNhYmxlZApkdWUgdG8gYWRk cmVzcyBzcGFjZSBjb25mdXNpb24gaXNzdWVzLCBhbmQgYWRkZWQgdHlwZSBhbm5vdGF0aW9ucyB0 bwpyZWxldmFudCBhc3NlbWJseSBmdW5jdGlvbnMuCi0gRHJvcHBlZCBfX25vY2ZpIGZyb20gX19p bml0LgoKPiBOYXRoYW4gaGFzIGEgaTkxNSBjZmkgcGF0Y2ggaW4gSGlzIHBlcnNvbmFsIGtlcm5l bC5vcmcgR2l0Lgo+IElzIHRoaXMgcmVsZXZhbnQgdG8ga2NmaT8KCkl0IGZpeGVzIGEgdHlwZSBt aXNtYXRjaCwgc28gaW4gdGhhdCBzZW5zZSBpdCdzIHJlbGV2YW50LgoKPiBUbyBkaXN0aW5ndWlz aCBiZXR3ZWVuIGNsYW5nLWNmaSB3ZSBzaG91bGQgdXNlIGRpZmZlcmVudCBrYnVpbGQgdmFyaWFi bGVzIGZvciBrY2ZpLgoKVGhlIHBsYW4gaXMgdG8gcmVwbGFjZSB0aGUgY3VycmVudCBDRkkgaW1w bGVtZW50YXRpb24uIERvZXMgcmV1c2luZwp0aGUga2J1aWxkIHZhcmlhYmxlIG5hbWVzIGNhdXNl IGEgcHJvYmxlbT8KClNhbWkKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fCmxpbnV4LWFybS1rZXJuZWwgbWFpbGluZyBsaXN0CmxpbnV4LWFybS1rZXJuZWxA bGlzdHMuaW5mcmFkZWFkLm9yZwpodHRwOi8vbGlzdHMuaW5mcmFkZWFkLm9yZy9tYWlsbWFuL2xp c3RpbmZvL2xpbnV4LWFybS1rZXJuZWwK