From: Daniele Buono <dbuono@linux.vnet.ibm.com>
To: Eric Blake <eblake@redhat.com>, qemu-devel@nongnu.org
Cc: "Paolo Bonzini" <pbonzini@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Alexander Bulekov" <alxndr@bu.edu>
Subject: Re: [PATCH v2 0/6] Add support for Control-Flow Integrity
Date: Sat, 24 Oct 2020 07:58:57 -0400 [thread overview]
Message-ID: <ca8020e4-53ac-9713-51d1-d80ca75a22e2@linux.vnet.ibm.com> (raw)
In-Reply-To: <947e698f-a582-956d-5b42-1dee6442f15d@redhat.com>
On 10/23/2020 4:33 PM, Eric Blake wrote:
> On 10/23/20 3:06 PM, Daniele Buono wrote:
>> v2: Several months (and structural changes in QEMU) have passed since v1.
>> While the spirit of the patch is similar, the implementation is changed
>> in multiple points, and should address most if not all the comments
>> received in v1.
>
>> 5) Most of the logic to enable CFI goes in the configure, since it's
>> just a matter of checking for dependencies and incompatible options.
>> However, I had to disable CFI checks for a few TCG functions.
>> This can only be done through a blacklist file. I added a file in the
>> root of QEMU, called cfi-blacklist.txt for such purpose. I am open to
>> suggestions on where the file should go, and I am willing to become the
>> maintainer of it, if deemed necessary.
>
> In the meantime, we have commits like:
>
> commit b199c682f1f0aaee22b2170a5fb885250057eec2
> Author: Philippe Mathieu-Daudé <philmd@redhat.com>
> Date: Thu Sep 10 09:01:31 2020 +0200
>
> target/i386/kvm: Rename host_tsx_blacklisted() as host_tsx_broken()
>
> In order to use inclusive terminology, rename host_tsx_blacklisted()
> as host_tsx_broken().
>
> which may help you in coming up with a more appropriate name for the new
> file.
>
>>
>> MAINTAINERS | 5 +
>> accel/tcg/cpu-exec.c | 9 ++
>> configure | 214 ++++++++++++++++++++++++++++++++++
>> include/qemu/sanitizers.h | 22 ++++
>> meson.build | 3 +
>> plugins/core.c | 25 ++++
>> plugins/loader.c | 5 +
>> tcg/tci.c | 5 +
>> tests/check-block.sh | 18 +--
>> tests/qtest/fuzz/fork_fuzz.ld | 12 +-
>> util/main-loop.c | 9 ++
>> util/oslib-posix.c | 9 ++
>> 12 files changed, 328 insertions(+), 8 deletions(-)
>> create mode 100644 include/qemu/sanitizers.h
>
> although I don't see a new file by that name here, so perhaps the v1
> overview is now stale?
>
Correct, the v1 overview is stale on that regard. V2 is not using a
"broken" file anymore. CFI is now disabled by using an attribute
directly on the code.
From the v2 overview:
* Instead of disabling CFI in specific functions by using a filter file,
disable cfi by using a new decorator to be prefixed to the function
definition.
Beside the removal of a non-inclusive term, I believe this is a better
way to track functions, since it is directly inside the code so everyone
working on those functions will see it immediately. It's safer with
regards of function naming changes and, hopefully, this will make
maintaining cfi easier.
next prev parent reply other threads:[~2020-10-24 12:00 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-23 20:06 [PATCH v2 0/6] Add support for Control-Flow Integrity Daniele Buono
2020-10-23 20:06 ` [PATCH v2 1/6] fuzz: Make fork_fuzz.ld compatible with LLVM's LLD Daniele Buono
2020-10-23 20:06 ` [PATCH v2 2/6] configure: avoid new clang 11+ warnings Daniele Buono
2020-10-24 5:17 ` Thomas Huth
2020-10-24 12:42 ` Daniele Buono
2020-10-26 9:50 ` Paolo Bonzini
2020-10-26 15:03 ` Daniele Buono
2020-10-26 15:12 ` Paolo Bonzini
2020-10-26 21:40 ` Daniele Buono
2020-10-26 22:08 ` Peter Maydell
2020-10-27 11:26 ` Thomas Huth
2020-10-27 11:38 ` Cornelia Huck
2020-10-27 16:17 ` Daniele Buono
2020-10-23 20:06 ` [PATCH v2 3/6] configure: add option to enable LTO Daniele Buono
2020-10-26 9:51 ` Paolo Bonzini
2020-10-26 15:50 ` Daniel P. Berrangé
2020-10-27 14:57 ` Daniele Buono
2020-10-27 15:17 ` Daniel P. Berrangé
2020-10-27 20:42 ` Daniele Buono
2020-10-28 6:44 ` Paolo Bonzini
2020-10-28 18:22 ` Daniele Buono
2020-10-29 10:19 ` Paolo Bonzini
2020-10-28 9:35 ` Alex Bennée
2020-10-28 18:47 ` Daniele Buono
2020-10-23 20:06 ` [PATCH v2 4/6] cfi: Initial support for cfi-icall in QEMU Daniele Buono
2020-10-26 9:52 ` Paolo Bonzini
2020-10-27 10:11 ` Alex Bennée
2020-10-23 20:06 ` [PATCH v2 5/6] check-block: enable iotests with cfi-icall Daniele Buono
2020-10-23 20:06 ` [PATCH v2 6/6] configure: add support for Control-Flow Integrity Daniele Buono
2020-10-26 10:00 ` Paolo Bonzini
2020-10-23 20:33 ` [PATCH v2 0/6] Add " Eric Blake
2020-10-24 11:58 ` Daniele Buono [this message]
2020-10-26 9:26 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca8020e4-53ac-9713-51d1-d80ca75a22e2@linux.vnet.ibm.com \
--to=dbuono@linux.vnet.ibm.com \
--cc=alxndr@bu.edu \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.