Re: [PATCH v3 0/9] Add support for Control-Flow Integrity

From: Daniele Buono <dbuono@linux.vnet.ibm.com>
To: Cornelia Huck <cohuck@redhat.com>, Alexander Bulekov <alxndr@bu.edu>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH v3 0/9] Add support for Control-Flow Integrity
Date: Fri, 6 Nov 2020 08:35:59 -0500	[thread overview]
Message-ID: <e2e27a18-a0d0-77c2-5e5d-b4c210fec177@linux.vnet.ibm.com> (raw)
In-Reply-To: <20201106134747.7c9a5050.cohuck@redhat.com>

Hi Cornelia,

I don't have a real preference either way.

So if it is acceptable to have the clang11+ patches separated and
handled by the maintainers for the proper subsystem, I'd say whatever
the maintainers prefer.

In my opinion, the patches for clang11+ support may be merged
separately.

I'm saying this because, from my tests, the only feature that needs
clang11+ to compile with Control-Flow Integrity is fuzzing.
However, the main way we're fuzzing QEMU is through OSSfuzz, and I don't
think their infrastructure is using a compiler that new, so we wouldn't
be able to enable it anyway. (Alex can chip in to confirm this)
On the other hand, if someone is looking for temporary support in-house,
they can just add -Wno-[...] as extra-cflags until the additional
patches land. (Assuming CFI lands before the clang11+ patches).

Regards,
Daniele

On 11/6/2020 7:47 AM, Cornelia Huck wrote:
> On Thu,  5 Nov 2020 17:18:56 -0500
> Daniele Buono <dbuono@linux.vnet.ibm.com> wrote:
> 
>> This patch adds supports for Control-Flow Integrity checks
>> on indirect function calls.
>>
>> Requires the use of clang, and link-time optimizations
>>
>> Changes in v3:
>>
>> - clang 11+ warnings are now handled directly at the source,
>> instead of disabling specific warnings for the whole code.
>> Some more work may be needed here to polish the patch, I
>> would kindly ask for a review from the corresponding
>> maintainers
> 
> Process question :)
> 
> Would you prefer to have this series merged in one go, or should
> maintainers pick the patches for their subsystem?
> 
>> - Remove configure-time checks for toolchain compatibility
>> with LTO.
>> - the decorator to disable cfi checks on functions has
>> been renamed and moved to include/qemu/compiler.h
>> - configure-time checks for cfi support and dependencies
>> has been moved from configure to meson
>>
>> Link to v2: https://www.mail-archive.com/qemu-devel@nongnu.org/msg753675.html
>> Link to v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg718786.html
>>
>> Daniele Buono (9):
>>    fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
>>    s390x: fix clang 11 warnings in cpu_models.c
>>    hw/usb: reorder fields in UASStatus
>>    s390x: Avoid variable size warning in ipl.h
>>    scsi: fix overflow in scsi_disk_new_request_dump
>>    configure,meson: add option to enable LTO
>>    cfi: Initial support for cfi-icall in QEMU
>>    check-block: enable iotests with cfi-icall
>>    configure/meson: support Control-Flow Integrity
>>
>>   accel/tcg/cpu-exec.c          | 11 +++++++++
>>   configure                     | 26 ++++++++++++++++++++
>>   hw/s390x/ipl.h                |  4 +--
>>   hw/scsi/scsi-disk.c           |  4 +++
>>   hw/usb/dev-uas.c              |  2 +-
>>   include/qemu/compiler.h       | 12 +++++++++
>>   meson.build                   | 46 +++++++++++++++++++++++++++++++++++
>>   meson_options.txt             |  4 +++
>>   plugins/core.c                | 37 ++++++++++++++++++++++++++++
>>   plugins/loader.c              |  7 ++++++
>>   target/s390x/cpu_models.c     |  8 +++---
>>   tcg/tci.c                     |  7 ++++++
>>   tests/check-block.sh          | 18 ++++++++------
>>   tests/qtest/fuzz/fork_fuzz.ld | 12 ++++++++-
>>   util/main-loop.c              | 11 +++++++++
>>   util/oslib-posix.c            | 11 +++++++++
>>   16 files changed, 205 insertions(+), 15 deletions(-)
>>
> 
> 