Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp2915434pxb; Tue, 24 Aug 2021 10:30:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwtVZw1uoGYQEfLdFDRbH+gJ0pg1nTjWmg0d3BKOrw9nFlDP+0LgEg/a9+lfl11QP3UK9hh X-Received: by 2002:a02:3846:: with SMTP id v6mr947285jae.45.1629826220902; Tue, 24 Aug 2021 10:30:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629826220; cv=none; d=google.com; s=arc-20160816; b=huT9d7Dm3kS0ZTlhYtd71sDcvT8zJt3ZJ20e66Fr0WxaY1NIUR80N4kbgxtzLHM4Ae X2O4DbGuvFBrSfG1Rprl5O4HzRNEceyaunzZAICjTZqjo8vz+gkda/pzYdH3Nj2Ky7wU wKn6Y1wRN+CKqPKcuw5yNqoSMdOy3kQFNrVlagJqF21QLi1cRNHFUUqi28N8jrVfapnU 9KY5WMhvw3/WTS+ECovUYgtTcTSpmeqm53ULzDMuP1tgGHZzwWN8Ptzs0r4QzsGfjjO3 sUmUuWmsJZmDOHDdTl+uPdvaXvYXC23/UI1sNdyioLQgn+FNXXdo/s9/kvgc4gFiCbNx Gq7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=wH/laxt92cAPsS5DORg7moxidJ+sFb/ugbwwhp2S/dk=; b=B+DMHB3NoEhYYq13n2WkYojKocFm5INS7fEZ24bo/5iOEP3xN727pJHHuSwa27I8gS +rpj9PdLhRu4KMf/A11NdPCvJ0BZVsGm6FS0DlOw5kZemHc1uKOGUhJdZ4sffYVkPcEe tEThOiscvnNAqNnzsW4VDCnnhIZsY+58LPNEsK74yFSbcZaphEPVvhRiiYyHUsfCWFlz 6JME986pmv6ZBa4l3mxG8iGjiA/oIqu+94OnYM8QqPenfUR1izyRw8GdJZliVv6vLMMX zY4l+W5KoWBNNm66PNTykhhR9HtITANGsej0BWYGtwXsJx2sfek/gAutCLaWwf+U5Zrv ctcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BfMltmJ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f16si17114190ils.116.2021.08.24.10.30.08; Tue, 24 Aug 2021 10:30:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BfMltmJ2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239623AbhHXRaB (ORCPT + 99 others); Tue, 24 Aug 2021 13:30:01 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:48382 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240796AbhHXR1G (ORCPT ); Tue, 24 Aug 2021 13:27:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1629825981; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wH/laxt92cAPsS5DORg7moxidJ+sFb/ugbwwhp2S/dk=; b=BfMltmJ2oONaD9ejn17glMjs9P0bRR9kUzA6Pry+9ECSWyGVz4ycy6wgEUByz+V4JhUJ9s HPAmF1i0qqRWSbIfut4PbxJGn5ySNPozWxwmNghWcvg8nVKsNFdG/k1NefB85ZOgXIMYjK RoOUIkRd9llpoWWOx8eAPu/aVihsHBE= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-583-soa92xYrMeuWyaB4Ue6H3w-1; Tue, 24 Aug 2021 13:26:19 -0400 X-MC-Unique: soa92xYrMeuWyaB4Ue6H3w-1 Received: by mail-qk1-f199.google.com with SMTP id s206-20020a3745d70000b02903b9207abc7bso14799042qka.4 for ; Tue, 24 Aug 2021 10:26:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=wH/laxt92cAPsS5DORg7moxidJ+sFb/ugbwwhp2S/dk=; b=dwXtCvWXmcGkWfejv7hV/ItsuG5tq+AzPJO1sFJyJD7/Kf01yfUwFjeHzAKtmyuGai VTBO8LKQoLIE4Ix7C4AUPH0RYWTDCDjJQiFrhgrJy+AtPokLMbuhtVx/7tX288vzAqoW XyBPvdppCQTpUAMQBdecoUzwX7yTxHaWIqT/T03UZIvZyza7Oiyt7WgBkbjPf/Y7LPdk VuNg7JUOyeKmUkFGY6TFi6E+lCfLxI9ysty+nXnrC4+zpyzPKsRgBE9kei73WzVkl3gL K1d393dJHx3US/wNiqBqreiCPmULJBZ8WMad86Y602GgfzkpE/etS/4bkyMYgQ73EAUw 5zMQ== X-Gm-Message-State: AOAM532sOqxYDKWyKCsu8ilMaJPJ/9Ckdks0WqKqGau0RavFm9lirAhS 1i6JxejCvrZElu20jhZ/ORNz1k8GO/xNdbD/inrA+LKxiTRLcXQNQc/Q0GdmUiCAYYAOrtGcM1k 5P/jpTNFdkuhZMXi5sBILwiMI X-Received: by 2002:a37:4141:: with SMTP id o62mr6348367qka.380.1629825979547; Tue, 24 Aug 2021 10:26:19 -0700 (PDT) X-Received: by 2002:a37:4141:: with SMTP id o62mr6348347qka.380.1629825979334; Tue, 24 Aug 2021 10:26:19 -0700 (PDT) Received: from tstellar.remote.csb (97-120-182-34.ptld.qwest.net. [97.120.182.34]) by smtp.gmail.com with ESMTPSA id t66sm11093328qkc.3.2021.08.24.10.26.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Aug 2021 10:26:18 -0700 (PDT) Subject: Re: [PATCH v2 00/14] x86: Add support for Clang CFI To: Sami Tolvanen Cc: X86 ML , Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , linux-hardening@vger.kernel.org, LKML , clang-built-linux References: <20210823171318.2801096-1-samitolvanen@google.com> <1706ee8e-c21c-f867-c0be-24814a92b853@redhat.com> From: Tom Stellard Message-ID: <9349a92d-f2a7-9ee4-64db-98d30eadc505@redhat.com> Date: Tue, 24 Aug 2021 10:26:16 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/23/21 10:20 AM, Sami Tolvanen wrote: > On Mon, Aug 23, 2021 at 10:16 AM Tom Stellard wrote: >> >> On 8/23/21 10:13 AM, 'Sami Tolvanen' via Clang Built Linux wrote: >>> This series adds support for Clang's Control-Flow Integrity (CFI) >>> checking to x86_64. With CFI, the compiler injects a runtime >>> check before each indirect function call to ensure the target is >>> a valid function with the correct static type. This restricts >>> possible call targets and makes it more difficult for an attacker >>> to exploit bugs that allow the modification of stored function >>> pointers. For more details, see: >>> >>> https://clang.llvm.org/docs/ControlFlowIntegrity.html >>> >>> Version 2 depends on Clang >=14, where we fixed the issue with >>> referencing static functions from inline assembly. Based on the >>> feedback for v1, this version also changes the declaration of >>> functions that are not callable from C to use an opaque type, >>> which stops the compiler from replacing references to them. This >>> avoids the need to sprinkle function_nocfi() macros in the kernel >>> code. >> >> How invasive are the changes in clang 14 necessary to make CFI work? >> Would it be possible to backport them to LLVM 13? > > I'm not sure what the LLVM backport policy is, but this specific fix > was quite simple: > > https://reviews.llvm.org/rG7ce1c4da7726 > That looks like something we could backport, I filed a bug to track the backport: https://bugs.llvm.org/show_bug.cgi?id=51588. Do you have any concerns about backporting it or do you think it's pretty safe? -Tom > Sami >