Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp297762pxb; Tue, 19 Oct 2021 03:09:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwM2SIZY404qUBSo+MAmw0E95ZUSZ81XV+wx+jVrjiv9fZKKPs6uRX6lJPovwI2E4mBACPp X-Received: by 2002:aa7:9099:0:b0:44c:a3b5:ca52 with SMTP id i25-20020aa79099000000b0044ca3b5ca52mr34533354pfa.85.1634638194808; Tue, 19 Oct 2021 03:09:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634638194; cv=none; d=google.com; s=arc-20160816; b=oZyi96Wi1BI3jHxxZpmdq2Qr1U1Ya0RMnvwWB2YizEWPBqQhrvvYAnAZ9eJrOqwL3v 9K1ijzczmaLnriOPrnAr9UMh+h9lwxTWQ/oF4mYuqUqzcquurQYUk27lEAv4/csn8Ksl xr/My5Q7gEpMdK6NfhCAaSkkyNO8YPG7smqPmTBEtfHl/l1ryDyvGjoNLACTZIHurg6D 9ZMeboRsUpZw+dCQ62P5u4x4TSEqy65kFN9OnMvjK/mbPmLTuh2AYciNnMjR5sgZfNjW LaX8kQUl5CaLx29uBr9UUUHz6qSIy4eRk7XWGC05JazfifmFYAGP4G+NDZZew1oqz3yV Zudg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:reply-to:cc:from:to :dkim-signature:date; bh=LOFsSQgEL4w+fS68cEWnarmWnUdXiUZe2VQW9yMhlYk=; b=PivfdyZBGcCTkIMjIupj8pa2r52m7DTwOg4NH7oaBL+d5956QMk0bODJCUV7Sn4gSh 973aCAnvyBovyRL92r83P6zWjHWiuiO9CqjIH4soF2fMs+IJuv6XfvmJhVULcHGHdytN pNyEBjthLWSKInZnTltRjSb+xMssJq5xayjFP32MIaFL2CY9UhaCbmr8mMaudDeRuCnO 1xWx0xzCCCKxyRLUV3HAxokgIUqmG1YzGXrX34E4z/xad246ZpKja5ZPxidy44mlbz9Z URV9rU3vRTEDJvKOpHjJ43DVTnrKqzdUWxS8sDiGJMzAZPXbFdabAE8ZAFgqpn37+0Mj 4k8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@pm.me header.s=protonmail header.b=kgnUhhOx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b5si25034254pgt.22.2021.10.19.03.09.41; Tue, 19 Oct 2021 03:09:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@pm.me header.s=protonmail header.b=kgnUhhOx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=pm.me Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235150AbhJSKI5 (ORCPT + 99 others); Tue, 19 Oct 2021 06:08:57 -0400 Received: from mail-40133.protonmail.ch ([185.70.40.133]:41300 "EHLO mail-40133.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234999AbhJSKI4 (ORCPT ); Tue, 19 Oct 2021 06:08:56 -0400 Date: Tue, 19 Oct 2021 10:06:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail; t=1634637998; bh=LOFsSQgEL4w+fS68cEWnarmWnUdXiUZe2VQW9yMhlYk=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=kgnUhhOx8j6ksT5RA6+ox2FUcgrA4VVcqOldtTlgDhhKSNfUVd498eXSm5hL82SQn Vm3wvVOK0PrS3vSnid7gZE6SBQBntl4WR/Omv6Cq4Idpv6TJUU+pgbBB1XGTN1MYiT hNIk4CI43LHFyiElLWwvfQYkg0hJLXQrHSuGtYE8cw9xFo58ByNHjnTL7Mhk3WzwyN 08R/zkYS6jzfHnRjsWKuTL6BybGW+N7dAMV+Rd+b7FVIpJ8eXw0V4z3KeIxMpP+QAp nGqASZ2lfKwKJw1L75wTS8+Prb7EzGYyhsz+08EzUZjo0s3SkKNhwkJLmgWpd60aoP kHly93G10ZO4Q== To: Sami Tolvanen From: Alexander Lobakin Cc: Alexander Lobakin , x86@kernel.org, Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Reply-To: Alexander Lobakin Subject: Re: [PATCH v5 00/15] x86: Add support for Clang CFI Message-ID: <20211019095947.89257-1-alobakin@pm.me> In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> References: <20211013181658.1020262-1-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sami Tolvanen Date: Wed, 13 Oct 2021 11:16:43 -0700 > This series adds support for Clang's Control-Flow Integrity (CFI) > checking to x86_64. With CFI, the compiler injects a runtime > check before each indirect function call to ensure the target is > a valid function with the correct static type. This restricts > possible call targets and makes it more difficult for an attacker > to exploit bugs that allow the modification of stored function > pointers. For more details, see: > > https://clang.llvm.org/docs/ControlFlowIntegrity.html > > Note that v5 is based on tip/master. The first two patches contain > objtool support for CFI, the remaining patches change function > declarations to use opaque types, fix type mismatch issues that > confuse the compiler, and disable CFI where it can't be used. > > You can also pull this series from > > https://github.com/samitolvanen/linux.git x86-cfi-v5 Hi, I found [0] while was testing Peter's retpoline series, wanted to ask / double check if that is because I'm using ClangCFI for x86 on unsupported Clang 12. It is fixed in 13 I suppose? [0] https://lore.kernel.org/all/20211019094038.80569-1-alobakin@pm.me Thanks, Al