Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp209097iob; Mon, 2 May 2022 17:16:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyojajBnJKpnv8OHTaR8xdYQv7gUH+Gng0ABH4rOv2riC9PijSCu9554AR7vn7+CGIE7vqP X-Received: by 2002:a63:e60b:0:b0:3c2:2450:135a with SMTP id g11-20020a63e60b000000b003c22450135amr5624600pgh.8.1651536981321; Mon, 02 May 2022 17:16:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651536981; cv=none; d=google.com; s=arc-20160816; b=mTBKPI6LGFjEqtHKgdu7+PBBWMpEfbCxAgQv4tsnsJFl027v6GA4KXrXC+zEiXgh4a HLEt7u1UNr9dsqDcOLnLVSdv//jJebbLtjLhE6qb75efEy8XBq/Fvs3O9Zpom5e/B6fc 9ObjmNy+h9fWFWD/ugolzsh3wQsZDFIhX3HGPPy6+zg1iv++8TQXLbmPGmWD5be3FKkp DfS/iQscBjII36qqrrSxvHgbx4JflXZxq2OnIcF5IWqLgDZGURWcTi5U9hUQj4/mfMDM uGsnxykZG/ap8hKuMqCeGp0QmRWu/2zAi7BQMGo+lAHDpeeBLvhymQkEwFCFCvmoTAg9 jp8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=JrJ5Up6tIRRW5Mxs+/9PXH6BK6Q48YyALZseWmr3avA=; b=uL/35bBSawpjFWWQsLL/s96u9Gs3im2l6BIgpx2N7lsdsWwBYTZi7yR7tjr7UlxJPW Q/86gQXCq0ck2LWDiORwMsQOQU52ai+gThOAHhQuCR4GGf/WGuXR5KzTvy3CH6QQrn+D 4QaRedNFBJqf+4/kJU0MvAkqiAhkv0jlerbagPWL0+JnDag5SGZhYbo0VyYuwb3JUkuA JOzkbTUoX9WUabTMb/EiUiDhDLkz0iEPaUIuw0KkuSok8NgxTZwGhV1QjyjB3WGJhhkb KXhR1NNS+a6o28cLsdCWtbAMoVojFfdUfb7IL41Row2EsF+derrx1PQ8Vm/SOfe9Ctv/ tqbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=esBlUhgl; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id mh18-20020a17090b4ad200b001dc5690084dsi758587pjb.172.2022.05.02.17.16.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 May 2022 17:16:21 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=esBlUhgl; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id F155235A87; Mon, 2 May 2022 17:14:28 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381630AbiD2W4i (ORCPT + 99 others); Fri, 29 Apr 2022 18:56:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239840AbiD2W4g (ORCPT ); Fri, 29 Apr 2022 18:56:36 -0400 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AA7F7B3C60 for ; Fri, 29 Apr 2022 15:53:14 -0700 (PDT) Received: by mail-pf1-x42f.google.com with SMTP id y14so8042827pfe.10 for ; Fri, 29 Apr 2022 15:53:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=JrJ5Up6tIRRW5Mxs+/9PXH6BK6Q48YyALZseWmr3avA=; b=esBlUhglB9jCI2Ncth42eo2IMjtAy4YW4mTLvt3OzArSE3z90VovKH/o+BFbP3EssP JaCdFvrUUP7i40tzjcYF0lquuriKN1llnUUyvzwFwrGkI7j8MjvoA0RgJ17uWCOe5j77 +igUVwBVzTTxT7qU1IAL9BiZ2pi/eoIAUusFM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=JrJ5Up6tIRRW5Mxs+/9PXH6BK6Q48YyALZseWmr3avA=; b=AGQ3oaI3XbUbNSxYbRSHJKgmW9jXu01mMkTOCq9GYfHKMQFblHieXmL4zCLDQgIacp Fpjc/tF+vYxzQIYCM1TkZgLucqg1nLUeyHGhMgO/DZTmmyNlEukTPhukp7KPBESPm0gB AwSaJHOQ5CFhFYMHTcdcZYFtqPY+3lLGVcFghZS950Ob8HFJgSTrLtwuKXwA6VMJoFew /LYsZ/Nq/gEXUwJE7zoJb/gubisaxfRlm+qnDrsXcxLrQzxF7u30VcheS0ygXO82cL0T Z2qHFxHDB8le7KbYgt3E9opYffa/ahTyptcN+cYpHYfBCSKndCzAhzhTRma60tgAqElb uLKw== X-Gm-Message-State: AOAM531OidwRVCun6p8cYRv/x5CaEOFY0imtwl5f77XRXAibVReWxmTi fYE9sehmk27ZaHZGkvir1wj4eQ== X-Received: by 2002:a63:dd54:0:b0:3a8:f358:5b3f with SMTP id g20-20020a63dd54000000b003a8f3585b3fmr1141335pgj.97.1651272794165; Fri, 29 Apr 2022 15:53:14 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id c8-20020aa78808000000b0050dc7628172sm200051pfo.76.2022.04.29.15.53.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Apr 2022 15:53:13 -0700 (PDT) Date: Fri, 29 Apr 2022 15:53:12 -0700 From: Kees Cook To: Peter Zijlstra , Mark Rutland , Josh Poimboeuf , Will Deacon , Catalin Marinas Cc: Sami Tolvanen , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-kernel@vger.kernel.org, x86@kernel.org, linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Subject: Re: [RFC PATCH 00/21] KCFI support Message-ID: <202204291545.47C6A97EA2@keescook> References: <20220429203644.2868448-1-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20220429203644.2868448-1-samitolvanen@google.com> X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 29, 2022 at 01:36:23PM -0700, Sami Tolvanen wrote: > KCFI is a proposed forward-edge control-flow integrity scheme for > Clang, which is more suitable for kernel use than the existing CFI > scheme used by CONFIG_CFI_CLANG. KCFI doesn't require LTO, doesn't > alter function references to point to a jump table, and won't break > function address equality. ???? :) > The latest LLVM patches are here: > > https://reviews.llvm.org/D119296 > https://reviews.llvm.org/D124211 > > [...] > To test this series, you'll need to compile your own Clang toolchain > with the patches linked above. You can also find the complete source > tree here: > > https://github.com/samitolvanen/llvm-project/commits/kcfi-rfc And note that this RFC is seeking to break a bit of a circular dependency with regard to the design of __builtin_kcfi_call_unchecked (D124211 above), as the implementation has gone around a few times in review within LLVM, and we want to make sure that kernel folks are okay with what was settled on. If there are no objections on the kernel side, then we can land the KCFI patches, as this is basically the only remaining blocker. -Kees -- Kees Cook