Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1741195iob; Sat, 14 May 2022 19:23:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw+wqYbKrrrDdtMHCPKPXK5n9CRt4/9iYl+LXMTSvv+0vKOHSmAEIPoeL4HDj6kZF3UKg2f X-Received: by 2002:a17:906:c10c:b0:6fa:24e1:2fd3 with SMTP id do12-20020a170906c10c00b006fa24e12fd3mr10209108ejc.231.1652581386398; Sat, 14 May 2022 19:23:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652581386; cv=none; d=google.com; s=arc-20160816; b=JjLd+GntmiqqblE9W+Mo+L4VWua2bHebqvMcypUITcYL0VxeCETO7mvx8m8oaX59i7 t2+a+3NFWXbPxCXZGzTF3pCUGs3Kbm7Peqnh6Bf1+4YgLt+NYnYSVGomVNuu7hvz8W2H op+TuJ4jLP0rIIsR1UYFykwfR2rWc0sJ42ITfp/YgUwKXIVheUbynGYr0cqtUUj8b51l sto3O55XQTI5nYtdoYmel23/ynAo9jxiOYrDw7+/WYddGljHuUWUS8hZenWdttkaWqMT IivIEouS9WCNWP4GpdvVzoSpt5WVkMCXs7obmA36ulwOOs5oB0TAlX1NOEeFB1ESr2iQ hLMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=e29OYJF0Cr34NWXtjSnWsGpG9iO/e7RRuuLzidaM53E=; b=r5dqFKFKE6x3fx1kFwQy9IyD0QhsLzSMVfdpR2YHWttXDzo19M4+1e4mPTp5o+7asK Lq4M+kw9q/VeEWVbQTuCqzoYLRMqO53UgZ7LFrffPOtejhlzDcOsMehIboWDL6KfX9lt Y+4k8G+eGkC4TBxohTtdRmo8uwqjXZSK5oqYwnVZdC866nwmDxr6z/lIkXG0YQ5KufyM 7ZPGB7qDkolYaBzHUNJmMeP/CINRcPHXOkr5tQEvK8VqLjgKBn1Rcr1+teBjT4/MNzrC ahQNK12TGxs6nZbVGFedSpbYYhQGNuwpIL9YfFgqWns6NpHxioHNc5i4P0EzS7xaSKDM b4kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iLL3cfRM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o17-20020a170906975100b006f3ed35a97dsi5955506ejy.63.2022.05.14.19.22.07; Sat, 14 May 2022 19:23:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iLL3cfRM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235329AbiENVqz (ORCPT + 99 others); Sat, 14 May 2022 17:46:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229839AbiENVqw (ORCPT ); Sat, 14 May 2022 17:46:52 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96BBB63AF for ; Sat, 14 May 2022 14:46:51 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id w17-20020a17090a529100b001db302efed6so10850837pjh.4 for ; Sat, 14 May 2022 14:46:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=e29OYJF0Cr34NWXtjSnWsGpG9iO/e7RRuuLzidaM53E=; b=iLL3cfRMy+bNRF6yJMjDw3XvgwGT5nul36IUUc3BfjbVqT/89mvtX0Y9OzZeN0R4Gu W178b+kjzr8Lf53lXiq7GHB/hfPD1hgiN4QTbUs3bRLflRujC0OJjNTHm2LZ3xS18mLX NRFhidoGxgqGZWfBgeQ3q0MvXRxhcwrfDkb+8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=e29OYJF0Cr34NWXtjSnWsGpG9iO/e7RRuuLzidaM53E=; b=THx+puAPk7gouqCO85bCeV+eAMr9lo0Q/yjopnzbDhRrNsFvt9lEeFkG8HagS94Gg+ irJUmUtG+5TsDdodcIsa+RYLQHl0jfDC21Gcpx3h003Q94bHlF88pqJs87pcBXeeGK82 Cf/2hpCLBV1hrXpFvqh0KfeetJBlhOML7CnNGJENn/b1lDcZL/D8RBxCvP9Zn5kxMUOn SKE0L4XnCiyg32moeLSOLQQuvgFvrGSXX3tWNfdgyr79/1kL+kHeyFHjgyq92jGT6N3Y Ak189PXFO1nuAOPy4chIY7RNZ5kzTAX5cGWeyMT3VzUpjcFsH/p4+ctsLJD8evkoFAhT eCWA== X-Gm-Message-State: AOAM531pfVv/6gKEuczsw5gkB0wfZoD6gbyKpF4Yw4PuSzW8B3D82qsh uSDIlcymLZHyABYDpEZcZUEDHw== X-Received: by 2002:a17:903:189:b0:15e:9584:fbe7 with SMTP id z9-20020a170903018900b0015e9584fbe7mr10635100plg.65.1652564811104; Sat, 14 May 2022 14:46:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id j11-20020a056a00174b00b0050dc76281bfsm4049680pfc.153.2022.05.14.14.46.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 May 2022 14:46:50 -0700 (PDT) Date: Sat, 14 May 2022 14:46:50 -0700 From: Kees Cook To: Sami Tolvanen Cc: linux-kernel@vger.kernel.org, Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Subject: Re: [RFC PATCH v2 06/21] cfi: Switch to -fsanitize=kcfi Message-ID: <202205141444.9F32C94D9@keescook> References: <20220513202159.1550547-1-samitolvanen@google.com> <20220513202159.1550547-7-samitolvanen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220513202159.1550547-7-samitolvanen@google.com> X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 13, 2022 at 01:21:44PM -0700, Sami Tolvanen wrote: > Switch from Clang's original forward-edge control-flow integrity > implementation to -fsanitize=kcfi, which is better suited for the > kernel, as it doesn't require LTO, doesn't use a jump table that > requires altering function references, and won't break cross-module > function address equality. > > Signed-off-by: Sami Tolvanen Yes please. And just to note it somewhere: landing the KCFI implementation on Clang depends on this series being accepted (i.e. if the arm64 and x86 maintainers are happy with this series, then that'll unblock landing it in Clang (no reason to land something that won't get used.) Reviewed-by: Kees Cook -- Kees Cook