Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp190160lfo; Tue, 17 May 2022 21:49:30 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxhXYE4h2hWTpEiyiNavXgcCGSkYCQvW3NlYP7rjO+cNCa0q9tCSX2mVH0KkP3YHAu3ldKd X-Received: by 2002:a17:90a:1b6c:b0:1df:6940:e856 with SMTP id q99-20020a17090a1b6c00b001df6940e856mr12014391pjq.240.1652849370413; Tue, 17 May 2022 21:49:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652849370; cv=none; d=google.com; s=arc-20160816; b=B87EpHSvnWUQyvhiPUfWZCVGiMVOw+T6fk7qUEioWGzNQSQKl0bVBqrF8acEKsYBsr EKtK6hCvChUKLCnfGIdBIS26bGBlvwYB5igfQo8XSMvQL3zGfvGAsvR8inUCTUpNfgqW A22OG21GuqyovehdrAwFna5ZHtWIOsEjecVVP71+bnHDJD6iuRvH37iMvN3CoI1qX4gV fQCSfceYU5sL/7tAN8f1YfHOTvz7R6ciS7Rm9s8yhYeHrX1D7JpW7CUggMpb9NxJlegi 7emDxn3hJ3bOLn6tLtf6EAgNp0i0ETw/joUkA+gKODsSaIBfs2tIpJqc1YI2y7LIII3M ioTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=wkLF6OT1t2YOSmlQuHNSc8YMQFZWsweJNSK3A1X9WFc=; b=oWGvd9s5PAwhs5IdKvPirpmkPcjXBIMQj+LCrilXlrjB+onkb9X0h74DLDJlPJR4Ee 3O0cKfxiyFQaaBMffqZcu9LUKZnM8+s+ouwGm+OSO1Fn5y/NudxgHW39N253E4QcrSfO 2WrQ9FSg/hqKHTLszUplc96+3CjAzNP7aWToDfuDfmmNEq1eyg0SFOwPhP90/TaHiinY FTsiO9a2F9IVUKqx98uT6qp4z86YWt6+aRMQfgFhQZJ9Vm/7ZgBXHsVlYUwFJNih6kF/ 9qebD4EgYSn3f3zoIJu4Q7rPBDItbaTrgW3jNHrV4t9jwTbFOge54FuaqMMY0ALuPGC6 OAPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lRLBJQQG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id g16-20020a056a000b9000b004fac74c8c8asi2041861pfj.329.2022.05.17.21.49.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 May 2022 21:49:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=lRLBJQQG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id ADE2C13F44; Tue, 17 May 2022 21:00:18 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237746AbiEQU0i (ORCPT + 99 others); Tue, 17 May 2022 16:26:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232959AbiEQU0g (ORCPT ); Tue, 17 May 2022 16:26:36 -0400 Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76DEB527EA for ; Tue, 17 May 2022 13:26:35 -0700 (PDT) Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-2ec42eae76bso2945347b3.10 for ; Tue, 17 May 2022 13:26:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wkLF6OT1t2YOSmlQuHNSc8YMQFZWsweJNSK3A1X9WFc=; b=lRLBJQQGJdCf/Vu5j6vHzWkLG9PUWk/gz7qLmFYdfdeMrVMiDYwEGSqEgimFBRs/WR O4fzMukpLDP635Z0lxkIi/bGO+6noGtP3ot9Q6tPrpn5Qgc8EBWqdICI1eFCMI80Ma8f 3pmbS7srfTEV/kcWtkPkbs4OUB9yf9NtfT3b3XSlogZZaNp0x1O7QOpDXUpYtygcePvN r44Nl5IDZG3YlfUztaaVn5/rsfAb7pQG3FUP3uVcOUwlKpzvjWE1Js0p/1TuDq4NRwPT ySAm9/hX9TNiNyu3JgtBpjTrtlclAwH3eZZ8opRa481V27pvCsGDX/3oZhvbvnsW3dLn tX0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wkLF6OT1t2YOSmlQuHNSc8YMQFZWsweJNSK3A1X9WFc=; b=eCyAzJrpB6RHW3C8l4SPYb8dOCnQqIrrIxKqJt5KrbihTJVwYoQBdxsMfart9a3nPu /etXC9SnSLros239cv4XJzdJ4FQ7KB0o01a79IfPh0xqNT0RY/PzKOgHULb84n5yMZ0L TDDLM34ny21/MwLu/ZM/1JG0u5+fu/z8CS0cIMxf9I56/n1RzUr74fsXqWoaK4+BXbqb BZ/UmVn2nP7FILMzp6ilmvEIiZjZbYMgm5SyQ9jCCM/HSwRf3l/QFBhMCCAEj2g9GU/z VkeITpa87T+ch1u9kft99urEwmRDs8lvyOZHOYz4TGioxgx8DniCUW0uJ/kUzX9M46G5 gzWQ== X-Gm-Message-State: AOAM532FTmdmDWmSC6Bb9T1+YsHF6f6+mPPOQl0YDnma9eTHk0Mw1uM6 NsuSexMUXUnkVzjOc7jfBh6EOjgd8DqIxt4QsVYH5A== X-Received: by 2002:a81:2008:0:b0:2f8:3968:e70a with SMTP id g8-20020a812008000000b002f83968e70amr28536127ywg.321.1652819194477; Tue, 17 May 2022 13:26:34 -0700 (PDT) MIME-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> In-Reply-To: From: Sami Tolvanen Date: Tue, 17 May 2022 13:25:58 -0700 Message-ID: Subject: Re: [RFC PATCH v2 00/21] KCFI support To: Peter Zijlstra Cc: LKML , Kees Cook , Josh Poimboeuf , X86 ML , Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel , llvm@lists.linux.dev Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 17, 2022 at 1:58 AM Peter Zijlstra wrote: > > On Fri, May 13, 2022 at 01:21:38PM -0700, Sami Tolvanen wrote: > > KCFI is a proposed forward-edge control-flow integrity scheme for > > Clang, which is more suitable for kernel use than the existing CFI > > scheme used by CONFIG_CFI_CLANG. KCFI doesn't require LTO, doesn't > > alter function references to point to a jump table, and won't break > > function address equality. The latest LLVM patch is here: > > > > https://reviews.llvm.org/D119296 > > > > This RFC series replaces the current arm64 CFI implementation with > > KCFI and adds support for x86_64. > > You have some weird behaviour vs weak functions (I so hate those)... > > 100: 0000000000000980 9 FUNC LOCAL DEFAULT 2 __cfi_free_initmem > 233: 0000000000000989 35 FUNC WEAK DEFAULT 2 free_initmem > > With the result that on the final link: > > 179: 00000000000009b0 9 FUNC LOCAL DEFAULT 1 __cfi_free_initmem > 8689: 00000000000007f0 9 FUNC LOCAL DEFAULT 65 __cfi_free_initmem > 173283: 00000000000007f9 198 FUNC GLOBAL DEFAULT 65 free_initmem > > This is getting me objtool issues (I'll fix them) but perhaps it's > something you can do something about as well. Good catch, I'll fix this. Sami