[PATCH v3 0/9] Add support for Control-Flow Integrity

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniele Buono <dbuono@linux.vnet.ibm.com>
To: dbuono@linux.vnet.ibm.com, qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH v3 0/9] Add support for Control-Flow Integrity
Date: Thu,  5 Nov 2020 17:18:56 -0500	[thread overview]
Message-ID: <20201105221905.1350-1-dbuono@linux.vnet.ibm.com> (raw)

This patch adds supports for Control-Flow Integrity checks
on indirect function calls.

Requires the use of clang, and link-time optimizations

Changes in v3:

- clang 11+ warnings are now handled directly at the source,
instead of disabling specific warnings for the whole code.
Some more work may be needed here to polish the patch, I
would kindly ask for a review from the corresponding
maintainers
- Remove configure-time checks for toolchain compatibility
with LTO.
- the decorator to disable cfi checks on functions has
been renamed and moved to include/qemu/compiler.h
- configure-time checks for cfi support and dependencies
has been moved from configure to meson

Link to v2: https://www.mail-archive.com/qemu-devel@nongnu.org/msg753675.html
Link to v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg718786.html

Daniele Buono (9):
  fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
  s390x: fix clang 11 warnings in cpu_models.c
  hw/usb: reorder fields in UASStatus
  s390x: Avoid variable size warning in ipl.h
  scsi: fix overflow in scsi_disk_new_request_dump
  configure,meson: add option to enable LTO
  cfi: Initial support for cfi-icall in QEMU
  check-block: enable iotests with cfi-icall
  configure/meson: support Control-Flow Integrity

 accel/tcg/cpu-exec.c          | 11 +++++++++
 configure                     | 26 ++++++++++++++++++++
 hw/s390x/ipl.h                |  4 +--
 hw/scsi/scsi-disk.c           |  4 +++
 hw/usb/dev-uas.c              |  2 +-
 include/qemu/compiler.h       | 12 +++++++++
 meson.build                   | 46 +++++++++++++++++++++++++++++++++++
 meson_options.txt             |  4 +++
 plugins/core.c                | 37 ++++++++++++++++++++++++++++
 plugins/loader.c              |  7 ++++++
 target/s390x/cpu_models.c     |  8 +++---
 tcg/tci.c                     |  7 ++++++
 tests/check-block.sh          | 18 ++++++++------
 tests/qtest/fuzz/fork_fuzz.ld | 12 ++++++++-
 util/main-loop.c              | 11 +++++++++
 util/oslib-posix.c            | 11 +++++++++
 16 files changed, 205 insertions(+), 15 deletions(-)

-- 
2.17.1

next             reply	other threads:[~2020-11-05 22:21 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-05 22:18 Daniele Buono [this message]
2020-11-05 22:18 ` [PATCH v3 1/9] fuzz: Make fork_fuzz.ld compatible with LLVM's LLD Daniele Buono
2020-11-06 14:50   ` Alexander Bulekov
2020-11-19 22:06     ` Daniele Buono
2020-12-13  2:51       ` Alexander Bulekov
2020-11-05 22:18 ` [PATCH v3 2/9] s390x: fix clang 11 warnings in cpu_models.c Daniele Buono
2020-11-09 11:12   ` Cornelia Huck
2020-11-05 22:18 ` [PATCH v3 3/9] hw/usb: reorder fields in UASStatus Daniele Buono
2020-11-06 14:28   ` [PATCH-for-5.2? " Philippe Mathieu-Daudé
2020-11-19 16:16     ` Daniele Buono
2021-01-14  8:17       ` Marc-André Lureau
2021-01-14 19:33         ` Daniele Buono
2021-01-18 11:38       ` Philippe Mathieu-Daudé
2021-01-18 16:09         ` Gerd Hoffmann
2020-11-05 22:19 ` [PATCH v3 4/9] s390x: Avoid variable size warning in ipl.h Daniele Buono
2020-11-09 11:14   ` Cornelia Huck
2020-11-05 22:19 ` [PATCH v3 5/9] scsi: fix overflow in scsi_disk_new_request_dump Daniele Buono
2020-11-06 14:32   ` [PATCH-for-5.2? " Philippe Mathieu-Daudé
2020-11-06 14:43     ` Philippe Mathieu-Daudé
2020-11-09 13:26       ` Philippe Mathieu-Daudé
2020-11-19 16:44         ` Daniele Buono
2020-11-05 22:19 ` [PATCH v3 6/9] configure,meson: add option to enable LTO Daniele Buono
2020-11-05 22:19 ` [PATCH v3 7/9] cfi: Initial support for cfi-icall in QEMU Daniele Buono
2020-11-05 22:19 ` [PATCH v3 8/9] check-block: enable iotests with cfi-icall Daniele Buono
2020-11-05 22:19 ` [PATCH v3 9/9] configure,meson: support Control-Flow Integrity Daniele Buono
2020-11-06 12:47 ` [PATCH v3 0/9] Add support for " Cornelia Huck
2020-11-06 13:35   ` Daniele Buono
2020-11-06 14:58     ` Alexander Bulekov
2020-11-19 21:58       ` Daniele Buono

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201105221905.1350-1-dbuono@linux.vnet.ibm.com \
    --to=dbuono@linux.vnet.ibm.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.