From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id DF3CDC433EF
	for <linux-arm-kernel@archiver.kernel.org>; Sat, 14 May 2022 21:47:57 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:
	Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=Ly/0QNl5NAa3UrgGyI5MiS9I74RL8X1R44eqc0vbc98=; b=y6AAelu0s5S180
	uHNIDAopHTFgk+ZBGy/som/SepKZUBmOEH1H9rV5U7bJTrtEDbpfV4qMy1r4U6rG7Ocjd4qIjIsQP
	pNmL1BTYA8ndwRaS98h5mIJDsaTijWjjCbgfwTOwgCikI/FqHzDjSlP7zAkBtyU1hJ0txLBvCH9jC
	rs+bhUMjexVIUH43WBYz65+oHBtnt4AkuRLB/IYRe1CwpA03a1G2j+/Dw2acrNZ7CgMkCTKVPUDUW
	uqq++yKDoyjVCML5a5wTTM3fuVvbG2sitdSsTwlzXfolvd067gVisNssuG6Zi4EaeyVctPw7zJAiy
	U5LUbq+5k0v/UPbYANEw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1npzbE-002MJA-30; Sat, 14 May 2022 21:46:56 +0000
Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1npzbA-002MHw-A3
 for linux-arm-kernel@lists.infradead.org; Sat, 14 May 2022 21:46:53 +0000
Received: by mail-pj1-x102c.google.com with SMTP id
 l7-20020a17090aaa8700b001dd1a5b9965so10874231pjq.2
 for <linux-arm-kernel@lists.infradead.org>;
 Sat, 14 May 2022 14:46:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to;
 bh=e29OYJF0Cr34NWXtjSnWsGpG9iO/e7RRuuLzidaM53E=;
 b=iLL3cfRMy+bNRF6yJMjDw3XvgwGT5nul36IUUc3BfjbVqT/89mvtX0Y9OzZeN0R4Gu
 W178b+kjzr8Lf53lXiq7GHB/hfPD1hgiN4QTbUs3bRLflRujC0OJjNTHm2LZ3xS18mLX
 NRFhidoGxgqGZWfBgeQ3q0MvXRxhcwrfDkb+8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to;
 bh=e29OYJF0Cr34NWXtjSnWsGpG9iO/e7RRuuLzidaM53E=;
 b=xoNE96WKmqBEcKfoYhtfuxLvuX483LkN9d+1sTHMyg1EB4H2OmKRGje0uOSe67jH2z
 NI1QTgqHHrhOk6ZnB10dFuRy96BODfHTxCDbqIbBpSYwEzMh3t9K9wcQKf5SQbiHkcu1
 0x+e5vI9hrV5faFwkD3rJXcvcUntwvI2MDLUQxYLFyWC+CGeyhSJGJf/3OXkH3tKdaj0
 P0bKBHvLjoaiCRqJ1qEbdpz0rVfKONrrc4plnWWZtjM86idccpAM2XTlG5ySg36cTm7T
 Gog/28vwvirw6dX+GYpINdk5WQE6nqEC3MmqhL3J+cjqEdH/jAopwW0B29nQwSQYFnHf
 8z2g==
X-Gm-Message-State: AOAM531OpuSE74loY91F+8zbG+YZh4yX+N9RWLDwQvHRQQe1Huue8dIr
 tK+oHmEmGZ3t79pyDRPlZaZRhw==
X-Google-Smtp-Source: ABdhPJwsCXmSC41w6NBmUyzu0g9wSnZn8nG1i4Pdwc6BWgonq72IR1wz8hyIaB0bEBdZVZ1mnem53A==
X-Received: by 2002:a17:903:189:b0:15e:9584:fbe7 with SMTP id
 z9-20020a170903018900b0015e9584fbe7mr10635100plg.65.1652564811104; 
 Sat, 14 May 2022 14:46:51 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
 by smtp.gmail.com with ESMTPSA id
 j11-20020a056a00174b00b0050dc76281bfsm4049680pfc.153.2022.05.14.14.46.50
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 14 May 2022 14:46:50 -0700 (PDT)
Date: Sat, 14 May 2022 14:46:50 -0700
From: Kees Cook <keescook@chromium.org>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: linux-kernel@vger.kernel.org, Josh Poimboeuf <jpoimboe@redhat.com>,
 Peter Zijlstra <peterz@infradead.org>, x86@kernel.org,
 Catalin Marinas <catalin.marinas@arm.com>,
 Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
 Nathan Chancellor <nathan@kernel.org>,
 Nick Desaulniers <ndesaulniers@google.com>,
 Joao Moreira <joao@overdrivepizza.com>,
 Sedat Dilek <sedat.dilek@gmail.com>, Steven Rostedt <rostedt@goodmis.org>,
 linux-hardening@vger.kernel.org,
 linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev
Subject: Re: [RFC PATCH v2 06/21] cfi: Switch to -fsanitize=kcfi
Message-ID: <202205141444.9F32C94D9@keescook>
References: <20220513202159.1550547-1-samitolvanen@google.com>
 <20220513202159.1550547-7-samitolvanen@google.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20220513202159.1550547-7-samitolvanen@google.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220514_144652_385706_22E19879 
X-CRM114-Status: GOOD (  12.81  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On Fri, May 13, 2022 at 01:21:44PM -0700, Sami Tolvanen wrote:
> Switch from Clang's original forward-edge control-flow integrity
> implementation to -fsanitize=kcfi, which is better suited for the
> kernel, as it doesn't require LTO, doesn't use a jump table that
> requires altering function references, and won't break cross-module
> function address equality.
> 
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

Yes please. And just to note it somewhere: landing the KCFI
implementation on Clang depends on this series being accepted (i.e. if
the arm64 and x86 maintainers are happy with this series, then that'll
unblock landing it in Clang (no reason to land something that won't get
used.)

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel