From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A3E45C46467 for ; Sat, 7 Jan 2023 15:43:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=TczJFwNDZ5T1WQyopu9wiVHeHkbPOLWARp9XwnSPCDA=; b=XmZ8M+Ot9iO9Zr g6Cf8O/nCC9GNfbORyvNlrsGocBG5D0PlJGJaq4nIIbHnIMYNkMFGdkLOaqYNYP8UIaIFLBUVDN2U HZXyOFkypT/fIP8dqBkfiSm5MsMGVDiNOqVcwo9HI3i9AU9UokUw/+SHRnJVsmgZPSHEY4iyVDNOZ LHh9ftYbLWqGetAgmnx5BK35r9jGlY8NLNPT+W+XoifUZU1wsasON259Ea4C9Uw1uYVql985AM1ym XFRBEzf0QXWz91B0si9vm+mqmMvuy2ftJJd9krjgprpnv8uNqdIiG0EVbDcubz0l7UtqzalpNtbWA 4a+fODV923QyYx8Hu97g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pEBKx-007YBq-3I; Sat, 07 Jan 2023 15:42:23 +0000 Received: from mail-pf1-x433.google.com ([2607:f8b0:4864:20::433]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pEBKt-007Y9O-9V for linux-arm-kernel@lists.infradead.org; Sat, 07 Jan 2023 15:42:20 +0000 Received: by mail-pf1-x433.google.com with SMTP id s3so653048pfd.12 for ; Sat, 07 Jan 2023 07:42:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=6xDSCMl1byV6r8CizXSU340HcVITDFX3ysn4+0ZvaY4=; b=TNWw3UNm5egls2TgN5h1Ray/CeJYacXRE5VvHj5EBCIDbShpoHMXcg/CdGYkkUB4Wg XFDo8Z7EyaAmDv+1hTmeIrPlgAWAb0Kr7iIjKimoOH43XnVytB2LObGWtdMsMmC2t7T7 3GHxn24IttXoZThaVeAuklaoGEpGV12+uQlxosVbSOJsEEWcwK1VxkOPRSZCd1XgF5iI 6a8n6zXv26MZdzIJe1jEet6ATzAf+eRP/0droi6ns2ZlwJBUFJSbpN3ZgHVpTCTSBgna upO2eBw994cGyLlKX6C2DeRIUIANfl5xh2sipF+4p+peodXSBVdv4l66V/HRyAJV3ooh L8UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6xDSCMl1byV6r8CizXSU340HcVITDFX3ysn4+0ZvaY4=; b=FAhXRqWJv/l4FbcBVXGHvmNwPPWP8u2OL4xAUfUbzi6xYEwAPAyssYlDt63H5lLvKb z6hzebxzzdvSrHH3tHJnN/NdxDs0Qan3nrG4A868cZvN2r3/WXJ3n0rq8hQ1g442TY7B CMscONkywDpgb600h91inT+U4qc13i1r7mgfyy/s7Fv6mr/gKfuHU7OYMQU+KbwdZygK 4MfKMZc+a9r3zEIqT6c/Ha6a6uUAheaZo8VCyuhugqEy3NyIyEvWeGsV+aACunFqkDY8 jmR6/rjRv+pNAjww66eIbvSRwc57G09kdPoqzMEIcj9AeH8jhYeAtpekp0ARU2xmTrHB 0F5Q== X-Gm-Message-State: AFqh2kpIdCEP8vjE0vF9Ixa1OZsHeaQXv5uly0MzknNynUXqF4rWy8aU HUYXdEzh+8FRvKE0tFbACgnCsVGevwmH0A== X-Google-Smtp-Source: AMrXdXvE5OGLzHXfqQC90eD/mJS2cy4fM2WVoP4U6+pXa936fN643zge3kXFDrnpKY640ANna1bIiA== X-Received: by 2002:a62:b50c:0:b0:587:3153:6080 with SMTP id y12-20020a62b50c000000b0058731536080mr669851pfe.31.1673106138167; Sat, 07 Jan 2023 07:42:18 -0800 (PST) Received: from localhost ([124.248.219.206]) by smtp.gmail.com with ESMTPSA id h2-20020aa79f42000000b00575d1ba0ecfsm2966907pfr.133.2023.01.07.07.42.17 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 07 Jan 2023 07:42:17 -0800 (PST) Date: Sat, 7 Jan 2023 07:42:13 -0800 From: Dan Li To: Kees Cook Cc: Peter Zijlstra , Masahiro Yamada , Michal Marek , Nick Desaulniers , Catalin Marinas , Will Deacon , Sami Tolvanen , Nathan Chancellor , Tom Rix , Mark Rutland , Josh Poimboeuf , Qing Zhao , "Paul E. McKenney" , Frederic Weisbecker , "Eric W. Biederman" , Marco Elver , Christophe Leroy , Song Liu , Andrew Morton , Uros Bizjak , Kumar Kartikeya Dwivedi , Juergen Gross , Luis Chamberlain , Borislav Petkov , Masami Hiramatsu , Dmitry Torokhov , Aaron Tomlin , Kalesh Singh , Yuntao Wang , Changbin Du , linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev Subject: Re: [RFC/RFT] CFI: Add support for gcc CFI in aarch64 Message-ID: <20230107154213.ocyghxd2k66gbvv6@ubuntu> References: <20221219061758.23321-1-ashimida.1990@gmail.com> <20221219132731.6ng4sz2nv6ujvu7i@ubuntu> <202301061929.6881F6CD40@keescook> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <202301061929.6881F6CD40@keescook> User-Agent: NeoMutt/20171215 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230107_074219_363330_D499A358 X-CRM114-Status: GOOD ( 27.31 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Kees, On 01/06, Kees Cook wrote: > On Mon, Dec 19, 2022 at 05:32:04AM -0800, Dan Li wrote: > > Hi Peter, > Hi! > > First of all, thank you thank you for working on this in GCC. This will > make a big difference for folks that don't have the option to build with > Clang to gain CFI coverage. > > As for the implementation details, the core issue is really that this > type of CFI is specifically designed for the Linux kernel, and it took a > rather long time to figure out all the specifics needed (down to the > byte counts and instruction layouts). GCC's version will ultimately need > to exactly match the Clang output, or Linux is unlikely to support it. > > We're already on our second CFI -- the original Clang CFI was just too > clunky for long-term use in Linux, so unless we're going to improve on > the latest Clang KCFI implementation in some way, it's better to stick > to exactly byte-for-byte identical results. The KCFI support in Linux > depends on the arm64 and x86_64 runtimes for catching the traps, and the > post-processing done (on x86_64) with objtool that prepares the kernel > for IBT use, and converts to the optional FineIBT CFI mechanism. With > all those moving parts, there needs to be a very compelling reason to > have GCC KCFI implementation differ from Clang's. > > Hopefully that context helps a little. I'm excited to try out future > versions! Thanks for the context, it makes sense and helped me a lot. :) In the next version I'll make the gcc implementation consistent with clang. Thanks, Dan. > > -Kees > > -- > Kees Cook _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel