From: Kees Cook <kees@kernel.org>
To: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
Cc: Qing Zhao <qing.zhao@oracle.com>,
Andrew Pinski <pinskia@gmail.com>,
Jakub Jelinek <jakub@redhat.com>,
Martin Uecker <uecker@tugraz.at>,
Richard Biener <rguenther@suse.de>,
Joseph Myers <josmyers@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Jan Hubicka <hubicka@ucw.cz>,
Richard Earnshaw <richard.earnshaw@arm.com>,
Richard Sandiford <richard.sandiford@arm.com>,
Marcus Shawcroft <marcus.shawcroft@arm.com>,
Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
Kito Cheng <kito.cheng@gmail.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Andrew Waterman <andrew@sifive.com>,
Jim Wilson <jim.wilson.gcc@gmail.com>,
Dan Li <ashimida.1990@gmail.com>,
Sami Tolvanen <samitolvanen@google.com>,
Ramon de C Valle <rcvalle@google.com>,
Joao Moreira <joao@overdrivepizza.com>,
Nathan Chancellor <nathan@kernel.org>,
Bill Wendling <morbo@google.com>,
gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3 7/7] kcfi: Add regression test suite
Date: Wed, 17 Sep 2025 12:51:15 -0700 [thread overview]
Message-ID: <202509171249.0ED683BBA@keescook> (raw)
In-Reply-To: <CALvbMcBv-vbJahUH_j+vxhsNnydbO7__RP1S2tg93HgUiTDv+w@mail.gmail.com>
On Sat, Sep 13, 2025 at 04:51:21PM -0700, Andrew Pinski wrote:
> On Sat, Sep 13, 2025 at 4:36 PM Kees Cook <kees@kernel.org> wrote:
> > +/* Should have KCFI instrumentation for all indirect calls. */
> > +
> > +/* x86_64: Complete KCFI check sequence should be present. */
> > +/* { dg-final { scan-assembler {movl\t\$-?[0-9]+, %r1[01]d\n\taddl\t[^,]+, %r1[01]d\n\tje\t\.Lkcfi_call[0-9]+\n\.Lkcfi_trap[0-9]+:\n\tud2} { target x86_64-*-* } } } */
> > +
> > +/* AArch64: Complete KCFI check sequence should be present. */
> > +/* { dg-final { scan-assembler {ldur\tw16, \[x[0-9]+, #-[0-9]+\]\n\tmov\tw17, #[0-9]+\n\tmovk\tw17, #[0-9]+, lsl #16\n\tcmp\tw16, w17\n\tb\.eq\t(\.Lkcfi_call[0-9]+)\n\.Lkcfi_trap[0-9]+:\n\tbrk\t#[0-9]+\n\1:\n\tblr\tx[0-9]+} { target aarch64*-*-* } } } */
> > +
> > +/* ARM 32-bit: Complete KCFI check sequence should be present with stack
> > + spilling. */
> > +/* { dg-final { scan-assembler {push\t\{r0, r1\}\n\tldr\tr0, \[r[0-9]+, #-[0-9]+\]\n\tmovw\tr1, #[0-9]+\n\tmovt\tr1, #[0-9]+\n\tcmp\tr0, r1\n\tpop\t\{r0, r1\}\n\tbeq\t\.Lkcfi_call[0-9]+\n\.Lkcfi_trap[0-9]+:\n\tudf\t#[0-9]+\n\.Lkcfi_call[0-9]+:\n\tblx\tr[0-9]+} { target arm32 } } } */
> > +
> > +/* RISC-V: Complete KCFI check sequence should be present. */
> > +/* { dg-final { scan-assembler {lw\tt1, -4\([a-z0-9]+\)\n\tlui\tt2, [0-9]+\n\taddiw\tt2, t2, -?[0-9]+\n\tbeq\tt1, t2, \.Lkcfi_call[0-9]+\n\.Lkcfi_trap[0-9]+:\n\tebreak} { target riscv*-*-* } } } */
> > +
> > +/* Should have trap section with entries. */
> > +/* { dg-final { scan-assembler {\.kcfi_traps} { target x86_64-*-* } } } */
> > +/* { dg-final { scan-assembler {\.kcfi_traps} { target riscv*-*-* } } } */
> > +
> > +/* AArch64 should NOT have trap section (uses brk immediate instead) */
> > +/* { dg-final { scan-assembler-not {\.kcfi_traps} { target aarch64*-*-* } } } */
> > +
> > +/* ARM 32-bit should NOT have trap section (uses udf immediate instead) */
> > +/* { dg-final { scan-assembler-not {\.kcfi_traps} { target arm32 } } } */
>
>
> I think it would be better to use check-function-bodies here rather
> than scan-assembler for the sequences. Maybe each target should have
> its own testcase rather than putting it all in one source.
> Plus I think the target testcase should be part of the target patch
> rather than its own patch to make it easier to review both things
> together. Because while I was reviewing the aarch64 part I was
> thinking where are the testcases for the aarch64 specific changes.
Ah yeah, that works. I spent some time scratching my head over how to
have it not drop labels, but I've gotten a bunch of these converted now.
Some constructs I left, especially "scan-assembler-not" tests for v4.
It's significantly more readable now! Thanks! :)
-Kees
--
Kees Cook
next prev parent reply other threads:[~2025-09-17 19:51 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-13 23:23 [PATCH v3 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2025-09-13 23:23 ` [PATCH v3 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2025-09-17 17:56 ` Qing Zhao
2025-09-17 21:20 ` Kees Cook
2025-09-18 7:20 ` Martin Uecker
2025-09-18 18:09 ` Kees Cook
2025-09-18 18:40 ` Martin Uecker
2025-09-13 23:23 ` [PATCH v3 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2025-09-17 13:42 ` Qing Zhao
2025-09-17 21:09 ` Kees Cook
2025-09-18 16:59 ` Qing Zhao
2025-09-18 18:20 ` Kees Cook
2025-09-18 18:48 ` Qing Zhao
2025-09-18 19:20 ` Kees Cook
2025-09-18 19:39 ` Kees Cook
2025-09-18 20:14 ` Qing Zhao
2025-09-13 23:23 ` [PATCH v3 3/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2025-09-13 23:24 ` [PATCH v3 4/7] aarch64: Add AArch64 " Kees Cook
2025-09-13 23:43 ` Andrew Pinski
2025-09-14 19:45 ` Kees Cook
2025-09-14 19:52 ` Andrew Pinski
2025-09-17 20:01 ` Kees Cook
2025-09-13 23:24 ` [PATCH v3 5/7] arm: Add ARM 32-bit " Kees Cook
2025-09-13 23:24 ` [PATCH v3 6/7] riscv: Add RISC-V " Kees Cook
2025-09-13 23:24 ` [PATCH v3 7/7] kcfi: Add regression test suite Kees Cook
2025-09-13 23:51 ` Andrew Pinski
2025-09-17 19:51 ` Kees Cook [this message]
2025-09-13 23:58 ` Andrew Pinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202509171249.0ED683BBA@keescook \
--to=kees@kernel.org \
--cc=andrew.pinski@oss.qualcomm.com \
--cc=andrew@sifive.com \
--cc=ashimida.1990@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hubicka@ucw.cz \
--cc=jakub@redhat.com \
--cc=jim.wilson.gcc@gmail.com \
--cc=joao@overdrivepizza.com \
--cc=josmyers@redhat.com \
--cc=kito.cheng@gmail.com \
--cc=kyrylo.tkachov@arm.com \
--cc=linux-hardening@vger.kernel.org \
--cc=marcus.shawcroft@arm.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=palmer@dabbelt.com \
--cc=peterz@infradead.org \
--cc=pinskia@gmail.com \
--cc=qing.zhao@oracle.com \
--cc=rcvalle@google.com \
--cc=rguenther@suse.de \
--cc=richard.earnshaw@arm.com \
--cc=richard.sandiford@arm.com \
--cc=samitolvanen@google.com \
--cc=uecker@tugraz.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).