Re: [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure

public inbox for linux-hardening@vger.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Andrew Pinski <andrew.pinski@oss.qualcomm.com>
Cc: Qing Zhao <qing.zhao@oracle.com>, Uros Bizjak <ubizjak@gmail.com>,
	Joseph Myers <josmyers@redhat.com>,
	Richard Biener <rguenther@suse.de>,
	Jeff Law <jeffreyalaw@gmail.com>,
	Andrew Pinski <pinskia@gmail.com>,
	Jakub Jelinek <jakub@redhat.com>,
	Martin Uecker <uecker@tugraz.at>,
	Peter Zijlstra <peterz@infradead.org>,
	Ard Biesheuvel <ardb@kernel.org>, Jan Hubicka <hubicka@ucw.cz>,
	Richard Earnshaw <richard.earnshaw@arm.com>,
	Richard Sandiford <richard.sandiford@arm.com>,
	Marcus Shawcroft <marcus.shawcroft@arm.com>,
	Kyrylo Tkachov <kyrylo.tkachov@arm.com>,
	Kito Cheng <kito.cheng@gmail.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Andrew Waterman <andrew@sifive.com>,
	Jim Wilson <jim.wilson.gcc@gmail.com>,
	Dan Li <ashimida.1990@gmail.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	Ramon de C Valle <rcvalle@google.com>,
	Joao Moreira <joao@overdrivepizza.com>,
	Nathan Chancellor <nathan@kernel.org>,
	Bill Wendling <morbo@google.com>,
	"Osterlund, Sebastian" <sebastian.osterlund@intel.com>,
	"Constable, Scott D" <scott.d.constable@intel.com>,
	gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure
Date: Fri, 12 Dec 2025 18:30:17 -0800	[thread overview]
Message-ID: <202512121756.68957E18@keescook> (raw)
In-Reply-To: <CALvbMcAd-03ZtYKBCecUKGLfna+kNe4TgYqkV80sVNQ+J-M-7A@mail.gmail.com>

On Tue, Dec 09, 2025 at 08:00:28PM -0800, Andrew Pinski wrote:
> On Tue, Dec 9, 2025 at 6:24 PM Kees Cook <kees@kernel.org> wrote:
> [...]
> > diff --git a/gcc/rtl.def b/gcc/rtl.def
> > index 15ae7d10fcc1..af643d187b95 100644
> > --- a/gcc/rtl.def
> > +++ b/gcc/rtl.def
> > @@ -318,6 +318,12 @@ DEF_RTL_EXPR(CLOBBER, "clobber", "e", RTX_EXTRA)
> >
> >  DEF_RTL_EXPR(CALL, "call", "ee", RTX_EXTRA)
> >
> > +/* KCFI wrapper for call expressions.
> > +   Operand 0 is the call expression.
> > +   Operand 1 is the KCFI type ID (const_int).  */
> > +
> > +DEF_RTL_EXPR(KCFI, "kcfi", "ee", RTX_EXTRA)
> 
> You don't document this new rtl in doc/rtl.texi.
> Also I think it would be better if it was:
> DEF_RTL_EXPR(KCFI, "kcfi", "ei", RTX_EXTRA)
> 
> So you don't need an extra indirection to the KCFI type ID. You can
> just access it like `XUINT (kcficall, 2)`.
> const_int seems too heavy weight for this.
> I assume it fits in `unsigned int`.

I can't figure out how to do the RTL matching when it's not a const_int
expr. For stand-alone stuff ("match_dup") I think I see it, but that seems
to be for stand-alone hard-coded values? Specifically what I can't figure
out is how to change the .md pattern matching with match_operand which
expects RTX operands, to something else. Format specifier i stores a raw
integer, not an RTX, so it can't be matched with match_operand. This
also breaks define_subst, which also seems to require patterns using
match_operand.

As always, I'm open to alternatives, but right now I don't see how to
do this with "ei".

> > +    case KCFI:
> > +      /* For KCFI wrapper, check both the wrapped call and the type ID.  */
> > +      return (reg_overlap_mentioned_p (x, XEXP (body, 0))
> > +             || reg_overlap_mentioned_p (x, XEXP (body, 1)));
> 
> Isn't the type ID always a const_int if so then you don't need to
> check if reg_overlap_mentioned_p here.

True, yes. I've adjusted this now. I wasn't sure if I needed this to check
the const_int value too, but testing seems to suggest I didn't need that
part.


-Kees

-- 
Kees Cook

next prev parent reply	other threads:[~2025-12-13  2:30 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-10  2:20 [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Kees Cook
2025-12-10  2:20 ` [PATCH v9 1/7] typeinfo: Introduce KCFI typeinfo mangling API Kees Cook
2025-12-12 23:07   ` Andrew Pinski
2025-12-13  1:24     ` Kees Cook
2025-12-13  1:29       ` Andrew Pinski
2025-12-13  1:43         ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 2/7] kcfi: Add core Kernel Control Flow Integrity infrastructure Kees Cook
2025-12-10  4:00   ` Andrew Pinski
2025-12-13  2:30     ` Kees Cook [this message]
2025-12-10  2:20 ` [PATCH v9 3/7] kcfi: Add regression test suite Kees Cook
2025-12-10  2:20 ` [PATCH v9 4/7] x86: Add x86_64 Kernel Control Flow Integrity implementation Kees Cook
2025-12-10  2:20 ` [PATCH v9 5/7] aarch64: Add AArch64 " Kees Cook
2025-12-10  3:48   ` Andrew Pinski
2025-12-12 22:47   ` Andrew Pinski
2025-12-13  1:40     ` Kees Cook
2025-12-10  2:20 ` [PATCH v9 6/7] arm: Add ARM 32-bit " Kees Cook
2025-12-10  2:20 ` [PATCH v9 7/7] riscv: Add RISC-V " Kees Cook
2025-12-10 18:55 ` [PATCH v9 0/7] Introduce Kernel Control Flow Integrity ABI [PR107048] Sam James
2025-12-11  0:07   ` Kees Cook
2026-01-01 22:42 ` Andrew Pinski
2026-01-02  3:42   ` Kees Cook
2026-01-09  5:48     ` Andrew Pinski
2026-01-09 18:22       ` Kees Cook
2026-01-09 18:43         ` Jeffrey Law

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202512121756.68957E18@keescook \
    --to=kees@kernel.org \
    --cc=andrew.pinski@oss.qualcomm.com \
    --cc=andrew@sifive.com \
    --cc=ardb@kernel.org \
    --cc=ashimida.1990@gmail.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=hubicka@ucw.cz \
    --cc=jakub@redhat.com \
    --cc=jeffreyalaw@gmail.com \
    --cc=jim.wilson.gcc@gmail.com \
    --cc=joao@overdrivepizza.com \
    --cc=josmyers@redhat.com \
    --cc=kito.cheng@gmail.com \
    --cc=kyrylo.tkachov@arm.com \
    --cc=linux-hardening@vger.kernel.org \
    --cc=marcus.shawcroft@arm.com \
    --cc=morbo@google.com \
    --cc=nathan@kernel.org \
    --cc=palmer@dabbelt.com \
    --cc=peterz@infradead.org \
    --cc=pinskia@gmail.com \
    --cc=qing.zhao@oracle.com \
    --cc=rcvalle@google.com \
    --cc=rguenther@suse.de \
    --cc=richard.earnshaw@arm.com \
    --cc=richard.sandiford@arm.com \
    --cc=samitolvanen@google.com \
    --cc=scott.d.constable@intel.com \
    --cc=sebastian.osterlund@intel.com \
    --cc=ubizjak@gmail.com \
    --cc=uecker@tugraz.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox