| Message ID | 20221219055431.22596-1-ashimida.1990@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add compiler support for Control Flow Integrity | expand |
On Mon, Dec 19, 2022 at 3:59 PM Dan Li via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > This series of patches is mainly used to support the control flow > integrity protection of the linux kernel [1], which is similar to > -fsanitize=kcfi in clang 16.0 [2,3]. > > I hope that this feature will also support user-mode CFI in the > future (at least for developers who can recompile the runtime), > so I use -fsanitize=cfi as a compilation option here. > > Any suggestion please let me know :). Do you have this series as a branch somewhere that we could also try for x86? > > Thanks, Dan. > > [1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/ > [2] https://clang.llvm.org/docs/ControlFlowIntegrity.html > [3] https://reviews.llvm.org/D119296 > > Dan Li (3): > [PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to > 64 bits to support more features > [PR102768] Support CFI: Add new pass for Control Flow Integrity > [PR102768] aarch64: Add support for Control Flow Integrity > > Signed-off-by: Dan Li <ashimida.1990@gmail.com> > > --- > gcc/Makefile.in | 1 + > gcc/asan.h | 4 +- > gcc/c-family/c-attribs.cc | 10 +- > gcc/c-family/c-common.h | 2 +- > gcc/c/c-parser.cc | 4 +- > gcc/cgraphunit.cc | 34 +++ > gcc/common.opt | 4 +- > gcc/config/aarch64/aarch64.cc | 106 ++++++++ > gcc/cp/typeck.cc | 2 +- > gcc/doc/invoke.texi | 35 +++ > gcc/doc/passes.texi | 10 + > gcc/doc/tm.texi | 27 +++ > gcc/doc/tm.texi.in | 8 + > gcc/dwarf2asm.cc | 2 +- > gcc/flag-types.h | 67 ++--- > gcc/opt-suggestions.cc | 2 +- > gcc/opts.cc | 26 +- > gcc/opts.h | 8 +- > gcc/output.h | 3 + > gcc/passes.def | 1 + > gcc/target.def | 39 +++ > .../aarch64/control_flow_integrity_1.c | 14 ++ > .../aarch64/control_flow_integrity_2.c | 25 ++ > .../aarch64/control_flow_integrity_3.c | 23 ++ > gcc/toplev.cc | 4 + > gcc/tree-cfg.cc | 2 +- > gcc/tree-cfi.cc | 229 ++++++++++++++++++ > gcc/tree-pass.h | 1 + > gcc/tree.cc | 144 +++++++++++ > gcc/tree.h | 1 + > gcc/varasm.cc | 29 +++ > 31 files changed, 803 insertions(+), 64 deletions(-) > create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_1.c > create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_2.c > create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_3.c > create mode 100644 gcc/tree-cfi.cc > > -- > 2.17.1 > -- BR, Hongtao
On Sun, Dec 18, 2022 at 10:06 PM Dan Li <ashimida.1990@gmail.com> wrote: > > This series of patches is mainly used to support the control flow > integrity protection of the linux kernel [1], which is similar to > -fsanitize=kcfi in clang 16.0 [2,3]. > > I hope that this feature will also support user-mode CFI in the > future (at least for developers who can recompile the runtime), > so I use -fsanitize=cfi as a compilation option here. Please don't. The various CFI-related build flags are confusing enough without also having this inconsistency between Clang and GCC. Peter
On 02/09, Hongtao Liu wrote: > On Mon, Dec 19, 2022 at 3:59 PM Dan Li via Gcc-patches > <gcc-patches@gcc.gnu.org> wrote: > > > > This series of patches is mainly used to support the control flow > > integrity protection of the linux kernel [1], which is similar to > > -fsanitize=kcfi in clang 16.0 [2,3]. > > > > I hope that this feature will also support user-mode CFI in the > > future (at least for developers who can recompile the runtime), > > so I use -fsanitize=cfi as a compilation option here. > > > > Any suggestion please let me know :). > Do you have this series as a branch somewhere that we could also try for x86? Hi Hongtao, I haven't tried this feature on the x86 platform, if possible, I will try it in the next version. Thanks, Dan. > -- > BR, > Hongtao
On 02/08, Peter Collingbourne wrote: > On Sun, Dec 18, 2022 at 10:06 PM Dan Li <ashimida.1990@gmail.com> wrote: > > > > This series of patches is mainly used to support the control flow > > integrity protection of the linux kernel [1], which is similar to > > -fsanitize=kcfi in clang 16.0 [2,3]. > > > > I hope that this feature will also support user-mode CFI in the > > future (at least for developers who can recompile the runtime), > > so I use -fsanitize=cfi as a compilation option here. > > Please don't. The various CFI-related build flags are confusing enough > without also having this inconsistency between Clang and GCC. Hi Peter, Got it, as discussed before[1], in the next version I will use the same compile option. [1]. https://patchwork.kernel.org/project/linux-arm-kernel/patch/20221219061758.23321-1-ashimida.1990@gmail.com/ Thanks, Dan. > > Peter
On Sat, Feb 11, 2023 at 12:18 AM Dan Li <ashimida.1990@gmail.com> wrote: > > On 02/09, Hongtao Liu wrote: > > On Mon, Dec 19, 2022 at 3:59 PM Dan Li via Gcc-patches > > <gcc-patches@gcc.gnu.org> wrote: > > > > > > This series of patches is mainly used to support the control flow > > > integrity protection of the linux kernel [1], which is similar to > > > -fsanitize=kcfi in clang 16.0 [2,3]. > > > > > > I hope that this feature will also support user-mode CFI in the > > > future (at least for developers who can recompile the runtime), > > > so I use -fsanitize=cfi as a compilation option here. > > > > > > Any suggestion please let me know :). > > Do you have this series as a branch somewhere that we could also try for x86? > > Hi Hongtao, > > I haven't tried this feature on the x86 platform, if possible, I will try it in > the next version. Thanks. > > Thanks, > Dan. > > > -- > > BR, > > Hongtao -- BR, Hongtao
This series of patches is mainly used to support the control flow
integrity protection of the linux kernel [1], which is similar to
-fsanitize=kcfi in clang 16.0 [2,3].
Any suggestion please let me know :).
Thanks, Dan.
[1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/
[2] https://clang.llvm.org/docs/ControlFlowIntegrity.html
[3] https://reviews.llvm.org/D119296
Signed-off-by: Dan Li <ashimida.1990@gmail.com>
---
Dan Li (3):
[PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to
64 bits to support more features
[PR102768] Support CFI: Add basic support for Kernel Control Flow
Integrity
[PR102768] aarch64: Add support for Kernel Control Flow Integrity
gcc/asan.h | 4 +-
gcc/c-family/c-attribs.cc | 10 +-
gcc/c-family/c-common.h | 2 +-
gcc/c/c-parser.cc | 4 +-
gcc/cfgexpand.cc | 26 ++++++
gcc/cgraphunit.cc | 34 +++++++
gcc/combine.cc | 1 +
gcc/common.opt | 4 +-
gcc/config/aarch64/aarch64.cc | 166 ++++++++++++++++++++++++++++++++++
gcc/cp/typeck.cc | 2 +-
gcc/doc/invoke.texi | 36 ++++++++
gcc/doc/tm.texi | 27 ++++++
gcc/doc/tm.texi.in | 8 ++
gcc/dwarf2asm.cc | 2 +-
gcc/emit-rtl.cc | 1 +
gcc/emit-rtl.h | 4 +
gcc/final.cc | 24 ++++-
gcc/flag-types.h | 67 +++++++-------
gcc/gimple.cc | 11 +++
gcc/gimple.h | 5 +-
gcc/opt-suggestions.cc | 2 +-
gcc/opts.cc | 26 +++---
gcc/opts.h | 8 +-
gcc/output.h | 3 +
gcc/reg-notes.def | 1 +
gcc/target.def | 38 ++++++++
gcc/toplev.cc | 4 +
gcc/tree-cfg.cc | 2 +-
gcc/tree.cc | 144 +++++++++++++++++++++++++++++
gcc/tree.h | 1 +
gcc/varasm.cc | 26 ++++++
31 files changed, 627 insertions(+), 66 deletions(-)
On Sat, Mar 25, 2023 at 01:11:14AM -0700, Dan Li wrote: > This series of patches is mainly used to support the control flow > integrity protection of the linux kernel [1], which is similar to > -fsanitize=kcfi in clang 16.0 [2,3]. > > Any suggestion please let me know :). Hi Dan, It's been a couple months, and I didn't see any other feedback on this proposal. I was curious what the status of this work is. Are you able to attend GNU Cauldron[1] this year? I'd love to see this get some traction in GCC. Thanks! -Kees [1] https://gcc.gnu.org/wiki/cauldron2023
Hi Kees, Sincerely sorry, I just saw this email. Embarrassingly, due to another job change, my plan was postponed again :(. I may not be able to attend this year's GCC meeting. Is there any other way to let this get some traction in GCC? I really hope someone can help with this topic. BTW, I'm still looking at this and plan to finish it by the end of this year, but it's taking too long and there's a lot of uncertainty, so please just consider this only as a backup option. Thanks, Dan. On Thu, 22 Jun 2023 at 05:54, Kees Cook <keescook@chromium.org> wrote: > > On Sat, Mar 25, 2023 at 01:11:14AM -0700, Dan Li wrote: > > This series of patches is mainly used to support the control flow > > integrity protection of the linux kernel [1], which is similar to > > -fsanitize=kcfi in clang 16.0 [2,3]. > > > > Any suggestion please let me know :). > > Hi Dan, > > It's been a couple months, and I didn't see any other feedback on this > proposal. I was curious what the status of this work is. Are you able to > attend GNU Cauldron[1] this year? I'd love to see this get some traction > in GCC. > > Thanks! > > -Kees > > [1] https://gcc.gnu.org/wiki/cauldron2023 > > -- > Kees Cook
Hi All, Embarrassingly, due to personal reasons, I may not be able to complete the series of patches on the forward side of GCC CFI for the time being. Please forgive me for not realizing that I should have sent this help email a long time ago :( This topic has been delayed for a long time, and I would be very grateful if someone can help complete this series of patches. BTW, please let me know if there are more groups I can cc for help. Thanks! Dan. On Sat, 25 Mar 2023 at 16:11, Dan Li <ashimida.1990@gmail.com> wrote: > > This series of patches is mainly used to support the control flow > integrity protection of the linux kernel [1], which is similar to > -fsanitize=kcfi in clang 16.0 [2,3]. > > Any suggestion please let me know :). > > Thanks, Dan. > > [1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/ > [2] https://clang.llvm.org/docs/ControlFlowIntegrity.html > [3] https://reviews.llvm.org/D119296 > > Signed-off-by: Dan Li <ashimida.1990@gmail.com> > > --- > Dan Li (3): > [PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to > 64 bits to support more features > [PR102768] Support CFI: Add basic support for Kernel Control Flow > Integrity > [PR102768] aarch64: Add support for Kernel Control Flow Integrity > > gcc/asan.h | 4 +- > gcc/c-family/c-attribs.cc | 10 +- > gcc/c-family/c-common.h | 2 +- > gcc/c/c-parser.cc | 4 +- > gcc/cfgexpand.cc | 26 ++++++ > gcc/cgraphunit.cc | 34 +++++++ > gcc/combine.cc | 1 + > gcc/common.opt | 4 +- > gcc/config/aarch64/aarch64.cc | 166 ++++++++++++++++++++++++++++++++++ > gcc/cp/typeck.cc | 2 +- > gcc/doc/invoke.texi | 36 ++++++++ > gcc/doc/tm.texi | 27 ++++++ > gcc/doc/tm.texi.in | 8 ++ > gcc/dwarf2asm.cc | 2 +- > gcc/emit-rtl.cc | 1 + > gcc/emit-rtl.h | 4 + > gcc/final.cc | 24 ++++- > gcc/flag-types.h | 67 +++++++------- > gcc/gimple.cc | 11 +++ > gcc/gimple.h | 5 +- > gcc/opt-suggestions.cc | 2 +- > gcc/opts.cc | 26 +++--- > gcc/opts.h | 8 +- > gcc/output.h | 3 + > gcc/reg-notes.def | 1 + > gcc/target.def | 38 ++++++++ > gcc/toplev.cc | 4 + > gcc/tree-cfg.cc | 2 +- > gcc/tree.cc | 144 +++++++++++++++++++++++++++++ > gcc/tree.h | 1 + > gcc/varasm.cc | 26 ++++++ > 31 files changed, 627 insertions(+), 66 deletions(-) > > -- > 2.17.1 >
This series of patches is mainly used to support the control flow integrity protection of the linux kernel [1], which is similar to -fsanitize=kcfi in clang 16.0 [2,3]. I hope that this feature will also support user-mode CFI in the future (at least for developers who can recompile the runtime), so I use -fsanitize=cfi as a compilation option here. Any suggestion please let me know :). Thanks, Dan. [1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/ [2] https://clang.llvm.org/docs/ControlFlowIntegrity.html [3] https://reviews.llvm.org/D119296 Dan Li (3): [PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to 64 bits to support more features [PR102768] Support CFI: Add new pass for Control Flow Integrity [PR102768] aarch64: Add support for Control Flow Integrity Signed-off-by: Dan Li <ashimida.1990@gmail.com> --- gcc/Makefile.in | 1 + gcc/asan.h | 4 +- gcc/c-family/c-attribs.cc | 10 +- gcc/c-family/c-common.h | 2 +- gcc/c/c-parser.cc | 4 +- gcc/cgraphunit.cc | 34 +++ gcc/common.opt | 4 +- gcc/config/aarch64/aarch64.cc | 106 ++++++++ gcc/cp/typeck.cc | 2 +- gcc/doc/invoke.texi | 35 +++ gcc/doc/passes.texi | 10 + gcc/doc/tm.texi | 27 +++ gcc/doc/tm.texi.in | 8 + gcc/dwarf2asm.cc | 2 +- gcc/flag-types.h | 67 ++--- gcc/opt-suggestions.cc | 2 +- gcc/opts.cc | 26 +- gcc/opts.h | 8 +- gcc/output.h | 3 + gcc/passes.def | 1 + gcc/target.def | 39 +++ .../aarch64/control_flow_integrity_1.c | 14 ++ .../aarch64/control_flow_integrity_2.c | 25 ++ .../aarch64/control_flow_integrity_3.c | 23 ++ gcc/toplev.cc | 4 + gcc/tree-cfg.cc | 2 +- gcc/tree-cfi.cc | 229 ++++++++++++++++++ gcc/tree-pass.h | 1 + gcc/tree.cc | 144 +++++++++++ gcc/tree.h | 1 + gcc/varasm.cc | 29 +++ 31 files changed, 803 insertions(+), 64 deletions(-) create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_1.c create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_2.c create mode 100644 gcc/testsuite/gcc.target/aarch64/control_flow_integrity_3.c create mode 100644 gcc/tree-cfi.cc