mbox series

[RFC/RFT,V2,0/3] Add compiler support for Kernel Control Flow Integrity

Message ID 20230325081117.93245-1-ashimida.1990@gmail.com (mailing list archive)
Headers show
Series Add compiler support for Kernel Control Flow Integrity | expand

Message

Dan Li March 25, 2023, 8:11 a.m. UTC
This series of patches is mainly used to support the control flow
integrity protection of the linux kernel [1], which is similar to
-fsanitize=kcfi in clang 16.0 [2,3].

Any suggestion please let me know :).

Thanks, Dan.

[1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/
[2] https://clang.llvm.org/docs/ControlFlowIntegrity.html
[3] https://reviews.llvm.org/D119296

Signed-off-by: Dan Li <ashimida.1990@gmail.com>

---
Dan Li (3):
  [PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to
    64 bits to support more features
  [PR102768] Support CFI: Add basic support for Kernel Control Flow
    Integrity
  [PR102768] aarch64: Add support for Kernel Control Flow Integrity

 gcc/asan.h                    |   4 +-
 gcc/c-family/c-attribs.cc     |  10 +-
 gcc/c-family/c-common.h       |   2 +-
 gcc/c/c-parser.cc             |   4 +-
 gcc/cfgexpand.cc              |  26 ++++++
 gcc/cgraphunit.cc             |  34 +++++++
 gcc/combine.cc                |   1 +
 gcc/common.opt                |   4 +-
 gcc/config/aarch64/aarch64.cc | 166 ++++++++++++++++++++++++++++++++++
 gcc/cp/typeck.cc              |   2 +-
 gcc/doc/invoke.texi           |  36 ++++++++
 gcc/doc/tm.texi               |  27 ++++++
 gcc/doc/tm.texi.in            |   8 ++
 gcc/dwarf2asm.cc              |   2 +-
 gcc/emit-rtl.cc               |   1 +
 gcc/emit-rtl.h                |   4 +
 gcc/final.cc                  |  24 ++++-
 gcc/flag-types.h              |  67 +++++++-------
 gcc/gimple.cc                 |  11 +++
 gcc/gimple.h                  |   5 +-
 gcc/opt-suggestions.cc        |   2 +-
 gcc/opts.cc                   |  26 +++---
 gcc/opts.h                    |   8 +-
 gcc/output.h                  |   3 +
 gcc/reg-notes.def             |   1 +
 gcc/target.def                |  38 ++++++++
 gcc/toplev.cc                 |   4 +
 gcc/tree-cfg.cc               |   2 +-
 gcc/tree.cc                   | 144 +++++++++++++++++++++++++++++
 gcc/tree.h                    |   1 +
 gcc/varasm.cc                 |  26 ++++++
 31 files changed, 627 insertions(+), 66 deletions(-)

Comments

Kees Cook June 21, 2023, 9:54 p.m. UTC | #1
On Sat, Mar 25, 2023 at 01:11:14AM -0700, Dan Li wrote:
> This series of patches is mainly used to support the control flow
> integrity protection of the linux kernel [1], which is similar to
> -fsanitize=kcfi in clang 16.0 [2,3].
> 
> Any suggestion please let me know :).

Hi Dan,

It's been a couple months, and I didn't see any other feedback on this
proposal. I was curious what the status of this work is. Are you able to
attend GNU Cauldron[1] this year? I'd love to see this get some traction
in GCC.

Thanks!

-Kees

[1] https://gcc.gnu.org/wiki/cauldron2023
Dan Li July 19, 2023, 8:20 a.m. UTC | #2
Hi Kees,

Sincerely sorry, I just saw this email.
Embarrassingly, due to another job change, my plan was postponed again :(.

I may not be able to attend this year's GCC meeting. Is there any other
way to let this get some traction in GCC? I really hope someone can help
with this topic.

BTW, I'm still looking at this and plan to finish it by the end of this
year, but it's taking too long and there's a lot of uncertainty, so
please just consider this only as a backup option.

Thanks,
Dan.

On Thu, 22 Jun 2023 at 05:54, Kees Cook <keescook@chromium.org> wrote:
>
> On Sat, Mar 25, 2023 at 01:11:14AM -0700, Dan Li wrote:
> > This series of patches is mainly used to support the control flow
> > integrity protection of the linux kernel [1], which is similar to
> > -fsanitize=kcfi in clang 16.0 [2,3].
> >
> > Any suggestion please let me know :).
>
> Hi Dan,
>
> It's been a couple months, and I didn't see any other feedback on this
> proposal. I was curious what the status of this work is. Are you able to
> attend GNU Cauldron[1] this year? I'd love to see this get some traction
> in GCC.
>
> Thanks!
>
> -Kees
>
> [1] https://gcc.gnu.org/wiki/cauldron2023
>
> --
> Kees Cook
Dan Li July 19, 2023, 8:41 a.m. UTC | #3
Hi All,

Embarrassingly, due to personal reasons, I may not be able to complete
the series of patches on the forward side of GCC CFI for the time being.

Please forgive me for not realizing that I should have sent this help
email a long time ago :(

This topic has been delayed for a long time, and I would be very grateful
if someone can help complete this series of patches.

BTW, please let me know if there are more groups I can cc for help.

Thanks!
Dan.

On Sat, 25 Mar 2023 at 16:11, Dan Li <ashimida.1990@gmail.com> wrote:
>
> This series of patches is mainly used to support the control flow
> integrity protection of the linux kernel [1], which is similar to
> -fsanitize=kcfi in clang 16.0 [2,3].
>
> Any suggestion please let me know :).
>
> Thanks, Dan.
>
> [1] https://lore.kernel.org/all/20220908215504.3686827-1-samitolvanen@google.com/
> [2] https://clang.llvm.org/docs/ControlFlowIntegrity.html
> [3] https://reviews.llvm.org/D119296
>
> Signed-off-by: Dan Li <ashimida.1990@gmail.com>
>
> ---
> Dan Li (3):
>   [PR102768] flag-types.h (enum sanitize_code): Extend sanitize_code to
>     64 bits to support more features
>   [PR102768] Support CFI: Add basic support for Kernel Control Flow
>     Integrity
>   [PR102768] aarch64: Add support for Kernel Control Flow Integrity
>
>  gcc/asan.h                    |   4 +-
>  gcc/c-family/c-attribs.cc     |  10 +-
>  gcc/c-family/c-common.h       |   2 +-
>  gcc/c/c-parser.cc             |   4 +-
>  gcc/cfgexpand.cc              |  26 ++++++
>  gcc/cgraphunit.cc             |  34 +++++++
>  gcc/combine.cc                |   1 +
>  gcc/common.opt                |   4 +-
>  gcc/config/aarch64/aarch64.cc | 166 ++++++++++++++++++++++++++++++++++
>  gcc/cp/typeck.cc              |   2 +-
>  gcc/doc/invoke.texi           |  36 ++++++++
>  gcc/doc/tm.texi               |  27 ++++++
>  gcc/doc/tm.texi.in            |   8 ++
>  gcc/dwarf2asm.cc              |   2 +-
>  gcc/emit-rtl.cc               |   1 +
>  gcc/emit-rtl.h                |   4 +
>  gcc/final.cc                  |  24 ++++-
>  gcc/flag-types.h              |  67 +++++++-------
>  gcc/gimple.cc                 |  11 +++
>  gcc/gimple.h                  |   5 +-
>  gcc/opt-suggestions.cc        |   2 +-
>  gcc/opts.cc                   |  26 +++---
>  gcc/opts.h                    |   8 +-
>  gcc/output.h                  |   3 +
>  gcc/reg-notes.def             |   1 +
>  gcc/target.def                |  38 ++++++++
>  gcc/toplev.cc                 |   4 +
>  gcc/tree-cfg.cc               |   2 +-
>  gcc/tree.cc                   | 144 +++++++++++++++++++++++++++++
>  gcc/tree.h                    |   1 +
>  gcc/varasm.cc                 |  26 ++++++
>  31 files changed, 627 insertions(+), 66 deletions(-)
>
> --
> 2.17.1
>