scottconstable wrote:
@lvwr @maurer @rcvalle A gentle reminder to please review this PR.
https://github.com/llvm/llvm-project/pull/121070
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commit
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/121070
>From 54296a3991e186629889611eff9e7cdd2c1cadca Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Mon, 23 Dec 2024 13:48:48 -0800
Subject: [PATCH] Implement a new kcfi_arity feature that encodes an in
scottconstable wrote:
@sirmc @samitolvanen @Darksonn @lvwr @maurer @rcvalle A gentle reminder to
please review this PR.
https://github.com/llvm/llvm-project/pull/121070
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi
scottconstable wrote:
> > maurer: I think their point is that even if you are not changing the hash
> > scheme, you are proposing breaking compatibility of the identifier with
> > existing code. Since we don't want to do this many times, if we are
> > breaking compatibility with existing code,
scottconstable wrote:
> If hashing is changed, consider replacing xxhash64 with xxh3+_64bits
@MaskRay This PR does not change the hashing scheme at all.
https://github.com/llvm/llvm-project/pull/121070
___
cfe-commits mailing list
cfe-commits@lists.ll
@@ -254,6 +254,7 @@ FEATURE(is_trivially_constructible, LangOpts.CPlusPlus)
FEATURE(is_trivially_copyable, LangOpts.CPlusPlus)
FEATURE(is_union, LangOpts.CPlusPlus)
FEATURE(kcfi, LangOpts.Sanitize.has(SanitizerKind::KCFI))
+FEATURE(kcfi_x86_arity, LangOpts.Sanitize.has(Sanitize
scottconstable wrote:
@sirmc @samitolvanen @Darksonn @lvwr @maurer @rcvalle @MaskRay A gentle
reminder to please review this PR.
https://github.com/llvm/llvm-project/pull/121070
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llv
@@ -181,8 +181,26 @@ void X86AsmPrinter::emitKCFITypeId(const MachineFunction
&MF) {
// Embed the type hash in the X86::MOV32ri instruction to avoid special
// casing object file parsers.
EmitKCFITypePadding(MF);
+
+ Register MovReg = X86::EAX;
+ const auto &Triple = M
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/121070
>From 73b6f6332cf699b7fa1bcf7cae90ef828cfa9158 Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Mon, 23 Dec 2024 13:48:48 -0800
Subject: [PATCH] Implement a new kcfi_x86_arity feature that encodes a
scottconstable wrote:
> And you cannot use ESI when it's used to pass arguments.
@phoebewang I think that my
https://github.com/llvm/llvm-project/pull/121070#discussion_r1898074522 also
applies to this concern.
https://github.com/llvm/llvm-project/pull/121070
_
@@ -181,8 +181,26 @@ void X86AsmPrinter::emitKCFITypeId(const MachineFunction
&MF) {
// Embed the type hash in the X86::MOV32ri instruction to avoid special
// casing object file parsers.
EmitKCFITypePadding(MF);
+
+ Register MovReg = X86::EAX;
+ const auto &Triple = M
@@ -254,6 +254,7 @@ FEATURE(is_trivially_constructible, LangOpts.CPlusPlus)
FEATURE(is_trivially_copyable, LangOpts.CPlusPlus)
FEATURE(is_union, LangOpts.CPlusPlus)
FEATURE(kcfi, LangOpts.Sanitize.has(SanitizerKind::KCFI))
+FEATURE(kcfi_x86_arity, LangOpts.Sanitize.has(Sanitize
scottconstable wrote:
> I haven't received a reply for my concerns I commented at [#117121
> (comment)](https://github.com/llvm/llvm-project/pull/117121#issuecomment-2502346476)
> and [#117121
> (comment)](https://github.com/llvm/llvm-project/pull/117121#issuecomment-2516251353),
> and they s
@@ -181,8 +181,26 @@ void X86AsmPrinter::emitKCFITypeId(const MachineFunction
&MF) {
// Embed the type hash in the X86::MOV32ri instruction to avoid special
// casing object file parsers.
EmitKCFITypePadding(MF);
+
+ Register MovReg = X86::EAX;
+ const auto &Triple = M
scottconstable wrote:
@phoebewang @sirmc @samitolvanen @Darksonn @lvwr @ojeda @maurer @rcvalle
@MaskRay
I have created https://github.com/llvm/llvm-project/pull/121070 to implement
the alternate proposal summarized in this comment above:
https://github.com/llvm/llvm-project/pull/117121#issuec
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/121070
>From 70f1743e23ff8e218799e94b03a5bf033715666a Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Mon, 23 Dec 2024 13:48:48 -0800
Subject: [PATCH] Implement a new kcfi_x86_arity feature that encodes a
https://github.com/scottconstable created
https://github.com/llvm/llvm-project/pull/121070
Kernel Control Flow Integrity (kCFI) is a feature that hardens indirect calls
by comparing a 32-bit hash of the function pointer's type against a hash of the
target function's type. If the hashes do not
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/117121
>From b787d6d7a9c0904c5e47e32556103b8a5220a7d1 Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Tue, 19 Nov 2024 15:51:05 -0800
Subject: [PATCH] Enhance KCFI type IDs with a 3-bit arity indicator.
scottconstable wrote:
@rcvalle @maurer Do you have any feedback on the alternative proposal,
https://github.com/llvm/llvm-project/pull/117121#issuecomment-2518240999?
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-co
scottconstable wrote:
> If you are changing the hash scheme, please migrate from xxHash64 to xxh3. We
> want to remove the legacy xxHash64 from LLVM.
It seems from the discussion above that this change would require a new flag.
Suppose, for instance, that a user builds a kernel with a version
scottconstable wrote:
> I think Scott's second point may be the relevant one - this may be similar
> strength or slightly weaker, but having an indicator stating which registers
> are live is potentially needed to allow FineIBT to poison them during
> speculative execution.
>
> Given how much
scottconstable wrote:
I also do not want to lose sight of one of the other obvious advantages that
was mentioned in the PR description:
> One additional benefit of this patch is that it can benefit other CFI
> approaches that build on kCFI, such as FineIBT. For example, this proposed
> enhanc
scottconstable wrote:
Hi @maurer, I can honestly say that I appreciate your attention to detail.
While your observation that "attackers often have direct control of
intentionally passed arguments" is true in general, I do not see evidence of
this among indirect calls in the Linux kernel. 77% o
scottconstable wrote:
> This is not a Rust concern, but re-reading the initial post, it _looks_ like
> your own statistics suggest that consuming 3 bits for arity costs more than
> it buys you. As stated, (didn't check your math, just going off what you
> said) prior to your change, we expect
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
scottconstable wrote:
This PR is intended to improve security for X86 kernels, as the title suggests.
I think that we can and should incorporate feedback from the other
participants, several of whom have recommended that this new behavior should be
explicitly enabled with a flag, rather than i
scottconstable wrote:
> Sorry, what I meant was we should be looking only at the number of return
> (with void being zero, and everything else being one) and parameters from the
> function declaration/definition and shouldn't be looking at the parameters'
> type layout (i.e., size), and how an
scottconstable wrote:
> > Flag guarding this feature seems like it would also be good for any
> > existing C users - for example, if trying to build a kernel module intended
> > to load against a kernel image built with an older `clang`, you need to
> > select the same type ID projection that
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
scottconstable wrote:
> Although the default calling convention uses 6 registers, others like RegCall
> uses more. Do you want to check calling convention as well?
AFAIK the use case for KCFI is very narrow: the x86-64 Linux kernel. And I
don't believe that the kernel uses (or even allows?) an
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
scottconstable wrote:
> > > > @phoebewang and @lvwr I also noticed that there is this code in LLVM:
> > > > https://github.com/llvm/llvm-project/blob/9ba6672b9f0e82a1f6d4100dc832c84447ea545c/llvm/lib/Transforms/Utils/ModuleUtils.cpp#L202-L214
> > > >
> > > > . As far as I can tell, this code is
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/117121
>From b787d6d7a9c0904c5e47e32556103b8a5220a7d1 Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Tue, 19 Nov 2024 15:51:05 -0800
Subject: [PATCH] Enhance KCFI type IDs with a 3-bit arity indicator.
scottconstable wrote:
> > Second, this scheme reduces the expected number of hash collisions within
> > each arity, compared against the expected number of collisions (0.01383765)
> > for the 32-bit hashing scheme that includes all arities. The table below
> > shows the expected number of coll
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/117121
>From 4f21a0c817d221398bb93e25452518d265794265 Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Tue, 19 Nov 2024 15:51:05 -0800
Subject: [PATCH] Enhance KCFI type IDs with a 3-bit arity indicator.
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
@@ -208,10 +209,34 @@ void llvm::setKCFIType(Module &M, Function &F, StringRef
MangledType) {
std::string Type = MangledType.str();
if (M.getModuleFlag("cfi-normalize-integers"))
Type += ".normalized";
+
+ uint32_t OutHash = static_cast(llvm::xxHash64(Type));
+ auto
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/117121
>From ccb50df487043cde9414943f08988bc9e6ee Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Tue, 19 Nov 2024 15:51:05 -0800
Subject: [PATCH] Enhance KCFI type IDs with a 3-bit arity indicator.
scottconstable wrote:
> > @phoebewang and @lvwr I also noticed that there is this code in LLVM:
> > https://github.com/llvm/llvm-project/blob/9ba6672b9f0e82a1f6d4100dc832c84447ea545c/llvm/lib/Transforms/Utils/ModuleUtils.cpp#L202-L214
> >
> > . As far as I can tell, this code is not triggered wh
https://github.com/scottconstable updated
https://github.com/llvm/llvm-project/pull/117121
>From d5ec228a1d3e059e2a64ac1a150bec6f65d573e7 Mon Sep 17 00:00:00 2001
From: Scott D Constable
Date: Tue, 19 Nov 2024 15:51:05 -0800
Subject: [PATCH] Enhance KCFI type IDs with a 3-bit arity indicator.
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
scottconstable wrote:
@phoebewang and @lvwr I also noticed that there is this code in LLVM:
https://github.com/llvm/llvm-project/blob/9ba6672b9f0e82a1f6d4100dc832c84447ea545c/llvm/lib/Transforms/Utils/ModuleUtils.cpp#L202-L214.
As far as I can tell, this code is not triggered when I build the L
https://github.com/scottconstable edited
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
scottconstable wrote:
@phoebewang @lvwr Please review this PR.
https://github.com/llvm/llvm-project/pull/117121
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
https://github.com/scottconstable created
https://github.com/llvm/llvm-project/pull/117121
Kernel Control Flow Integrity (kCFI) is a feature that hardens indirect calls
by comparing a 32-bit hash of the function pointer's type against a hash of the
target function's type. If the hashes do not
Dear Reviewer,
The current doxygen.cfg.in will produce paths that cannot be understood by
Doxygen/Graphviz, when any generated paths contain white space. This patch
simply adds quotations to all generated paths so that white space cannot be
misinterpreted by Doxygen/Graphviz.
~Scott Constable
d
52 matches
Mail list logo
