qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 0/9] Add support for Control-Flow Integrity


From: Daniele Buono
Subject: Re: [PATCH v3 0/9] Add support for Control-Flow Integrity
Date: Fri, 6 Nov 2020 08:35:59 -0500
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1

Hi Cornelia,

I don't have a real preference either way.

So if it is acceptable to have the clang11+ patches separated and
handled by the maintainers for the proper subsystem, I'd say whatever
the maintainers prefer.

In my opinion, the patches for clang11+ support may be merged
separately.

I'm saying this because, from my tests, the only feature that needs
clang11+ to compile with Control-Flow Integrity is fuzzing.
However, the main way we're fuzzing QEMU is through OSSfuzz, and I don't
think their infrastructure is using a compiler that new, so we wouldn't
be able to enable it anyway. (Alex can chip in to confirm this)
On the other hand, if someone is looking for temporary support in-house,
they can just add -Wno-[...] as extra-cflags until the additional
patches land. (Assuming CFI lands before the clang11+ patches).

Regards,
Daniele

On 11/6/2020 7:47 AM, Cornelia Huck wrote:
On Thu,  5 Nov 2020 17:18:56 -0500
Daniele Buono <dbuono@linux.vnet.ibm.com> wrote:

This patch adds supports for Control-Flow Integrity checks
on indirect function calls.

Requires the use of clang, and link-time optimizations

Changes in v3:

- clang 11+ warnings are now handled directly at the source,
instead of disabling specific warnings for the whole code.
Some more work may be needed here to polish the patch, I
would kindly ask for a review from the corresponding
maintainers

Process question :)

Would you prefer to have this series merged in one go, or should
maintainers pick the patches for their subsystem?

- Remove configure-time checks for toolchain compatibility
with LTO.
- the decorator to disable cfi checks on functions has
been renamed and moved to include/qemu/compiler.h
- configure-time checks for cfi support and dependencies
has been moved from configure to meson

Link to v2: https://www.mail-archive.com/qemu-devel@nongnu.org/msg753675.html
Link to v1: https://www.mail-archive.com/qemu-devel@nongnu.org/msg718786.html

Daniele Buono (9):
   fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
   s390x: fix clang 11 warnings in cpu_models.c
   hw/usb: reorder fields in UASStatus
   s390x: Avoid variable size warning in ipl.h
   scsi: fix overflow in scsi_disk_new_request_dump
   configure,meson: add option to enable LTO
   cfi: Initial support for cfi-icall in QEMU
   check-block: enable iotests with cfi-icall
   configure/meson: support Control-Flow Integrity

  accel/tcg/cpu-exec.c          | 11 +++++++++
  configure                     | 26 ++++++++++++++++++++
  hw/s390x/ipl.h                |  4 +--
  hw/scsi/scsi-disk.c           |  4 +++
  hw/usb/dev-uas.c              |  2 +-
  include/qemu/compiler.h       | 12 +++++++++
  meson.build                   | 46 +++++++++++++++++++++++++++++++++++
  meson_options.txt             |  4 +++
  plugins/core.c                | 37 ++++++++++++++++++++++++++++
  plugins/loader.c              |  7 ++++++
  target/s390x/cpu_models.c     |  8 +++---
  tcg/tci.c                     |  7 ++++++
  tests/check-block.sh          | 18 ++++++++------
  tests/qtest/fuzz/fork_fuzz.ld | 12 ++++++++-
  util/main-loop.c              | 11 +++++++++
  util/oslib-posix.c            | 11 +++++++++
  16 files changed, 205 insertions(+), 15 deletions(-)






reply via email to

[Prev in Thread] Current Thread [Next in Thread]