[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 29/70] xen/misc: CFI hardening


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Wed, 23 Feb 2022 10:34:04 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xnBbGmMvvqr742lxz/97xnbS6iPLtn5CQAdCTkMymAM=; b=faj6XOSIDPsLlcHe/zAfD/ajhqROA4UUbUeZfI5Hs6nRKNzDYw3DYyHfnabXT3uHxE7/4qTG35bYVIutn1AgmfDwzSaOf0qr7kY+Q6fBIWsugImN7qVSRqwT2hrEydnKU9u+OQXQpajhRxWwb6QFXQESUsLgmeSul1i3UuJYSCalDX/DdC/FBTAMbXjbGd6d+HpMiHl9Ep4uV0LNPXeYK1+xDhQkB5Xqko3iQc5nFI3kZjhMmoy5rOswkI4M5SUOH2i8U0ECE7CJe/e1ww+VGMFtVnaV30bG1e0nH0zC4JJHsGXt65aN3AxWce2w07gt9C6OmJLdT+ybjRV8ZAhiMQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CInNwboxKGQAgv85lCnk9GuOlRPG89bHzvum3nqG3hwgUTogHysNVKiuEH0+sgKh/c4vzhoaxreCEC/xowlWZCzbqhJtQN0M27bUvyqdgrprCb9L6T6KROOql8rdaTvX8hc1Emp3aZI39pgv5Bcq7bYxVKKq90sOiZmCwOCjS3qQH8+QAQeK2vq70k+Xqc+uP2g0H8z4GJBjrI4vgXehhqqx/+y+Dknq5uSAmUhuVix6wG0mWBBowcmKBa/G6ykvGEjnM+TLrnW+wIurvIIn0yCtg2igD1mXKqEZdh64v4hBZ2bl7wLFmMviQZGdEcAlrn1pDU1nhqNDOgC4m83lpw==
  • Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 23 Feb 2022 10:34:23 +0000
  • Ironport-data: A9a23:HjR5WK2aQ5YQX+NL+PbD5d1xkn2cJEfYwER7XKvMYLTBsI5bpzIBn 2obUGiHa/fZazfyLtFwbo/jo0kPuJXQzd5lTwZspC1hF35El5HIVI+TRqvS04J+DSFhoGZPt Zh2hgzodZhsJpPkjk7xdOCn9xGQ7InQLlbGILes1htZGEk0GE/NtTo5w7Rj2tQy2oDga++wk YiaT/P3aQfNNwFcagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDfjZw0/DaptVBoaHq 9Prl9lVyI97EyAFUbtJmp6jGqEDryW70QKm0hK6UID66vROS7BbPg/W+5PwZG8O4whlkeydx /10uJiyZgsEL5HBs8Y5TSlDE2ZsfrV/reqvzXiX6aR/zmXDenrohf5vEFs3LcsT/eMf7WNmr KJCbmpXN1ba2rzwkOnTpupE36zPKOHCOo8Ft24m5jbeFfs8GrjIQrnQ5M8e1zA17ixLNaiCO ZpIN2M/BPjGSzIVO1kzUoJ9oPWXvVbAai1mknG0rKVitgA/yyQuieOwYbI5YOeiVchT20qVu G/C12D4GQ0BcsySzyKf9XChjfOJmjn0MKoQHrCl8v9hgHWI23ceThYRUDOGTeKR0xDkHYgFc gpNp3Ro/fNaGFGXosfVZhC8olGIkw8gVvFyN/MK8wHK2OnM2lPMboQbdQJpZNsjvc4wYDUl0 F6Vgt/kbQBSXK2ppWG1renN827rUcQBBSpbPHJfE1NZizX2iNxr1nryosBf/LlZZzEfMRX52 Hi0oSc3nN3/ZuZbhvzgrTgrb99Bz6UlrzLZBC2KBgpJDSsjPeZJgrBED3CBsZ6sy67DEzG8U IAswZT20Qz3JcjleNaxaOsMBqq1wP2OLSfRh1Vid7F4qWjwpiP9JdAKvG4uTKuMDiriUWW1C KM0kVkMjKK/wVPwNfMnC25PI55CIVfc+STNCamPM4smjmlZfw6b5iB+DXN8LEi2+HXAZZoXY M/BGe71VC5yIf0+kFKeGrdMuZd2l3tW7T6CGvjGI+GPjOP2iIi9EuxebjNjr4kRscu5neki2 4wBb5DTk00HCoUToED/qOYuELzDFlBibbjeoM1LbO+TZA1gHWAqEfjKxr09PYdimsxoei3gp BlRhmcwJILDuED6
  • Ironport-hdrordr: A9a23:bhHi0q7Ds+Cu1CcV1QPXwWaBI+orL9Y04lQ7vn2ZFiY7TiXIra yTdaoguCMc0AxhJU3Jmbi7Scy9qeu1z+873WBjB8bfYOCAghrnEGgC1/qv/9SEIUPDH4FmpN 5dmsRFeb7N5B1B/LzHCWqDYpcdKbu8gdiVbI7lph8HJ2ALV0gj1XYDNu/yKDwseOAsP+tcKH Po3Lsgm9PWQwVxUi3UPAhmY8Hz4/nw0L72ax8PABAqrCOUiymz1bL8Gx+Emj8DTjJm294ZgC j4uj28wp/mn+Cwyxfa2WOWxY9RgsHdxtxKA9HJotQJKw/rlh2jaO1aKv6/VXEO0aOSAWQR4Z 3xSiQbToNOArTqDyeISC7WqkzdOfAVmibfIBGj8CPeSIfCNU0H4oJ69Pxkm13imhAdVZhHod J2NyjyjesnMTrQ2Cv6/NTGTBdsiw69pmcji/caizhFXZIZc6I5l/1VwKp5KuZIIMvB0vFuLA CuNrCp2N9GNVeBK3zJtGhmx9KhGnw1AxedW0AH/siYySJfknx1x1YRgJV3pAZMyLstD51fo+ jUOKVhk79DCscQcKJmHe8EBc+6EHbETx7AOH+bZV7nCKYEMXTQrIOf2sR+2Mi6PJgTiJcikp XIV11V8WY0ZkL1EMWLmIZG9xjcKV/NKwgFCvsukKSRloeMNoYDaxfzO2zGu/HQ1skiPg==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYKAC1Wg3VwzQSaUqtYiPtXsy9Payg70mAgAACdoA=
  • Thread-topic: [PATCH v3 29/70] xen/misc: CFI hardening

On 23/02/2022 10:25, Jan Beulich wrote:
> On 22.02.2022 16:26, Andrew Cooper wrote:
>> Control Flow Integrity schemes use toolchain and optionally hardware support
>> to help protect against call/jump/return oriented programming attacks.
>>
>> Use cf_check to annotate function pointer targets for the toolchain.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
>> ---
>> v3
>>  * Annotations for gcov
> Hmm, ...
>
>> ---
>>  xen/arch/x86/mm.c                        | 6 ++++--
>>  xen/arch/x86/setup.c                     | 4 ++--
>>  xen/common/coverage/gcov.c               | 8 ++++----
> ... what about llvm.c then?

Good point.  I'll fix up.

There's currently no Clang toolchain capable of spotting/complaining at
this, but the Clang devs are working on this.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.