I got asked about GCC's -mmitigate-rop option, so I did some quick kernel builds and compared the results. I would agree with the option's documentation: it still needs to mature a bunch more before it'll be meaningfully useful. https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=kspp/gcc/mitigate-rop&id=5576f5fa57ff2fcdf041156bebf190a8f6b4dd9e …
-
-
What needs to happen to make fined grained CFI happen in the upstream kernel? How can I help?
-
@samitolvanen 1st is to get Clang LTO working upstream. That will take either convincing LLVM developers to look at the kernel memory model for LTO or stick to per-module memory model constraints under LTO. https://lkml.org/lkml/2017/11/15/772 … Next, using -fsanitize=cfi isn't too much more. -
Clang LTO already works, there are just no guarantees the compiler won't break something in future. Here's a CFI patch set for 4.9: https://android-review.googlesource.com/q/topic:android-4.9-cfi …
-
At the LLVM level, it's possible to enable the usual module IR optimizations despite using LTO along with disabling them for link-time optimization. Could avoid most of the potential issues like that, other than stuff triggered in CodeGen. It would give up the opt wins though.
-
Not sure if that functionality is exposed by Clang though. It doesn't really seem to give much control over the pass manager stuff.
-
clang -mllvm -debug-pass=Structure is helpful for figuring out what it's asking LLVM to do. Can compare the per-object non-LTO and LTO optimization passes with that along with seeing what it's doing at the link-time stage. Safe option would be making it not do link-time IR opt.
-
Need to get it to do the usual CodeGen optimization at link-time along with the usual IR optimization when making the object files though. IIRC, it drastically tones down the per-object IR optimization in anticipation of having link-time optimization.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.