Page MenuHomePhabricator

kees (Kees Cook)
User

Projects

User does not belong to any projects.

User Details

User Since
Feb 6 2019, 5:35 AM (172 w, 2 d)

Recent Activity

Wed, May 11

kees added a comment to D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

I think the most relevant post from @rsmith is: https://discourse.llvm.org/t/making-ftrivial-auto-var-init-zero-a-first-class-option/55143/40

He has a prototype: https://reviews.llvm.org/D79249
I assume he would like someone to pursue it further, it was a good faith attempt at not just demanding. I'd played with it and it needed a few fixes, but overall it was pretty complete. Does someone want to give it a go?

Wed, May 11, 9:59 AM · Restricted Project, Restricted Project

Tue, May 10

kees added a comment to D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

This is marked "needs revision", but I think it just needs wider review?

Tue, May 10, 3:14 PM · Restricted Project, Restricted Project
kees added a comment to D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

This cannot be committed as is. In particular, @rsmith's "We do not want to create or encourage the creation of language dialects and non-portable code," concern on https://discourse.llvm.org/t/making-ftrivial-auto-var-init-zero-a-first-class-option/55143/2 (shared by someone else) will be affected, I'd like to see that they lift their concerns.

Tue, May 10, 10:52 AM · Restricted Project, Restricted Project

Mon, May 9

kees updated the diff for D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

add release notes

Mon, May 9, 3:42 PM · Restricted Project, Restricted Project
kees updated the diff for D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

update with suggestions

Mon, May 9, 12:47 PM · Restricted Project, Restricted Project
kees planned changes to D125142: [clang][auto-init] Remove -enable flag for "zero" mode.
Mon, May 9, 12:40 PM · Restricted Project, Restricted Project

Sun, May 8

kees updated the diff for D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

Report flag as "unused"

Sun, May 8, 2:12 AM · Restricted Project, Restricted Project

Sat, May 7

kees planned changes to D125142: [clang][auto-init] Remove -enable flag for "zero" mode.

It would be somewhat helpful as a transition aid if -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang remained as a no-op producing a warning (a generic unused argument warning would be fine).

Sat, May 7, 11:04 PM · Restricted Project, Restricted Project

Fri, May 6

kees requested review of D125142: [clang][auto-init] Remove -enable flag for "zero" mode.
Fri, May 6, 4:03 PM · Restricted Project, Restricted Project

Apr 19 2022

kees added a comment to D123544: [randstruct] Automatically randomize a structure of function pointers.

I tested this (with D123958), and it appears to be working as intended. These two fptrs are the first and second listed, and are happily randomized:

Apr 19 2022, 2:04 PM · Restricted Project, Restricted Project
kees added a comment to D123958: [randstruct] Randomize all elements of a record.

I had assumed that any structure not marked for randomization would not be randomized. Based on that, I don't think inner structure objects (anonymous or otherwise) should automatically randomize their fields. WDYT?

Apr 19 2022, 11:02 AM · Restricted Project, Restricted Project

Mar 31 2022

kees added a reviewer for D122854: [CSKY] AsmBackend: Make Inst.dump() debug-only: void.
Mar 31 2022, 4:27 PM · Restricted Project, Restricted Project
kees requested review of D122854: [CSKY] AsmBackend: Make Inst.dump() debug-only.
Mar 31 2022, 4:04 PM · Restricted Project, Restricted Project

Feb 25 2022

kees added a comment to D119816: [SanitizerBounds] Add support for NoSanitizeBounds function.

FWIW, related problems with pskb_expand_head were seen again here:
https://github.com/ClangBuiltLinux/linux/issues/1599

Feb 25 2022, 2:11 PM · Restricted Project, Restricted Project

Feb 8 2022

kees added a comment to D110869: [X86] Implement -fzero-call-used-regs option.

I can build and boot with this. Nice! :) One issue I see is in instruction sequence ordering.

Feb 8 2022, 12:39 AM · Restricted Project, Restricted Project

Oct 13 2021

kees added a comment to D107934: [LowerTypeTests] Emit cfi_jt aliases regardless of function export.

Ping; Nick, do you have a moment to rework this patch? AIUI, this is still important to getting CFI more sane for Android.

Oct 13 2021, 1:11 PM · Restricted Project, Restricted Project

Sep 30 2021

kees added a comment to D109967: Simplify handling of builtin with inline redefinition.

Is https://bugs.llvm.org/show_bug.cgi?id=50322 a duplicate of https://bugs.llvm.org/show_bug.cgi?id=23280 ? (Can both be closed?)

Sep 30 2021, 11:00 AM · Restricted Project

Sep 27 2021

kees added a comment to D109967: Simplify handling of builtin with inline redefinition.

Yeah, I can confirm that many cases are improved with this patch (others are more sensitive and depend on the __bos behavior I mentioned). With the 17 kernel FORTIFY self-tests, all 17 fail without this patch. With this patch, 9 start passing. Nice!

Sep 27 2021, 4:39 PM · Restricted Project
kees added a comment to D109967: Simplify handling of builtin with inline redefinition.

I'm setting up to test this patch (thank you!) using my current kernel FORTIFY improvements. Right now I have a bunch of compile-time behavior selftests written:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/overflow&id=3c5221f3f4fd865a780f544b72c68f4209bd2e76

Sep 27 2021, 2:47 PM · Restricted Project

Sep 17 2021

kees added a comment to D109967: Simplify handling of builtin with inline redefinition.

Does this address https://bugs.llvm.org/show_bug.cgi?id=50322 ? (I assume this is a new version of https://reviews.llvm.org/D92657 ?)

Sep 17 2021, 9:17 AM · Restricted Project

May 26 2021

kees added a comment to D103120: LTO: Export functions referenced by non-canonical CFI jump tables.

PoC from Sami:
https://godbolt.org/z/xfsWjhGhq

May 26 2021, 12:14 PM · Restricted Project

May 13 2021

kees added a comment to D102367: [LowerConstantIntrinsics] reuse isManifestLogic from ConstantFolding.

FWIW, I've tested this on a full Linux kernel build and I can confirm it's building correctly; I'm able to start my incremental FORTIFY fixes now. :) Thanks!

May 13 2021, 11:41 PM · Restricted Project

Feb 9 2021

kees added a comment to D96308: [llvm-objcopy] Avoid rename if input filename = output filename.

Is it possible to plumb fd instead of pathname? Then fchown(), fsetxattr(), etc, can all be used?

Feb 9 2021, 10:46 AM · Restricted Project

Nov 25 2020

kees added a comment to D91895: [Clang] improve -Wimplicit-fallthrough GCC compat.

The kernel's stance on switch statements reads:

Nov 25 2020, 1:33 PM · Restricted Project

Aug 28 2020

kees added a comment to D68720: Support -fstack-clash-protection for x86.

Ah! Yes, I see it now. Thanks and sorry for the noise!

Aug 28 2020, 12:23 AM · Restricted Project, Restricted Project

Aug 27 2020

kees reopened D68720: Support -fstack-clash-protection for x86.

Sorry if I missed something here, but why is this marked as "Closed"? It seems like the feature has still not landed (i.e. it got reverted).

Aug 27 2020, 4:32 PM · Restricted Project, Restricted Project

Jun 29 2020

kees added a comment to D80791: [AArch64] Generate .note.gnu.property based on module flags..

Might someone wish to disable PAC/BTI on an individual function, while having it on for the rest? I guess that would mean you can't call that function indirectly?

Jun 29 2020, 12:28 PM · Restricted Project, Restricted Project
kees added a comment to D80791: [AArch64] Generate .note.gnu.property based on module flags..

Specifically, this appears to be a legitimate bug, found by the warnings: https://bugs.llvm.org/show_bug.cgi?id=46258

Jun 29 2020, 8:36 AM · Restricted Project, Restricted Project
kees added a comment to D80791: [AArch64] Generate .note.gnu.property based on module flags..

Should the per-function analysis warning actually be removed? That seems like a helpful check to catch a different form of bad behavior.

Jun 29 2020, 8:03 AM · Restricted Project, Restricted Project

Mar 9 2020

kees added a comment to D75225: [ELF] Keep orphan section names (.rodata.foo .text.foo) unchanged if !hasSectionsCommand.

.text.* -> .text

This is not accurate: ld.bfd will keep the .text.$foo names, but place them all after the .text (it does not merge them into .text). Currently, ld.lld seems to merge them into .text. FGKASLR depends on the non-merging behavior.

I think the description is correct. I have a line // If a SECTIONS command is not specified in the code block.

Here is GNU ld's internal linker script:

.text           :
{
  *(.text.unlikely .text.*_unlikely .text.unlikely.*)
  *(.text.exit .text.exit.*)
  *(.text.startup .text.startup.*)
  *(.text.hot .text.hot.*)
  *(.text .stub .text.* .gnu.linkonce.t.*)
  /* .gnu.warning sections are handled specially by elf32.em.  */
  *(.gnu.warning)
}

(As you can see, -z keep-text-section-prefix does less than what GNU ld does. One issue with GNU ld's internal linker script is that -ffunction-sections (typical when building a libc) will cause the function exit to be reordered before others...)

Mar 9 2020, 9:41 AM · Restricted Project

Mar 4 2020

kees added a comment to D73126: [X86] Generate unaligned access for fixed slots in unaligned stack.

Hi! What's the state of this change? Do you need help committing this?

Mar 4 2020, 9:32 AM · Restricted Project

Feb 27 2020

kees added a comment to D75225: [ELF] Keep orphan section names (.rodata.foo .text.foo) unchanged if !hasSectionsCommand.

This is not accurate: ld.bfd will keep the .text.$foo names, but place them all after the .text (it does not merge them into .text). Currently, ld.lld seems to merge them into .text. FGKASLR depends on the non-merging behavior.

Feb 27 2020, 9:09 AM · Restricted Project

Feb 25 2020

kees added a comment to D75151: [ELF] --orphan-handling=: don't warn/error for input SHT_REL[A] retained by --emit-relocs.

Awesome! With this and D75149 my defconfig kernel build now only shows:

Feb 25 2020, 8:26 PM · Restricted Project
kees added a comment to D75149: [ELF] --orphan-handling=: don't warn/error for unused synthesized sections.

On my orphan checking kernel series, I'm left with only .rela_* and .rela.* getting reported, along with:

Feb 25 2020, 3:59 PM · Restricted Project

Feb 18 2020

kees added a comment to D74747: [JumpThreading] Skip unconditional PredBB when threading jumps through two basic blocks.

Thank you! I can confirm this fixes the problems I saw building the Linux kernel with CONFIG_UBSAN=y.

Feb 18 2020, 3:47 PM · Restricted Project

Feb 17 2020

kees added a comment to D74510: [ELF] Fix a null pointer dereference when --emit-relocs and --strip-debug are used together.

Thank you for the quick fix! I can confirm my builds with --string-debug work now. :)

Feb 17 2020, 10:58 AM · Restricted Project

Aug 15 2019

kees added a comment to D63260: [Attr] Support _attribute__ ((fallthrough)).

For latest version see https://reviews.llvm.org/D64838

Aug 15 2019, 11:08 AM · Restricted Project

Aug 9 2019

kees added a comment to D65629: cfi-icall: Allow the jump table to be optionally made non-canonical..

Just FYI, I can confirm a happily running arm64 kernel with CFI enabled built with this patch series. The C wrappers aren't needed and CFI is still triggering on mismatches:

Aug 9 2019, 1:00 AM · Restricted Project, Restricted Project

May 30 2019

kees added a comment to D56571: [RFC prototype] Implementation of asm-goto support in clang.

Nick points out that "REQUIRES: x86-registered-target" is likely not needed.

May 30 2019, 12:14 PM
kees added inline comments to D56571: [RFC prototype] Implementation of asm-goto support in clang.
May 30 2019, 11:21 AM

May 22 2019

kees committed rGc2187c20a461: [TargetLowering] Extend bool args to inline-asm according to getBooleanType (authored by kees).
[TargetLowering] Extend bool args to inline-asm according to getBooleanType
May 22 2019, 9:16 AM
kees committed rL361404: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.
[TargetLowering] Extend bool args to inline-asm according to getBooleanType
May 22 2019, 9:16 AM
kees closed D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.
May 22 2019, 9:16 AM · Restricted Project
kees committed rGa7a687e50004: [TargetLowering] Add blank line (test commit) (authored by kees).
[TargetLowering] Add blank line (test commit)
May 22 2019, 9:00 AM
kees committed rL361403: [TargetLowering] Add blank line (test commit).
[TargetLowering] Add blank line (test commit)
May 22 2019, 8:59 AM

May 20 2019

kees updated the diff for D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.

Rebasing to monorepo...

May 20 2019, 5:02 PM · Restricted Project

May 18 2019

kees updated the summary of D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.
May 18 2019, 9:40 AM · Restricted Project
kees updated the diff for D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.

Rebased to latest LLVM

May 18 2019, 9:24 AM · Restricted Project

Apr 5 2019

kees accepted D60306: Fix -emit-reloc against local symbols..

I can confirm this fixes the Linux kernel relocation visibility problem I saw. Thank you!

Apr 5 2019, 8:55 AM · Restricted Project

Apr 3 2019

kees added a comment to D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.

Should I respin to make booleans always zero extended? I can adjust the X86 code at the same time...

Apr 3 2019, 4:28 PM · Restricted Project
kees added a comment to D60208: [X86] Extend boolean arguments to inline-asm according to getBooleanType.

For the non-X86 case: https://reviews.llvm.org/D60224

Apr 3 2019, 12:23 PM · Restricted Project
kees added a comment to D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.

For note, this is based on https://reviews.llvm.org/D60208

Apr 3 2019, 12:22 PM · Restricted Project
kees created D60224: [TargetLowering] Extend bool args to inline-asm according to getBooleanType.
Apr 3 2019, 12:20 PM · Restricted Project
kees added a comment to D60208: [X86] Extend boolean arguments to inline-asm according to getBooleanType.

What other target have their own lowering code? (Or, restated, is x86 the only target not using the generic lowering code?)

Apr 3 2019, 11:08 AM · Restricted Project

Feb 6 2019

kees added a comment to D53765: [RFC prototype] Implementation of asm-goto support in LLVM.

I found a weird mis-compilation bug. Not sure if in LLVM or Clang half. Details here: https://reviews.llvm.org/D56571#1386973

Feb 6 2019, 11:16 PM · Restricted Project
kees added a comment to D56571: [RFC prototype] Implementation of asm-goto support in clang.

Not sure if this is the fault of the LLVM half or the Clang half, but I'm seeing mis-compilations in the current patches (llvm ca1e713fdd4fab5273b36ba6f292a844fca4cb2d with D53765.185490 and clang 01879634f01bdbfac4636ebe03b68e85b20cd664 with D56571.185489). My earlier builds were okay (llvm b1650507d25d28a03f30626843b7b133796597b4 with D53765.183738 and clang 61738985ebe78eeff6cfae7f97543d3456bac25a with D56571.181973).

Feb 6 2019, 11:15 PM
kees added a comment to D56571: [RFC prototype] Implementation of asm-goto support in clang.

I reduced the C code to this:

Feb 6 2019, 7:43 AM
kees added a comment to D53765: [RFC prototype] Implementation of asm-goto support in LLVM.

I found a weird mis-compilation bug. Not sure if in LLVM or Clang half. Details here: https://reviews.llvm.org/D56571#1386973

Feb 6 2019, 5:56 AM · Restricted Project
kees added a comment to D56571: [RFC prototype] Implementation of asm-goto support in clang.

Not sure if this is the fault of the LLVM half or the Clang half, but I'm seeing mis-compilations in the current patches (llvm ca1e713fdd4fab5273b36ba6f292a844fca4cb2d with D53765.185490 and clang 01879634f01bdbfac4636ebe03b68e85b20cd664 with D56571.185489). My earlier builds were okay (llvm b1650507d25d28a03f30626843b7b133796597b4 with D53765.183738 and clang 61738985ebe78eeff6cfae7f97543d3456bac25a with D56571.181973).

Feb 6 2019, 5:55 AM