From nobody Thu Nov 30 21:41:45 2023 X-Original-To: hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sh8ly2VKnz52b6X for ; Thu, 30 Nov 2023 21:41:50 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sh8lx1vlgz3XPd for ; Thu, 30 Nov 2023 21:41:49 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=YCguDFHS; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::129 as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org; dmarc=none Received: by mail-il1-x129.google.com with SMTP id e9e14a558f8ab-35ba5e00dc5so4478755ab.1 for ; Thu, 30 Nov 2023 13:41:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1701380507; x=1701985307; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=P2wMFCmiIvs5hc4iveJszlCNJKnei8AelGRsm76Ep/U=; b=YCguDFHS4bi9TtiB1gwGbbvhZp/JKMpT2HwtwsxcfydDYzlXbfs3DsMmTNXzX33JnO xFZyVW8QPMxE9Wl6iMI/qRK3xO3ILBsKJldJ6zbGrVLJc3I9zyuquEnPEurEnEHqh/kC mvoEy0k5CQwVuzKQ0dSKU0MlhXgkGKDZTHDghQ6fBHthu68MXqyXMHs5I/jkvXbzPta4 +3PDes6HddOahxDo6dLa41PsFhKaoXvO9NuIq1azDqg1/gN/pVM7F85yGJ3BvpcZc3Ze MnpSV6pKEtgxHD9AwUvY3Mno78QCGwNYlcPkVJlfTIsV7lYXt0slkaym33xhslhzp0gK CuSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701380507; x=1701985307; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=P2wMFCmiIvs5hc4iveJszlCNJKnei8AelGRsm76Ep/U=; b=qzDfJW3KKMsVqhmwtVLt5pyCCCysxWA58U4snxTqEYHHMQ/0A+d2rQiZdLp5CXE+YC +aHKOF+CMAqNQw48uVyWRowtf0U1S4HERDIYEflHFvy0iiRSAEwvhD2mYXkHpgzNIJwD PJUqOydMA50bOHJSzXeX2iijy6XQg9BsrGVhtZESTtI7zmW4pkQM6HntgaRgn3kwe0as QWVWT9qm9XJUKo8zPLrTGK66mp3O2MEymV+13E7kRGlTLWz3CZ5LiEa9xYVuDRoGi/vU lLPHC/QA7ArkOvMWpzknQAAUttkJJoMpsHi3VYSUxI2HhBaK6FhPMd1rc//FX/GdX5u4 3+AA== X-Gm-Message-State: AOJu0YyVtnCgKxkJ48Kgx40sdcA1sp9BeRKcYsCkwC20p5Kby5XCRilh LxD+Uv6XqQbWdEgpPjhE+mu1/zjS7+v/2KsMbmI= X-Google-Smtp-Source: AGHT+IHy+TDagWb7BxoSQyw4hVW0g69XH4jqdL9YRuY/JdredeAx9Iu0p6KPCFUaEnml4jwYLfU/Rw== X-Received: by 2002:a05:6602:2213:b0:7b3:92f4:f3e9 with SMTP id n19-20020a056602221300b007b392f4f3e9mr18298986ion.21.1701380507601; Thu, 30 Nov 2023 13:41:47 -0800 (PST) Received: from mutt-hbsd (c-73-153-118-59.hsd1.co.comcast.net. [73.153.118.59]) by smtp.gmail.com with ESMTPSA id g26-20020a6b6b1a000000b007b3e24ab4a6sm579468ioc.15.2023.11.30.13.41.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 13:41:46 -0800 (PST) Date: Thu, 30 Nov 2023 14:41:45 -0700 From: Shawn Webb To: sahil patidar Cc: hackers@freebsd.org Subject: Re: kernel control flow integrity (kcfi) Message-ID: <20231130214145.a5hfw4k36yljayoo@mutt-hbsd> X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xvv2wc5gvmtvkyaf" Content-Disposition: inline In-Reply-To: X-Spamd-Result: default: False [-5.10 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MID_RHS_NOT_FQDN(0.50)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MLMMJ_DEST(0.00)[hackers@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::129:from]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_SOME(0.00)[]; DMARC_NA(0.00)[hardenedbsd.org]; PREVIOUSLY_DELIVERED(0.00)[hackers@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4Sh8lx1vlgz3XPd X-Spamd-Bar: ----- --xvv2wc5gvmtvkyaf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 10, 2023 at 11:48:43AM +0530, sahil patidar wrote: > hello Hackers, > I want to work on the Freebsd idealist project KCFI (kernel control > flow integrity), I am new in this community and want to be involved in > the Freebsd community and become a contributor. > so I want to know if this project is already done or if someone is > working on it. > if no one working on this project so how can I start work on this project? > I am interested in compiler or kernel dev. Hey Sahil, For the past few years, I've slowly been working on Cross-DSO CFI in HardenedBSD's base userland. I've recently started looking at applying kCFI to the kernel. When compiling/linking kernel modules with -fsanitize=3Dkcfi, ld.lld emits relocation entries that are not supported by the ELF loader in the kernel. Implementing support for the relocation type R_X86_64_REX_GOTPCRELX would be a good first step. I'm a little unsure what needs to happen after implementing support for that relocation type. But, either way, I'm hoping to find out here soon. :-) I'm pretty early on in my research for kCFI integration. I'm curious if you have made progress and if you have any additional insight. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --xvv2wc5gvmtvkyaf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmVpAZMACgkQ/y5nonf4 4frqeg/6AvYv72c0eC9J4G/v+NPpqtHK1H3Equm49m1W2D3LPD+j0kkLLdcmxUG8 eEwecUqHdakZuH49uD3q/L7T45UHveIkOUpYJyCoooRhPlPcxR0Sb42xD2m1sbsf axwrpmwWLE2uUQAqxBTEyl2cqdGhGiipobyVqI0psIQLh66krip8Z+R2DP1g+qaE IV9VaXQvSiY2YPWdXhv/GxZazeKOr/4Mk2tg4VP/9wejW1ctvFIZOYDNoO98qme4 B0w+vm0LT44mjUyzlhAnD2M0iNEKcQY6g1+1Y+a+8uelwCpywtaVoqd1fAdr2Ls+ 12RiETZsGe2mSjaSsMzAIy36WCPM624THw6tYXrp+vY30I37KvTrNjnthFRPpz9v vAwL3qi1N4Jl3kXFejCznEliiBN55rUJoWhfq0B3yJUVeSicjzoE7AqThI3Kn7KX ExO/jpIlRnuBdwd0GvBmmVl5QWxOr75bV63yLESLwG5AbxihSTUfoQS1Ryj1wW// OzsUWyTvyUXEnEu6IgB7niNlF89hgKj6i6Lo0BYm5nAUJYbNqV0a1hVbQF8FX/Ok olYslsaO6GcT5pPDUhT+/cRkWZys5W1EULqW9JV9JZPCNhz7IAz2LZpelcUDlBo3 9J+nkPboLzFiNA2FuNHc78i9izu9Vd+hEFMk0ly3aQ0o/z3jZ9Y= =1eCE -----END PGP SIGNATURE----- --xvv2wc5gvmtvkyaf--