| Message ID | 20211105145917.2828911-2-ardb@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | static call support for arm64 | expand |
On Fri, Nov 05, 2021 at 03:59:16PM +0100, Ard Biesheuvel wrote: > In order to prevent CFI enabled code from grabbing a jump table entry > that jumps to the trampoline, rather than the trampoline itself, use an > incomplete non-function type for the trampoline, and cast it to the > right type only when invoking it. > > Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Very grudingly: Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> > --- > include/linux/static_call.h | 4 ++-- > include/linux/static_call_types.h | 11 ++++++++--- > 2 files changed, 10 insertions(+), 5 deletions(-) > > diff --git a/include/linux/static_call.h b/include/linux/static_call.h > index 3e56a9751c06..616607393273 100644 > --- a/include/linux/static_call.h > +++ b/include/linux/static_call.h > @@ -151,7 +151,7 @@ extern void arch_static_call_transform(void *site, void *tramp, void *func, bool > > #define static_call_update(name, func) \ > ({ \ > - typeof(&STATIC_CALL_TRAMP(name)) __F = (func); \ > + typeof(&STATIC_CALL_TYPE(name)) __F = (func); \ > __static_call_update(&STATIC_CALL_KEY(name), \ > STATIC_CALL_TRAMP_ADDR(name), __F); \ > }) > @@ -306,7 +306,7 @@ static inline void __static_call_nop(void) { } > void *func = READ_ONCE(STATIC_CALL_KEY(name).func); \ > if (!func) \ > func = &__static_call_nop; \ > - (typeof(STATIC_CALL_TRAMP(name))*)func; \ > + (typeof(&STATIC_CALL_TYPE(name)))func; \ > }) > > #define static_call_cond(name) (void)__static_call_cond(name) > diff --git a/include/linux/static_call_types.h b/include/linux/static_call_types.h > index 5a00b8b2cf9f..5e658ef537e4 100644 > --- a/include/linux/static_call_types.h > +++ b/include/linux/static_call_types.h > @@ -18,6 +18,9 @@ > #define STATIC_CALL_TRAMP(name) __PASTE(STATIC_CALL_TRAMP_PREFIX, name) > #define STATIC_CALL_TRAMP_STR(name) __stringify(STATIC_CALL_TRAMP(name)) > > +#define STATIC_CALL_TYPE_PREFIX __SCtype__ > +#define STATIC_CALL_TYPE(name) __PASTE(STATIC_CALL_TYPE_PREFIX, name) > + > /* > * Flags in the low bits of static_call_site::key. > */ > @@ -36,11 +39,13 @@ struct static_call_site { > > #define DECLARE_STATIC_CALL(name, func) \ > extern struct static_call_key STATIC_CALL_KEY(name); \ > - extern typeof(func) STATIC_CALL_TRAMP(name); > + extern struct static_call_tramp STATIC_CALL_TRAMP(name); \ > + extern typeof(func) STATIC_CALL_TYPE(name) > > #ifdef CONFIG_HAVE_STATIC_CALL > > -#define __raw_static_call(name) (&STATIC_CALL_TRAMP(name)) > +#define __raw_static_call(name) \ > + ((typeof(&STATIC_CALL_TYPE(name)))&STATIC_CALL_TRAMP(name)) > > #ifdef CONFIG_HAVE_STATIC_CALL_INLINE > > @@ -96,7 +101,7 @@ struct static_call_key { > }; > > #define static_call(name) \ > - ((typeof(STATIC_CALL_TRAMP(name))*)(STATIC_CALL_KEY(name).func)) > + ((typeof(&STATIC_CALL_TYPE(name)))(STATIC_CALL_KEY(name).func)) > > #endif /* CONFIG_HAVE_STATIC_CALL */ > > -- > 2.30.2 >
diff --git a/include/linux/static_call.h b/include/linux/static_call.h index 3e56a9751c06..616607393273 100644 --- a/include/linux/static_call.h +++ b/include/linux/static_call.h @@ -151,7 +151,7 @@ extern void arch_static_call_transform(void *site, void *tramp, void *func, bool #define static_call_update(name, func) \ ({ \ - typeof(&STATIC_CALL_TRAMP(name)) __F = (func); \ + typeof(&STATIC_CALL_TYPE(name)) __F = (func); \ __static_call_update(&STATIC_CALL_KEY(name), \ STATIC_CALL_TRAMP_ADDR(name), __F); \ }) @@ -306,7 +306,7 @@ static inline void __static_call_nop(void) { } void *func = READ_ONCE(STATIC_CALL_KEY(name).func); \ if (!func) \ func = &__static_call_nop; \ - (typeof(STATIC_CALL_TRAMP(name))*)func; \ + (typeof(&STATIC_CALL_TYPE(name)))func; \ }) #define static_call_cond(name) (void)__static_call_cond(name) diff --git a/include/linux/static_call_types.h b/include/linux/static_call_types.h index 5a00b8b2cf9f..5e658ef537e4 100644 --- a/include/linux/static_call_types.h +++ b/include/linux/static_call_types.h @@ -18,6 +18,9 @@ #define STATIC_CALL_TRAMP(name) __PASTE(STATIC_CALL_TRAMP_PREFIX, name) #define STATIC_CALL_TRAMP_STR(name) __stringify(STATIC_CALL_TRAMP(name)) +#define STATIC_CALL_TYPE_PREFIX __SCtype__ +#define STATIC_CALL_TYPE(name) __PASTE(STATIC_CALL_TYPE_PREFIX, name) + /* * Flags in the low bits of static_call_site::key. */ @@ -36,11 +39,13 @@ struct static_call_site { #define DECLARE_STATIC_CALL(name, func) \ extern struct static_call_key STATIC_CALL_KEY(name); \ - extern typeof(func) STATIC_CALL_TRAMP(name); + extern struct static_call_tramp STATIC_CALL_TRAMP(name); \ + extern typeof(func) STATIC_CALL_TYPE(name) #ifdef CONFIG_HAVE_STATIC_CALL -#define __raw_static_call(name) (&STATIC_CALL_TRAMP(name)) +#define __raw_static_call(name) \ + ((typeof(&STATIC_CALL_TYPE(name)))&STATIC_CALL_TRAMP(name)) #ifdef CONFIG_HAVE_STATIC_CALL_INLINE @@ -96,7 +101,7 @@ struct static_call_key { }; #define static_call(name) \ - ((typeof(STATIC_CALL_TRAMP(name))*)(STATIC_CALL_KEY(name).func)) + ((typeof(&STATIC_CALL_TYPE(name)))(STATIC_CALL_KEY(name).func)) #endif /* CONFIG_HAVE_STATIC_CALL */
In order to prevent CFI enabled code from grabbing a jump table entry that jumps to the trampoline, rather than the trampoline itself, use an incomplete non-function type for the trampoline, and cast it to the right type only when invoking it. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> --- include/linux/static_call.h | 4 ++-- include/linux/static_call_types.h | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-)