From patchwork Fri May 13 20:21:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 211A6C433EF for ; Fri, 13 May 2022 20:35:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=FMUeTK4JW7RvYkE4z8Yl+kemI/5mzrCRaPvtdDtoiRw=; b=rRlSqChsHRIF1QvQKdj/wY2zp3 dFrC2U9GB3XUlFYMziAgWU95JmpObpM9eKwUY9mniYKwjpoeu9ZEvyNWn5NxZUbfIKIM7YXNVJYlK xJ+fMho2ShIQ13bX9qYtUUTNOUHX9IW0IKFCRI/yPo5l8C1iwtQQJ2HHeD34qmeoq7I/yTZSQMMyA n+jZ9BWWevHQ0Ry2D0X9dJ71DiCiI5QfCNM+INUsZ8ZfF9K1YpB51sYvePmXGcecApwdXL8n9U7Ru T/SXtI5/dqvC8ETIgb89s624jh1w/WruV3MhC7OiEQHFhFrKk1zibxFncojImc9Hu5EJcM9Mp5rv6 xiJw6rCw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbyk-00HXAl-KF; Fri, 13 May 2022 20:33:39 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboZ-00HRhR-Rf for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=F7/EuKDqNIRpl9cuxgWt3S67o/ HYe+w3fELtMtAA2ww5OCcm40gRYhT5y5+jn4suxhwsmYGWKkqeSzsyktwLNgSd4IqItwL6YdlmHLu WTayXyRozSFi+cZ1ub9XESnuTNi0ESQDLl9+7YZ9QyiTUDZo/XBy2h+YQHGOtchQ+gAAOm17+kFb7 M9sD5L/RBU79iQ0AP97NgKVSLKLXIPneRhrI66aNg40AtYGpuaGkHJKY2XKun/1NDI+XAwdqGKssX EZfIUews2At4OlIcqe3bp182OP5ejl3vkVTiCCj47BvrWcp9nrfJ+MRF6eqjgYSb8sHBv+HhwaBxx Jluc7NVg==; Received: from mail-pg1-x549.google.com ([2607:f8b0:4864:20::549]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbo0-0006Ey-SM for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:54 +0000 Received: by mail-pg1-x549.google.com with SMTP id q13-20020a638c4d000000b003821725ad66so4650474pgn.23 for ; Fri, 13 May 2022 13:22:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=MESMouEFY2G4SFqcafmefQWoFCP7ps3QB1tZ46af/jtYe6cn5zcxOwxTwft4N8E1NQ +UuIHuj5VEcDhbnPdN1c0OsP0m7BBsr8MIip1QKYnYg6zeoMy088Pl9eVtEl5uK0saGo XtR42j6pIymFijnyo6XcDzAed95J3W7UJ8IviGf6zqWy//NvXfkBj+GJVwnuCt9lcOFH Z4nLVMl3mKjxxgvlkFCBZewyyE5+nMu5wsw21EWC3AA96x/4tIfvIZsY75Roh12akrho avQ626Wx3RZtmrx/IEAGQSI1UB2H2FZgt4JgCTLLjEpfu6Qdx7RMgQixkMV7q4jIt2ca yN7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=lgA2+/sDwPeTej5yY39j0OyVT8TxrJRGeqy5Grp2qDLtoeM/wpi9T0g5G15orGM5j0 aewUVL2VhGMF87tHSeIyCbXaSZJ/dCD9wsKWLGr9JXJsGxOvEwiMmFNWH/Z9yAY2ekzR ue0Lc0ZEcoYdzajwdwXXBJtKpW913r0iNsQKmzwrUgFZJTbTdaXq0Jk1ZMyJQUAETKjZ R2TcS4ZoStAu7+yLci/ALcrHtoB/q8t+pS00l24tzuvJdYpueLLtSiaSpB4D4WCGixB0 QAD2/bLiZKl6bHarFB+E04pDhDcpadNhIWfH7DP6atIHEDYFly2sJPyKyLLqxbqi1UkR Dmnw== X-Gm-Message-State: AOAM5320kFdoQJA9TrA3zqV6tPBXLt7eVIsH3e3oLz4FNM23uBM5d3Ua qL+MVkduHcafXRRaefSh9ihJt3lS8gn1KSBGn3I= X-Google-Smtp-Source: ABdhPJwfcFjFJSZbXy4dFXWlYx0UTPoVmJGQDFAqlwZxMLFtphKEHH2VS3sWnVMuhcTFKwv+pj6ccI88tY8WuVvcx7E= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:aa7:88d1:0:b0:510:3ee2:3f25 with SMTP id k17-20020aa788d1000000b005103ee23f25mr6048858pff.41.1652473338024; Fri, 13 May 2022 13:22:18 -0700 (PDT) Date: Fri, 13 May 2022 13:21:45 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2369; h=from:subject; bh=TboG0ryIg4JgbMTsV2OXgx0SX/UFOnu1UldMJxVt8Po=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j4WY4BkbqYI6dC/ZfJbPOV8T4fFdqndEpsBM/ hV5fbI2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7gMxC/ 4pxFRx4HmL+KUme/ZjGLLUnoT9FbQCcyon3/8qR0GI2jddZNW3zIDnAihW+p9AayVGcFBw/cucqeD6 aXfUmw4i5Efc8tn7VJtIfgwBMJEeT97CO0koKO1cJfqhLgyPXQDEp5x3qbmJIPEvXkFbMwd9T0no37 HPRxilpeC2rxuO4N07WfXvHHMyvz873twQyminhgkImNDn8LWrzNZD2TYLXYTmCSbYCFGu5tXSDEhw ZHK28QweaPZFMYbk0wN8AvV4LKrTN0/LJoOuYP485lixfm/DeCd/25TzV57VDBt4ZfW/VlEHh4RkgX cFHax638u12jlXDQHJK2SS7MLmlojw27IhKgnEszme11T0yFry4yEqhhcfa1m4PMtHA6DBWFAZjYwA CCw/0R+hbTncTA8X3SMH0fWDvX+13ZsaiGA+rH7eLAG+M6F+T6JF6K+96BK3G6xvoablbMV270wlb8 +GZCYAV3P1rotvaWrcFV5saGNcr9RR12T6hfVDEQ+LtAA= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 07/21] cfi: Add type helper macros From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212246_395361_7AE0F823 X-CRM114-Status: GOOD ( 14.12 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions called indirectly from C code must be annotated with type identifiers to pass CFI checking. The compiler emits a __kcfi_typeid_ symbol for each address-taken function declaration in C, which contains the expected type identifier. Add typed versions of SYM_FUNC_START and SYM_FUNC_START_ALIAS, which emit the type identifier before the function. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/cfi_types.h | 57 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 include/linux/cfi_types.h diff --git a/include/linux/cfi_types.h b/include/linux/cfi_types.h new file mode 100644 index 000000000000..dd16e755a197 --- /dev/null +++ b/include/linux/cfi_types.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Clang Control Flow Integrity (CFI) type definitions. + */ +#ifndef _LINUX_CFI_TYPES_H +#define _LINUX_CFI_TYPES_H + +#ifdef CONFIG_CFI_CLANG +#include + +#ifdef __ASSEMBLY__ +/* + * Use the __kcfi_typeid_ type identifier symbol to + * annotate indirectly called assembly functions. The compiler emits + * these symbols for all address-taken function declarations in C + * code. + */ +#ifndef __CFI_TYPE +#define __CFI_TYPE(name) \ + .4byte __kcfi_typeid_##name +#endif + +#define SYM_TYPED_ENTRY(name, fname, linkage, align...) \ + linkage(name) ASM_NL \ + align ASM_NL \ + __CFI_TYPE(fname) ASM_NL \ + name: + +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#endif /* __ASSEMBLY__ */ + +#else /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_FUNC_START_ALIAS(name) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_FUNC_START(name) +#endif /* __ASSEMBLY__ */ + +#endif /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define SYM_TYPED_FUNC_START_ALIAS(name) \ + __SYM_TYPED_FUNC_START_ALIAS(name, name) + +#define SYM_TYPED_FUNC_START(name) \ + __SYM_TYPED_FUNC_START(name, name) +#endif /* __ASSEMBLY__ */ + +#endif /* _LINUX_CFI_TYPES_H */