From patchwork Fri Jun 10 23:34:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Sami Tolvanen <samitolvanen@google.com>
X-Patchwork-Id: 12878200
Return-Path: 
 <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9E0D5C433EF
	for <linux-arm-kernel@archiver.kernel.org>;
 Fri, 10 Jun 2022 23:38:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References:
	Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Owner;
	bh=nW/NqoqvFlz9dFcVwSip35t4GbpQsnLpWv8mBYZI7rQ=; b=pR3sWbBJKMyfbglocZ0TUHhY0t
	lGNILG9sX4/KvAj6SlvJU6CZ+fhew26PGCfifUHNxMqMNoGpaZYv1X6mSA8qSMUkspMFkQAwBG/ms
	3i4wRxXKlK2lHOPIPDzoeE3lNfgBsAu52hUW84Byg51Qvk9O0FVUz9+G3iILOYlGytvVG+Z/6ALxu
	nF1pw6Z0IgIG7+S7C/LLn5bibBxRcc75cVLF7cZbOXbBBM31XmuqyAmXYseb2x8UkauNhOQ26x/3G
	WkKk1IcMQupvDfwKIk7mrVZTlF3cCI4740Y+mcdp0WCrXubRiYr7JwOAIsatQIf0eeQPZTqY8NXPg
	nPCMq2nQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nzoBa-00ARgG-LX; Fri, 10 Jun 2022 23:37:03 +0000
Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a])
	by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nzoA7-00AQsN-Cj
	for linux-arm-kernel@lists.infradead.org; Fri, 10 Jun 2022 23:35:32 +0000
Received: by mail-yw1-x114a.google.com with SMTP id
 00721157ae682-31384ac6813so6156177b3.8
        for <linux-arm-kernel@lists.infradead.org>;
 Fri, 10 Jun 2022 16:35:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=VtFj7Vd8iwc9aJC7agWcINnamQLCLqRTsZqQ1uLXLKE=;
        b=jYgx5aDbAXUdckbjfxHM6VjMlcQuhrZKNTnRn5oFv7YtvkjdDrt08K3br1BBkOgL8v
         hfIm0f+dL7y34o6vl5M2Jp1QVRrM8quCpZJWTyScrlMqWapTMjzKYbkaRBiz7wxw47Uj
         kAOSPLVojhIRsvNffTalKGOoBh/GAP1xDBC8GzzTTlMd20vGAKd0wVTBrFoVnFVuQXZi
         abMqGSOEp1V5iFY0BMyr2jmzrQO4DyQN+R5p0gG7uuuhhjBxyoSCQgcWZkbk3n6b1gZE
         nSb/cMuXEELRlddvzIye3yNQrpLfr0IkI7tbEiKtCTwllqpUHAQwhXI8Qmr/gE5KUcs3
         BFhA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=VtFj7Vd8iwc9aJC7agWcINnamQLCLqRTsZqQ1uLXLKE=;
        b=aOyXB7aa8aRdeLaqdXn0gFexb5lLeq8tmrKstMVd/QdXm48RvcUtSld8DXsKjOlxLu
         coAIbOzsOIE8XtJTYdW7psHFI9i4Yi1MB0quNQFTrF4nEtTeMY0/SdS/mBK2v6OEILuG
         6x28XGFXdDRxwm1kw0cPMRFNnRCBMruOQMyln85ITIEuy4uyFZmfzys/61VyX/vdrFOU
         E45ip8YIL5VB4ELx+eeIlDewLP8VfibsZF7h/XuokoOZlzKqlmv2V0kvOECD2yNZHJ15
         lXVhuTgANosUHjRVQ2yGqI5wb7rwu8W3Zf0LglwbkIYPzXInJqEGcU8eGEzLiceXPowL
         ZYVg==
X-Gm-Message-State: AOAM533lMMCjemIV0Rf7Xgitppdukl8nzHnyXFoSbvjFaa/fP09MeCAH
	dY/7pbXXULD32YztGEgTTSiilNoFtiSm9a0rOCw=
X-Google-Smtp-Source: 
 ABdhPJxPJe/R9hy4gXctM+ZmC5RqiftonDv7jq985Ji7NGmV6YePfVEI2vK+OgM/En62caw8kWQTe3zLaVkzaIsywZ4=
X-Received: from samitolvanen1.mtv.corp.google.com
 ([2620:15c:201:2:f464:6db6:3d47:ed14])
 (user=samitolvanen job=sendgmr) by 2002:a25:a286:0:b0:664:862a:f693 with SMTP
 id c6-20020a25a286000000b00664862af693mr271374ybi.389.1654904129740; Fri, 10
 Jun 2022 16:35:29 -0700 (PDT)
Date: Fri, 10 Jun 2022 16:34:59 -0700
In-Reply-To: <20220610233513.1798771-1-samitolvanen@google.com>
Message-Id: <20220610233513.1798771-7-samitolvanen@google.com>
Mime-Version: 1.0
References: <20220610233513.1798771-1-samitolvanen@google.com>
X-Developer-Key: i=samitolvanen@google.com; a=openpgp;
 fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE
X-Developer-Signature: v=1; a=openpgp-sha256; l=3855; h=from:subject;
 bh=vJjTKDDovIqbimAL5v+Qu72XUGMoBkbINCB1joYMPKU=;
 b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBio9UtLp/lk9levVOrHA5IEoT7UV9n0C0LMo0gZcI3
 HWSej++JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYqPVLQAKCRBMtfaEi7xW7olJC/
 4n+gkrmT90LKCtkM3/knA9+abm9t9xP3/1RUuxJvS9V60qXooFQTKSlMGg37XsKAmX1RRl4xQ4t6L7
 +Gf/rrhzvSxxa3zaQ/VeRelaVcaclvu6sAe+ye6jMb5MsOvcfGoEBsERiMDz4l2wPcJg2Ku6cVplDG
 r/CJTX82Jq62hFxoqZEBa77YE68NpCdInUGaZrNAZeiTX8fTqOMHfvVNa7WFSzujZkU2clKPoT7HDs
 wFlBg8gIg53vBFUUfUsTYKkOg/sV74bzgiJSHKgURb9CvFc+RNvshiuVnpkbScU2sK/Jk9yibau77o
 B6f0gD5lbJNCgBT9f1NV6xd4/XEaCfBT2sYRe5KHccSMOhzTeccUmvDxjQAHpIhQRrJuiQ5tZuDoXr
 7b/UJsODWukDlXOS8gUEcl/PIaSZXbwk4XABYtgMgy5+98B4le7Vzs83C4j3FcyWb9GbJbxmSWRpPg
 KeWddzgJvIAIRm3RIJdXttUz9haWOi0ujsH+TkDI/OcHQ=
X-Mailer: git-send-email 2.36.1.476.g0c4daa206d-goog
Subject: [RFC PATCH v3 06/20] cfi: Add type helper macros
From: Sami Tolvanen <samitolvanen@google.com>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>, Josh Poimboeuf <jpoimboe@redhat.com>,
	Peter Zijlstra <peterz@infradead.org>, x86@kernel.org,
	Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>, Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
 Joao Moreira <joao@overdrivepizza.com>,
	Sedat Dilek <sedat.dilek@gmail.com>, Steven Rostedt <rostedt@goodmis.org>,
	linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org,
	llvm@lists.linux.dev, Sami Tolvanen <samitolvanen@google.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220610_163531_479323_02046ACC 
X-CRM114-Status: GOOD (  17.42  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

With CONFIG_CFI_CLANG, assembly functions called indirectly
from C code must be annotated with type identifiers to pass CFI
checking.  In order to make this easier, the compiler emits a
__kcfi_typeid_<function> symbol for each address-taken function
declaration in C, which contains the expected type identifier that
we can refer to in assembly code.

Add typed versions of SYM_FUNC_START and SYM_FUNC_START_ALIAS, which
emit the type identifier before the function. Architectures that
support KCFI can define their own __CFI_TYPE macro to override the
default preamble format.

As an example, for the x86_64 blowfish_dec_blk function, the
compiler emits the following type symbol:

$ readelf -sW vmlinux | grep __kcfi_typeid_blowfish_dec_blk
121794: ffffffffef478db5     0 NOTYPE  WEAK   DEFAULT   ABS
	__kcfi_typeid_blowfish_dec_blk

And SYM_FUNC_START will generate the following preamble based on
the __CFI_TYPE definition for the architecture:

$ objdump -dr arch/x86/crypto/blowfish-x86_64-asm_64.o
     ...
00000000000003f7 <__cfi_blowfish_dec_blk>:
     3f7:       cc                      int3
     3f8:       cc                      int3
     3f9:       8b 04 25 00 00 00 00    mov    0x0,%eax
                        3fc: R_X86_64_32S __kcfi_typeid_blowfish_dec_blk
     400:       cc                      int3
     401:       cc                      int3

0000000000000402 <blowfish_dec_blk>:
     ...

Note that the address of all assembly functions annotated with
SYM_FUNC_START* must be taken in C code that's linked into the
binary or the missing __kcfi_typeid_ symbol will result in a linker
error with CONFIG_CFI_CLANG. If the code that contains the indirect
call is not always compiled in, __ADDRESSABLE(functionname) can be
used to ensure that the __kcfi_typeid_ symbol is emitted.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 include/linux/cfi_types.h | 57 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 include/linux/cfi_types.h

diff --git a/include/linux/cfi_types.h b/include/linux/cfi_types.h
new file mode 100644
index 000000000000..dd16e755a197
--- /dev/null
+++ b/include/linux/cfi_types.h
@@ -0,0 +1,57 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Clang Control Flow Integrity (CFI) type definitions.
+ */
+#ifndef _LINUX_CFI_TYPES_H
+#define _LINUX_CFI_TYPES_H
+
+#ifdef CONFIG_CFI_CLANG
+#include <linux/linkage.h>
+
+#ifdef __ASSEMBLY__
+/*
+ * Use the __kcfi_typeid_<function> type identifier symbol to
+ * annotate indirectly called assembly functions. The compiler emits
+ * these symbols for all address-taken function declarations in C
+ * code.
+ */
+#ifndef __CFI_TYPE
+#define __CFI_TYPE(name)				\
+	.4byte __kcfi_typeid_##name
+#endif
+
+#define SYM_TYPED_ENTRY(name, fname, linkage, align...)	\
+	linkage(name) ASM_NL				\
+	align ASM_NL					\
+	__CFI_TYPE(fname) ASM_NL			\
+	name:
+
+#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \
+	SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN)
+
+#define __SYM_TYPED_FUNC_START(name, fname) \
+	SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN)
+
+#endif /* __ASSEMBLY__ */
+
+#else /* CONFIG_CFI_CLANG */
+
+#ifdef __ASSEMBLY__
+#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \
+	SYM_FUNC_START_ALIAS(name)
+
+#define __SYM_TYPED_FUNC_START(name, fname) \
+	SYM_FUNC_START(name)
+#endif /* __ASSEMBLY__ */
+
+#endif /* CONFIG_CFI_CLANG */
+
+#ifdef __ASSEMBLY__
+#define SYM_TYPED_FUNC_START_ALIAS(name) \
+	__SYM_TYPED_FUNC_START_ALIAS(name, name)
+
+#define SYM_TYPED_FUNC_START(name) \
+	__SYM_TYPED_FUNC_START(name, name)
+#endif /* __ASSEMBLY__ */
+
+#endif /* _LINUX_CFI_TYPES_H */