| Message ID | 20220630094646.91837-2-haibo.li@mediatek.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ANDROID: cfi:free old cfi shadow asynchronously | expand |
On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@mediatek.com> wrote: > > currenly,cfi.c is excluded from cfi sanitize because of cfi handler. > The side effect is that we can not transfer function pointer to > other files which enable cfi sanitize. > > Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag > > Signed-off-by: Haibo Li <haibo.li@mediatek.com> > Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com> > --- > kernel/Makefile | 3 --- > kernel/cfi.c | 8 +++++++- > 2 files changed, 7 insertions(+), 4 deletions(-) > > diff --git a/kernel/Makefile b/kernel/Makefile > index a7e1f49ab2b3..a997bef1a200 100644 > --- a/kernel/Makefile > +++ b/kernel/Makefile > @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n > UBSAN_SANITIZE_kcov.o := n > CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector > > -# Don't instrument error handlers > -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI) > - > obj-y += sched/ > obj-y += locking/ > obj-y += power/ > diff --git a/kernel/cfi.c b/kernel/cfi.c > index 08102d19ec15..456771c8e454 100644 > --- a/kernel/cfi.c > +++ b/kernel/cfi.c > @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr) > return fn; > } > > -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) > +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag) > { > cfi_check_fn fn = find_check_fn((unsigned long)ptr); > > @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) > else /* Don't allow unchecked modules */ > handle_cfi_failure(ptr); > } > + > +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag) > +{ > + /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/ > + _run_cfi_check(id, ptr, diag); > +} > EXPORT_SYMBOL(__cfi_slowpath_diag); You can just add __nocfi to __cfi_slowpath_diag, right? There's no need for the separate function. Sami
> On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@mediatek.com> wrote: > > > > currenly,cfi.c is excluded from cfi sanitize because of cfi handler. > > The side effect is that we can not transfer function pointer to other > > files which enable cfi sanitize. > > > > Enable cfi sanitize for cfi.c and bypass cfi check for > > __cfi_slowpath_diag > > > > Signed-off-by: Haibo Li <haibo.li@mediatek.com> > > Signed-off-by: Lecopzer Chen <lecopzer.chen@mediatek.com> > > --- > > kernel/Makefile | 3 --- > > kernel/cfi.c | 8 +++++++- > > 2 files changed, 7 insertions(+), 4 deletions(-) > > > > diff --git a/kernel/Makefile b/kernel/Makefile index > > a7e1f49ab2b3..a997bef1a200 100644 > > --- a/kernel/Makefile > > +++ b/kernel/Makefile > > @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n > UBSAN_SANITIZE_kcov.o := > > n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) > > -fno-stack-protector > > > > -# Don't instrument error handlers > > -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI) > > - > > obj-y += sched/ > > obj-y += locking/ > > obj-y += power/ > > diff --git a/kernel/cfi.c b/kernel/cfi.c index > > 08102d19ec15..456771c8e454 100644 > > --- a/kernel/cfi.c > > +++ b/kernel/cfi.c > > @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned > long ptr) > > return fn; > > } > > > > -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) > > +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void > > +*diag) > > { > > cfi_check_fn fn = find_check_fn((unsigned long)ptr); > > > > @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, > void *diag) > > else /* Don't allow unchecked modules */ > > handle_cfi_failure(ptr); } > > + > > +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag) { > > + /*run cfi check without cfi sanitize to avoid calling cfi handler > recursively*/ > > + _run_cfi_check(id, ptr, diag); } > > EXPORT_SYMBOL(__cfi_slowpath_diag); > > You can just add __nocfi to __cfi_slowpath_diag, right? There's no need for the > separate function. You are right.Now there is no requirement for constant crc of __cfi_slowpath_diag. I will change it later.
diff --git a/kernel/Makefile b/kernel/Makefile index a7e1f49ab2b3..a997bef1a200 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n UBSAN_SANITIZE_kcov.o := n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector -# Don't instrument error handlers -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI) - obj-y += sched/ obj-y += locking/ obj-y += power/ diff --git a/kernel/cfi.c b/kernel/cfi.c index 08102d19ec15..456771c8e454 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr) return fn; } -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag) { cfi_check_fn fn = find_check_fn((unsigned long)ptr); @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) else /* Don't allow unchecked modules */ handle_cfi_failure(ptr); } + +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag) +{ + /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/ + _run_cfi_check(id, ptr, diag); +} EXPORT_SYMBOL(__cfi_slowpath_diag); #else /* !CONFIG_MODULES */