mbox series

[0/2] bpf: Build with -Wcast-function-type

Message ID 20210927182700.2980499-1-keescook@chromium.org (mailing list archive)
Headers show
Series bpf: Build with -Wcast-function-type | expand

Message

Kees Cook Sept. 27, 2021, 6:26 p.m. UTC
Hi,

In order to keep ahead of cases in the kernel where Control Flow Integrity
(CFI) may trip over function call casts, enabling -Wcast-function-type
is helpful. To that end, replace BPF_CAST_CALL() as it triggers warnings
with this option and is now one of the last places in the kernel in need
of fixing.

Thanks,

-Kees

Kees Cook (2):
  bpf: Replace "want address" users of BPF_CAST_CALL with BPF_CALL_IMM
  bpf: Replace callers of BPF_CAST_CALL with proper function typedef

 include/linux/bpf.h    |  4 +++-
 include/linux/filter.h |  7 +++----
 kernel/bpf/arraymap.c  |  7 +++----
 kernel/bpf/hashtab.c   | 13 ++++++-------
 kernel/bpf/helpers.c   |  5 ++---
 kernel/bpf/verifier.c  | 26 +++++++++-----------------
 6 files changed, 26 insertions(+), 36 deletions(-)

Comments

Andrii Nakryiko Sept. 28, 2021, 5:24 a.m. UTC | #1
On Mon, Sep 27, 2021 at 11:27 AM Kees Cook <keescook@chromium.org> wrote:
>
> Hi,
>
> In order to keep ahead of cases in the kernel where Control Flow Integrity
> (CFI) may trip over function call casts, enabling -Wcast-function-type
> is helpful. To that end, replace BPF_CAST_CALL() as it triggers warnings
> with this option and is now one of the last places in the kernel in need
> of fixing.
>
> Thanks,
>
> -Kees
>
> Kees Cook (2):
>   bpf: Replace "want address" users of BPF_CAST_CALL with BPF_CALL_IMM
>   bpf: Replace callers of BPF_CAST_CALL with proper function typedef
>

Both patches look good to me. For the series:

Acked-by: Andrii Nakryiko <andrii@kernel.org>

>  include/linux/bpf.h    |  4 +++-
>  include/linux/filter.h |  7 +++----
>  kernel/bpf/arraymap.c  |  7 +++----
>  kernel/bpf/hashtab.c   | 13 ++++++-------
>  kernel/bpf/helpers.c   |  5 ++---
>  kernel/bpf/verifier.c  | 26 +++++++++-----------------
>  6 files changed, 26 insertions(+), 36 deletions(-)
>
> --
> 2.30.2
>
Alexei Starovoitov Sept. 28, 2021, 9:12 p.m. UTC | #2
On Mon, Sep 27, 2021 at 10:24 PM Andrii Nakryiko
<andrii.nakryiko@gmail.com> wrote:
>
> On Mon, Sep 27, 2021 at 11:27 AM Kees Cook <keescook@chromium.org> wrote:
> >
> > Hi,
> >
> > In order to keep ahead of cases in the kernel where Control Flow Integrity
> > (CFI) may trip over function call casts, enabling -Wcast-function-type
> > is helpful. To that end, replace BPF_CAST_CALL() as it triggers warnings
> > with this option and is now one of the last places in the kernel in need
> > of fixing.
> >
> > Thanks,
> >
> > -Kees
> >
> > Kees Cook (2):
> >   bpf: Replace "want address" users of BPF_CAST_CALL with BPF_CALL_IMM
> >   bpf: Replace callers of BPF_CAST_CALL with proper function typedef
> >
>
> Both patches look good to me. For the series:
>
> Acked-by: Andrii Nakryiko <andrii@kernel.org>

It needs a rebase to bpf-next:
In file included from ../lib/test_bpf.c:12:
../lib/test_bpf.c: In function ‘prepare_tail_call_tests’:
../lib/test_bpf.c:12442:27: error: implicit declaration of function
‘BPF_CAST_CALL’; did you mean ‘BPF_EMIT_CALL’?
[-Werror=implicit-function-declaration]
     *insn = BPF_EMIT_CALL(BPF_CAST_CALL(addr));

Please mark the patches as [PATCH bpf-next v2] to help CI pick the right tree.