[v5,05/15] tracepoint: Exclude tp_stub_func from CFI checking

Commit Message

Sami Tolvanen Oct. 13, 2021, 6:16 p.m. UTC

If allocate_probes fails, func_remove replaces the old function
with a pointer to tp_stub_func, which is called using a mismatching
function pointer that will always trip indirect call checks with
CONFIG_CFI_CLANG. Use DEFINE_CFI_IMMEDATE_RETURN_STUB to define
tp_stub_func to allow it to pass CFI checking.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Nick Desaulniers <ndesaulniers@google.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
---
 kernel/tracepoint.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comments

Kees Cook Oct. 13, 2021, 7:03 p.m. UTC | #1

On Wed, Oct 13, 2021 at 11:16:48AM -0700, Sami Tolvanen wrote:
> If allocate_probes fails, func_remove replaces the old function
> with a pointer to tp_stub_func, which is called using a mismatching
> function pointer that will always trip indirect call checks with
> CONFIG_CFI_CLANG. Use DEFINE_CFI_IMMEDATE_RETURN_STUB to define
> tp_stub_func to allow it to pass CFI checking.
> 
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>

Reviewed-by: Kees Cook <keescook@chromium.org>

Steven Rostedt Oct. 13, 2021, 7:20 p.m. UTC | #2

On Wed, 13 Oct 2021 11:16:48 -0700
Sami Tolvanen <samitolvanen@google.com> wrote:

> If allocate_probes fails, func_remove replaces the old function
> with a pointer to tp_stub_func, which is called using a mismatching
> function pointer that will always trip indirect call checks with
> CONFIG_CFI_CLANG. Use DEFINE_CFI_IMMEDATE_RETURN_STUB to define
> tp_stub_func to allow it to pass CFI checking.
> 
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> Tested-by: Nick Desaulniers <ndesaulniers@google.com>
> Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
> ---
>  kernel/tracepoint.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c
> index 64ea283f2f86..8a0d463c8507 100644
> --- a/kernel/tracepoint.c
> +++ b/kernel/tracepoint.c
> @@ -9,6 +9,7 @@
>  #include <linux/list.h>
>  #include <linux/rcupdate.h>
>  #include <linux/tracepoint.h>
> +#include <linux/cfi.h>
>  #include <linux/err.h>
>  #include <linux/slab.h>
>  #include <linux/sched/signal.h>
> @@ -99,10 +100,7 @@ struct tp_probes {
>  };
>  
>  /* Called in removal of a func but failed to allocate a new tp_funcs */
> -static void tp_stub_func(void)
> -{
> -	return;
> -}
> +static DEFINE_CFI_IMMEDIATE_RETURN_STUB(tp_stub_func);

Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

-- Steve

>  
>  static inline void *allocate_probes(int count)
>  {

Patch

diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c
index 64ea283f2f86..8a0d463c8507 100644
--- a/kernel/tracepoint.c
+++ b/kernel/tracepoint.c
@@ -9,6 +9,7 @@ 
 #include <linux/list.h>
 #include <linux/rcupdate.h>
 #include <linux/tracepoint.h>
+#include <linux/cfi.h>
 #include <linux/err.h>
 #include <linux/slab.h>
 #include <linux/sched/signal.h>
@@ -99,10 +100,7 @@  struct tp_probes {
 };
 
 /* Called in removal of a func but failed to allocate a new tp_funcs */
-static void tp_stub_func(void)
-{
-	return;
-}
+static DEFINE_CFI_IMMEDIATE_RETURN_STUB(tp_stub_func);
 
 static inline void *allocate_probes(int count)
 {