[v3,11/17] psci: use __pa_function for cpu_resume

Message ID	20210323203946.2159693-12-samitolvanen@google.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <linux-pci-owner@kernel.org> Date: Tue, 23 Mar 2021 13:39:40 -0700 In-Reply-To: <20210323203946.2159693-1-samitolvanen@google.com> Message-Id: <20210323203946.2159693-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20210323203946.2159693-1-samitolvanen@google.com> Subject: [PATCH v3 11/17] psci: use __pa_function for cpu_resume From: Sami Tolvanen <samitolvanen@google.com> To: Kees Cook <keescook@chromium.org> Cc: Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Masahiro Yamada <masahiroy@kernel.org>, Will Deacon <will@kernel.org>, Jessica Yu <jeyu@kernel.org>, Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>, "Paul E. McKenney" <paulmck@kernel.org>, Christoph Hellwig <hch@infradead.org>, Peter Zijlstra <peterz@infradead.org>, bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, Sami Tolvanen <samitolvanen@google.com> Content-Type: text/plain; charset="UTF-8" Precedence: bulk
Series	Add support for Clang CFI \| expand [v3,00/17] Add support for Clang CFI [v3,01/17] add support for Clang CFI [v3,02/17] cfi: add __cficanonical [v3,03/17] mm: add generic __va_function and __pa_function macros [v3,04/17] module: ensure __cfi_check alignment [v3,05/17] workqueue: use WARN_ON_FUNCTION_MISMATCH [v3,06/17] kthread: use WARN_ON_FUNCTION_MISMATCH [v3,07/17] kallsyms: strip ThinLTO hashes from static functions [v3,08/17] bpf: disable CFI in dispatcher functions [v3,09/17] treewide: Change list_sort to use const pointers [v3,10/17] lkdtm: use __va_function [v3,11/17] psci: use __pa_function for cpu_resume [v3,12/17] arm64: implement __va_function [v3,13/17] arm64: use __pa_function [v3,14/17] arm64: add __nocfi to functions that jump to a physical address [v3,15/17] arm64: add __nocfi to __apply_alternatives [v3,16/17] KVM: arm64: Disable CFI for nVHE [v3,17/17] arm64: allow CONFIG_CFI_CLANG to be selected

Message ID

20210323203946.2159693-12-samitolvanen@google.com (mailing list archive)

State

Superseded

Headers

Date: Tue, 23 Mar 2021 13:39:40 -0700
In-Reply-To: <20210323203946.2159693-1-samitolvanen@google.com>
Message-Id: <20210323203946.2159693-12-samitolvanen@google.com>
Mime-Version: 1.0
References: <20210323203946.2159693-1-samitolvanen@google.com>
Subject: [PATCH v3 11/17] psci: use __pa_function for cpu_resume
From: Sami Tolvanen <samitolvanen@google.com>
To: Kees Cook <keescook@chromium.org>
Cc: Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Will Deacon <will@kernel.org>, Jessica Yu <jeyu@kernel.org>,
        Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>,
        "Paul E. McKenney" <paulmck@kernel.org>,
        Christoph Hellwig <hch@infradead.org>,
        Peter Zijlstra <peterz@infradead.org>, bpf@vger.kernel.org,
        linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org,
        linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
        Sami Tolvanen <samitolvanen@google.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk

Series

Add support for Clang CFI | expand

Commit Message

Sami Tolvanen March 23, 2021, 8:39 p.m. UTC

With CONFIG_CFI_CLANG, the compiler replaces function pointers with
jump table addresses, which results in __pa_symbol returning the
physical address of the jump table entry. As the jump table contains
an immediate jump to an EL1 virtual address, this typically won't
work as intended. Use __pa_function instead to get the address to
cpu_resume.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
---
 drivers/firmware/psci/psci.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Mark Rutland March 25, 2021, 10:23 a.m. UTC | #1

On Tue, Mar 23, 2021 at 01:39:40PM -0700, Sami Tolvanen wrote:
> With CONFIG_CFI_CLANG, the compiler replaces function pointers with
> jump table addresses, which results in __pa_symbol returning the
> physical address of the jump table entry. As the jump table contains
> an immediate jump to an EL1 virtual address, this typically won't
> work as intended. Use __pa_function instead to get the address to
> cpu_resume.
> 
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> Reviewed-by: Kees Cook <keescook@chromium.org>
> ---
>  drivers/firmware/psci/psci.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c
> index f5fc429cae3f..facd3cce3244 100644
> --- a/drivers/firmware/psci/psci.c
> +++ b/drivers/firmware/psci/psci.c
> @@ -326,7 +326,7 @@ static int psci_suspend_finisher(unsigned long state)
>  {
>  	u32 power_state = state;
>  
> -	return psci_ops.cpu_suspend(power_state, __pa_symbol(cpu_resume));
> +	return psci_ops.cpu_suspend(power_state, __pa_function(cpu_resume));

As mentioned on the patch adding __pa_function(), I'd prefer to keep the
whatever->phys conversion separate from the CFI removal, since we have a
number of distinct virtual address ranges with differing conversions to
phys, and I don't think it's clear that __pa_function() only works for
kernel symbols (rather than module addresses, linear map addresses,
etc).

Other than that, I'm happy in principle with wrapping this. I suspect
that for clarity we should add an intermediate variable, e.g.

| phys_addr_t pa_cpu_resume = pa_symbol(function_nocfi(cpu_resume));
| return psci_ops.cpu_suspend(power_state, pa_cpu_resume)

Thanks,
Mark.

>  }
>  
>  int psci_cpu_suspend_enter(u32 state)
> @@ -345,7 +345,7 @@ int psci_cpu_suspend_enter(u32 state)
>  static int psci_system_suspend(unsigned long unused)
>  {
>  	return invoke_psci_fn(PSCI_FN_NATIVE(1_0, SYSTEM_SUSPEND),
> -			      __pa_symbol(cpu_resume), 0, 0);
> +			      __pa_function(cpu_resume), 0, 0);
>  }
>  
>  static int psci_system_suspend_enter(suspend_state_t state)
> -- 
> 2.31.0.291.g576ba9dcdaf-goog
>

diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c
index f5fc429cae3f..facd3cce3244 100644
--- a/drivers/firmware/psci/psci.c
+++ b/drivers/firmware/psci/psci.c
@@ -326,7 +326,7 @@  static int psci_suspend_finisher(unsigned long state)
 {
 	u32 power_state = state;
 
-	return psci_ops.cpu_suspend(power_state, __pa_symbol(cpu_resume));
+	return psci_ops.cpu_suspend(power_state, __pa_function(cpu_resume));
 }
 
 int psci_cpu_suspend_enter(u32 state)
@@ -345,7 +345,7 @@  int psci_cpu_suspend_enter(u32 state)
 static int psci_system_suspend(unsigned long unused)
 {
 	return invoke_psci_fn(PSCI_FN_NATIVE(1_0, SYSTEM_SUSPEND),
-			      __pa_symbol(cpu_resume), 0, 0);
+			      __pa_function(cpu_resume), 0, 0);
 }
 
 static int psci_system_suspend_enter(suspend_state_t state)

[v3,11/17] psci: use __pa_function for cpu_resume

Commit Message

Comments

Patch