From patchwork Wed Oct 13 18:16:44 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556529 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7659C433F5 for ; Wed, 13 Oct 2021 18:17:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B62C861053 for ; Wed, 13 Oct 2021 18:17:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238474AbhJMSTK (ORCPT ); Wed, 13 Oct 2021 14:19:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47074 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229967AbhJMSTI (ORCPT ); Wed, 13 Oct 2021 14:19:08 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B418C061570 for ; Wed, 13 Oct 2021 11:17:04 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b197-20020a2534ce000000b005b71a4e189eso4141466yba.5 for ; Wed, 13 Oct 2021 11:17:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=W4bH1nkK7xzfrNNZ5lkRiMFsqG6a9dKc6f+FT90kTO0=; b=IaPCRVxH8jSdM1KTJzGlkrf0BikrM8BSY47HGIKs47ISWmOChWglr13ne6iqKrKa3C cyRa3frcyeH5LLncdUVqGwzlbSJF0VpeLAHETBhaLoXUofjnfn0jzqzxF+8XMF6Oba3b GXy0X7Ho7CIteGeYIjUAmX9sEC5SOIqhXMaWnFYy3GB8TUOwobBU3UKF+aPUydw03EYj Sf7cSCImsdCR5Ca7K450ltTU6TsmqXtR9GHk/CFZZdmjcc8powrhgZwonYV9ls77LBTB ld4emmCDXM8azjga8aR3AePMWfQ/+PT7NQns+hPlhIlwNqNRtvJcVgfOf4q02VrXRh7R WORA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=W4bH1nkK7xzfrNNZ5lkRiMFsqG6a9dKc6f+FT90kTO0=; b=AM8E340rDmPn90PVldNaqRP9gzPwH3tSCPAEy95zXg/NL4G5bee5biprF964AtYI0s cgvo4/ih3Z4lUgFB+S/MZf6pxnwbXaCzkufOTScpTNnokJ7Xf3C6zc2M8u63KcWcwrtW 8uf4WDnZDlOim6HFR/QjwllTnTbjwu0sAuT/A1NBszil54T9kFYaRfVGiciq/OXjWJU7 Zk/CXZnEZPLsNTPOYvBwZuSAkF46J1IbZPzFSRVAnKiixp3MUkB4nP+rZWGgRMG6+dQ2 jiW6Q9FUAw5u8T/GU6HllBG7KTD991RPK+aMcL63W2k8KC5n5BE+qqSrYwPXy90fJLop hu+A== X-Gm-Message-State: AOAM532HgNb0Ya6PwAEy13vaLm7U1TD4M2RGNrZu1bh7u9kLBTvRpn68 v0m9cEM9In7gr4d+yS/Tvz1b2GSwdigl196MKG8= X-Google-Smtp-Source: ABdhPJwIu1o6oOSecHloEwQAWuf5jfQ+OTJaAHyaR5GQcSsEvoAjaNgnpV3g4fjqOeIwmX73wKVjtmMl4CkeP9g45zk= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:dac8:: with SMTP id n191mr990701ybf.390.1634149023837; Wed, 13 Oct 2021 11:17:03 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:44 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-2-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=6627; h=from:subject; bh=bmZVkzx+ryW/5L9gcOwk+Z2yP2VdUVZdeuK33/2Ghq4=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKYozW2J45q3Q+18UIrvjTazkUOsSABNi6EDNmH cqIPVhSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimAAKCRBMtfaEi7xW7l6+C/ kBa9QiaYhKQ2z/S2OgLLJIKYQVMtoontRw3OK5R2pduUmBxRibSFgpA6ClkOrVCZaLzglceSKD5BLn kr9tp+b7yII73ZMp1ElTiM79mEeffO9CuwF1uwG2mrIJ4OjuglvzhnLWXcwfVisPSCTF5G9gPcuo1Y O/HhYUFzwDZ6hGCpezRadwZewoyBRLU/rF44JitK8v+7HD/Zr4NFJ6zAZiw3b26xq72fikg79Mx/FY pyp10RZQj3vc4exfV5BSyfhCezKdFKrV/bY1OubmgGuy27O9YXnTS/cTeEnAb3YLmSSH9epHebbAno sq7eyo4fGWrCPiyhOBTM/MgqqIim/j7zMgtNo5mH7ffHO8X5LJNInGLh3jwSIRdOe/OjQVvKBdrRTR E3XueRIRXL/uXpqHHWKij92qwjDC5wb44n61acb+sX2pBpMsgWxmfTVf3IAgcJe9+RA75l1slVokgO KoJosryVs3DgEX5wbU6ZdE+/vVqQw0LslUHb1uaIHbxgE= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 01/15] objtool: Add CONFIG_CFI_CLANG support From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The upcoming CONFIG_CFI_CLANG support uses -fsanitize=cfi, the non-canonical version of which hijacks function entry by changing function relocation references to point to an intermediary jump table. For example: Relocation section '.rela.discard.func_stack_frame_non_standard' at offset 0x37e018 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000000 0002944700000002 R_X86_64_PC32 00000000000023f0 do_suspend_lowlevel + 0 0000000000000008 0003c11900000001 R_X86_64_64 0000000000000008 xen_cpuid$e69bc59f4fade3b6f2b579b3934137df.cfi_jt + 0 0000000000000010 0003980900000001 R_X86_64_64 0000000000000060 machine_real_restart.cfi_jt + 0 0000000000000018 0003962b00000001 R_X86_64_64 0000000000000e18 kretprobe_trampoline.cfi_jt + 0 0000000000000020 000028f300000001 R_X86_64_64 0000000000000000 .rodata + 12 0000000000000028 000349f400000001 R_X86_64_64 0000000000000018 __crash_kexec.cfi_jt + 0 0000000000000060 : 60: e9 00 00 00 00 jmpq 65 61: R_X86_64_PLT32 machine_real_restart-0x4 65: cc int3 66: cc int3 67: cc int3 This breaks objtool vmlinux validation in many ways, including static call site detection and the STACK_FRAME_NON_STANDARD() macro. Fix it by converting those relocations' symbol references back to their original non-jump-table versions. Note this doesn't change the actual relocations in the object itself, it just changes objtool's view of them. This change is based on Josh's initial patch: https://lore.kernel.org/r/d743f4b36e120c06506567a9f87a062ae03da47f.1611263462.git.jpoimboe@redhat.com/ Reported-by: Sedat Dilek Suggested-by: Josh Poimboeuf Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook Acked-by: Josh Poimboeuf --- tools/objtool/arch/x86/decode.c | 17 ++++++++++ tools/objtool/elf.c | 51 ++++++++++++++++++++++++++++ tools/objtool/include/objtool/arch.h | 3 ++ tools/objtool/include/objtool/elf.h | 2 +- 4 files changed, 72 insertions(+), 1 deletion(-) diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c index 1f2ae708b223..5fe31523e51f 100644 --- a/tools/objtool/arch/x86/decode.c +++ b/tools/objtool/arch/x86/decode.c @@ -63,6 +63,23 @@ bool arch_callee_saved_reg(unsigned char reg) } } +unsigned long arch_cfi_section_reloc_offset(struct reloc *reloc) +{ + if (!reloc->addend) + return 0; + + if (reloc->type == R_X86_64_PC32 || reloc->type == R_X86_64_PLT32) + return reloc->addend + 4; + + return reloc->addend; +} + +unsigned long arch_cfi_jump_reloc_offset(unsigned long offset) +{ + /* offset to the relocation in a jmp instruction */ + return offset + 1; +} + unsigned long arch_dest_reloc_offset(int addend) { return addend + 4; diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c index b18f0055b50b..cd09c93c34fb 100644 --- a/tools/objtool/elf.c +++ b/tools/objtool/elf.c @@ -18,6 +18,7 @@ #include #include +#include #include #include @@ -290,6 +291,10 @@ static int read_sections(struct elf *elf) if (sec->sh.sh_flags & SHF_EXECINSTR) elf->text_size += sec->sh.sh_size; + /* Detect -fsanitize=cfi jump table sections */ + if (!strncmp(sec->name, ".text..L.cfi.jumptable", 22)) + sec->cfi_jt = true; + list_add_tail(&sec->list, &elf->sections); elf_hash_add(section, &sec->hash, sec->idx); elf_hash_add(section_name, &sec->name_hash, str_hash(sec->name)); @@ -575,6 +580,49 @@ static int read_rela_reloc(struct section *sec, int i, struct reloc *reloc, unsi return 0; } +/* + * CONFIG_CFI_CLANG replaces function relocations to refer to an intermediate + * jump table. Undo the conversion so objtool can make sense of things. + */ +static int fix_cfi_relocs(const struct elf *elf) +{ + struct section *sec; + struct reloc *reloc; + + list_for_each_entry(sec, &elf->sections, list) { + list_for_each_entry(reloc, &sec->reloc_list, list) { + struct reloc *cfi_reloc; + unsigned long offset; + + if (!reloc->sym->sec->cfi_jt) + continue; + + if (reloc->sym->type == STT_SECTION) + offset = arch_cfi_section_reloc_offset(reloc); + else + offset = reloc->sym->offset; + + /* + * The jump table immediately jumps to the actual function, + * so look up the relocation there. + */ + offset = arch_cfi_jump_reloc_offset(offset); + cfi_reloc = find_reloc_by_dest(elf, reloc->sym->sec, offset); + + if (!cfi_reloc || !cfi_reloc->sym) { + WARN("can't find a CFI jump table relocation at %s+0x%lx", + reloc->sym->sec->name, offset); + return -1; + } + + reloc->sym = cfi_reloc->sym; + reloc->addend = 0; + } + } + + return 0; +} + static int read_relocs(struct elf *elf) { struct section *sec; @@ -638,6 +686,9 @@ static int read_relocs(struct elf *elf) tot_reloc += nr_reloc; } + if (fix_cfi_relocs(elf)) + return -1; + if (stats) { printf("max_reloc: %lu\n", max_reloc); printf("tot_reloc: %lu\n", tot_reloc); diff --git a/tools/objtool/include/objtool/arch.h b/tools/objtool/include/objtool/arch.h index 589ff58426ab..93bde8aaf2e3 100644 --- a/tools/objtool/include/objtool/arch.h +++ b/tools/objtool/include/objtool/arch.h @@ -81,6 +81,9 @@ unsigned long arch_jump_destination(struct instruction *insn); unsigned long arch_dest_reloc_offset(int addend); +unsigned long arch_cfi_section_reloc_offset(struct reloc *reloc); +unsigned long arch_cfi_jump_reloc_offset(unsigned long offset); + const char *arch_nop_insn(int len); const char *arch_ret_insn(int len); diff --git a/tools/objtool/include/objtool/elf.h b/tools/objtool/include/objtool/elf.h index c48c1067797d..e9432be2a0b0 100644 --- a/tools/objtool/include/objtool/elf.h +++ b/tools/objtool/include/objtool/elf.h @@ -38,7 +38,7 @@ struct section { Elf_Data *data; char *name; int idx; - bool changed, text, rodata, noinstr; + bool changed, text, rodata, noinstr, cfi_jt; }; struct symbol { From patchwork Wed Oct 13 18:16:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556531 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3C21C433EF for ; Wed, 13 Oct 2021 18:17:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C507261154 for ; Wed, 13 Oct 2021 18:17:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238482AbhJMSTM (ORCPT ); Wed, 13 Oct 2021 14:19:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238458AbhJMSTK (ORCPT ); Wed, 13 Oct 2021 14:19:10 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6716C061570 for ; Wed, 13 Oct 2021 11:17:06 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id h185-20020a256cc2000000b005bdce4db0easo4051140ybc.12 for ; Wed, 13 Oct 2021 11:17:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ddM0wjXjuVhiESwBHLGsB/XcUm7YnLsw3weEAwMgFME=; b=DzJe/FhyjAokjnnxFQ0rBkacgAGKjayT5VwKQxTR4XCFjeL0GT9oTPrs0S0kVuwWBb EO7HJtGj52OFfO1pEGUy+nmp8SjWRcDEmn5CmNnwDq8EP0m1QlH+erpfeOfI0b1CqLvU TXf3Jdi2OGDL5fLBmf2Jw850Lz6MPqfmrYUrzq5oVBy3sEMFRCBF5U7JErhv/QmtkoAK kVSfYtIgUoBjgLyYXqUqKuqr5rOL2l06G89950silNPDw71oeF3AcTAkcMLyKDpFvtBY 6du/OpowoDdOn1uQ2jbcOXCVORj+xgh/p6M2hbzk+YYukSW3wp9PQco/TWuFC1IVQGv5 bojA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ddM0wjXjuVhiESwBHLGsB/XcUm7YnLsw3weEAwMgFME=; b=YnVGnwJNb6VPKQaAfq0uPRhwlacVQX8FAa5qStczkvXB/12BX/5hJx4Zj4t4pRsV+T hwgwUO4L7zKUfbx/Wg95JjzB6x+oafy65U9EcKVvG6k6q85SDZrSIorCxutxejY2xhzf ZeAEP612ibi+zZJj+1rpQ1jwz/mthMeBP3k7A9BWgBW6dA8SQ38hQhfQxbXEuHP1akdC Jdu2v7XhRl6W5NZL552MSCDnMEWHZjCKh5GsveFMJredAWCOi8FravK7mL4AZ5sTSvLW mNXGW9MAmjbFZHxgWGXS3e+uR08ucA6SYrZp9AUoWmNPJHhuz+z9leQjZ4zK5JN9dAjA fopA== X-Gm-Message-State: AOAM530DixyeKlF59VwhFhMen/6lhN2VBU76SEJnwPpXrD/5wJbFODcF 3BANWZ3Q2ItTvCtcID75i9AC6cHLMxHoAPzi/NE= X-Google-Smtp-Source: ABdhPJyfPiWvwvyeGuzv1LxIxNV3AorG5YJBB0JF63uKvJE7ax6+V2igiPMVtj2orDazolU/eFQ8Gjy3Rb43OAux4iY= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:bd93:: with SMTP id f19mr1010727ybh.23.1634149026081; Wed, 13 Oct 2021 11:17:06 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:45 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-3-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2401; h=from:subject; bh=FbKx6kJYHXjri4vS3aVbZDzbVSEbthmZmW2N9ZzoevU=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKYaPNjTvTJEt/2zmgf+vF3zAIrGYZaw+pgnDSc seWZsv2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimAAKCRBMtfaEi7xW7l+SC/ 9Rs2vaJZcjKizF7OtJ+jkFalcGem/aEeWPBrHMuOC5YoULYYF6tC5JdtSl2YGGLykeqwyKJJyw6pvr ptAc0tl4opaiXPuJzVqq2EkVITGV2g3lezpp/5x7CrkTu+0uNxoLwbA3JjmR7dLN63j9MvCeozia0n aePKOv/AXfSjuNXMkT8mq/DWCJoxGIWRG+v8atmhLnHHxNdLYu0PqFXMbHUEsxr4shxsPQwh9qWJ+P PbXjZxmAWh+CLfZ6yYXkWely9sAyZ157NJuya9XsR7YhOdTEN6T5IgtWLY5Vcog91a7KYIFcKU/2nw HF6CZTRTscTOUrJhcvucGdZhKFPV+CdBDvPcb+Zat8XO6hBvczzBuhM5Mu453pnGkYW+KmmEF5CHsT pI3+S4s07v+ptfu0Imn35QbW6k+UbWdNaKZsaHjsbTIxb3aNWNmnLqda01fGR8bGSeVZT1afOQMvss sTI0VkSZj/3zvudtfkQ+0DzZ3gzQJ0fyKxW6ztSZI27Cs= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 02/15] objtool: Add ASM_STACK_FRAME_NON_STANDARD From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org To use the STACK_FRAME_NON_STANDARD macro for a static symbol defined in inline assembly, we need a C declaration that implies global visibility. This type mismatch confuses the compiler with CONFIG_CFI_CLANG. This change adds an inline assembly version of the macro to avoid the issue. Signed-off-by: Sami Tolvanen Acked-by: Josh Poimboeuf Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- include/linux/objtool.h | 6 ++++++ tools/include/linux/objtool.h | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/include/linux/objtool.h b/include/linux/objtool.h index 7e72d975cb76..080e95174536 100644 --- a/include/linux/objtool.h +++ b/include/linux/objtool.h @@ -66,6 +66,11 @@ struct unwind_hint { static void __used __section(".discard.func_stack_frame_non_standard") \ *__func_stack_frame_non_standard_##func = func +#define ASM_STACK_FRAME_NON_STANDARD(func) \ + ".pushsection .discard.func_stack_frame_non_standard, \"aw\"\n" \ + ".long " __stringify(func) " - .\n" \ + ".popsection\n" + #else /* __ASSEMBLY__ */ /* @@ -127,6 +132,7 @@ struct unwind_hint { #define UNWIND_HINT(sp_reg, sp_offset, type, end) \ "\n\t" #define STACK_FRAME_NON_STANDARD(func) +#define ASM_STACK_FRAME_NON_STANDARD(func) #else #define ANNOTATE_INTRA_FUNCTION_CALL .macro UNWIND_HINT sp_reg:req sp_offset=0 type:req end=0 diff --git a/tools/include/linux/objtool.h b/tools/include/linux/objtool.h index 7e72d975cb76..080e95174536 100644 --- a/tools/include/linux/objtool.h +++ b/tools/include/linux/objtool.h @@ -66,6 +66,11 @@ struct unwind_hint { static void __used __section(".discard.func_stack_frame_non_standard") \ *__func_stack_frame_non_standard_##func = func +#define ASM_STACK_FRAME_NON_STANDARD(func) \ + ".pushsection .discard.func_stack_frame_non_standard, \"aw\"\n" \ + ".long " __stringify(func) " - .\n" \ + ".popsection\n" + #else /* __ASSEMBLY__ */ /* @@ -127,6 +132,7 @@ struct unwind_hint { #define UNWIND_HINT(sp_reg, sp_offset, type, end) \ "\n\t" #define STACK_FRAME_NON_STANDARD(func) +#define ASM_STACK_FRAME_NON_STANDARD(func) #else #define ANNOTATE_INTRA_FUNCTION_CALL .macro UNWIND_HINT sp_reg:req sp_offset=0 type:req end=0 From patchwork Wed Oct 13 18:16:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556533 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 691F2C433F5 for ; Wed, 13 Oct 2021 18:17:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 486F461151 for ; Wed, 13 Oct 2021 18:17:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238517AbhJMSTO (ORCPT ); Wed, 13 Oct 2021 14:19:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238301AbhJMSTM (ORCPT ); Wed, 13 Oct 2021 14:19:12 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E38A9C061570 for ; Wed, 13 Oct 2021 11:17:08 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 124-20020a251182000000b005a027223ed9so4020623ybr.13 for ; Wed, 13 Oct 2021 11:17:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=FoXd8A5yBl5zTK4n74qRXb6mrob4ulbtJd9Mt05Vdgo=; b=KiscXSO4k4IYnMTbuXNW10nY08Qehib8Dg3+aXDD4VrMmp0EHge8/M//AQJadMNjpt kqrRb3i483KcY0hAzMYuKZZXlOfaow85GbRWRia5bXakYv1MkbVO5LQGPDTd4a0AbAmb y/Dhjek/tHDXR6IUO94R7Wf9bnV+iUj9R3b2qVwYCw7wqcRDhID+VdVsdDM5y4oiK2wQ 24zvPYKL7fGOp69C7wdWwArvNXgrHReV4925g6BncfFMPVhUebt/Mx0MHRfOuKyYlWFO TDfoIrLjIBQjk3hPvZratn/i8kHf0ebSvgR1GWJZmPlzlobS0mouniV2WZUXT5Zy5EuJ BrVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=FoXd8A5yBl5zTK4n74qRXb6mrob4ulbtJd9Mt05Vdgo=; b=JKMi8ilBF8WOnibhqT3mrkeaDQy9cAS0Ixr4Fe5uXQVEF4G8kNDKkvkuv+7MHOoCPy 32r9WkedSDccEWrY1IE5bS7g6F3S2RzLCDuPIWnRxcda+9paCbbkfAGLruhsRyZR0IwZ tJCu00k3kr7XdxD9HFYCe8U+DuYrtOS2I8iPznsHY8n/7MWIqbXHrDFWL5a/5PkL1jGX 7Yo5KWCzyY92CQ9+cj2slo5In0klSbQv+8WzEGHT93oxVb3xKIzX3U4ZeK8sFwqdlm/u pKvrIwXvx4HAh0MB66bwga4ItH7zJwRlE1YshQ4YWXJj8jmhbeK2Y+WPHrkn0kr64ff5 rv+g== X-Gm-Message-State: AOAM533l806Oi8qJO5GQmM8syZs6a9u33fuikh1jWFzVbAWCNPGSe8C3 U2KiRz8A9tDREjK3AIjeZxLJsIe8xBgcujgsceI= X-Google-Smtp-Source: ABdhPJwEBv6OWKYR60C1enDw/WfBP4Jd0wflLwl/UqP7LiwqgaJ2XY67Os7aW5OuVY7MCGFxvnDaSEF7AvB+2FYUcnM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:9cc4:: with SMTP id z4mr996366ybo.438.1634149028156; Wed, 13 Oct 2021 11:17:08 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:46 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-4-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1570; h=from:subject; bh=9TaYbW6mmsL4TERvjvklbWb1rsI1HLNkbQv0+8k6eF8=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKYk3d0zoveLU3yO/ysp6D7/qX5kCsV8mZRDQAS JQ6JgCmJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimAAKCRBMtfaEi7xW7v4VC/ wLeecHklbE1u2GdiD+6gORRwE54gDbkRU7gp135RHtkvGGmUbCVML1bRrDxnoU6z8Tkx+CjUh68lcN lMnkynHrYrJDCS1xiW+26RnB2xH0dWx9sqgKLec3QlRwnT8nD3dfabLSzT7IQVYaXhwkdH4WBVLPI5 OZgr4JW+/XxoOOkMJqXSklHIqoaL05hpaAuq9HMP4tyQqmFdKAcSye1ObdWd8dioM5vvhDS7vWPASe kjG4dBMun5lUlSWU8c/v4ZluGGkqJoGSV14m4CDrSF6LBvny3ewoBYnW2ed+iASMFIRo3dPEdHiwr8 jkMmAv50r+KSxkHdGXi6I/5FRcP4A/zs4LEOYVFntCNq1dZZVcJqmMA8FivAmTOVX0FL8NzjX+P51x 9ERwEDELBbhW3Jg2aA7n22kwHjNAgoII4ONUmp+TR8ENGnig/dx0B5ncbfs1iUpJ6qbWQT6ahP2p8B spRc8RS6OjkzGuIpEGJTYQO7VxCzwbOL3UNGPb3N5JSVo= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 03/15] linkage: Add DECLARE_NOT_CALLED_FROM_C From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The kernel has several assembly functions, which are not directly callable from C but need to be referred to from C code. This change adds the DECLARE_NOT_CALLED_FROM_C macro, which allows us to declare these symbols using an opaque type, which makes misuse harder, and avoids the need to annotate references to the functions for Clang's Control-Flow Integrity (CFI). Suggested-by: Andy Lutomirski Suggested-by: Steven Rostedt Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- include/linux/linkage.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/include/linux/linkage.h b/include/linux/linkage.h index dbf8506decca..f982d5f550ac 100644 --- a/include/linux/linkage.h +++ b/include/linux/linkage.h @@ -48,6 +48,19 @@ #define __PAGE_ALIGNED_DATA .section ".data..page_aligned", "aw" #define __PAGE_ALIGNED_BSS .section ".bss..page_aligned", "aw" +/* + * Declares a function not callable from C using an opaque type. Defined as + * an array to allow the address of the symbol to be taken without '&'. + */ +#ifndef DECLARE_NOT_CALLED_FROM_C +#define DECLARE_NOT_CALLED_FROM_C(sym) \ + extern const u8 sym[] +#endif + +#ifndef __ASSEMBLY__ +typedef const u8 *asm_func_ptr; +#endif + /* * This is used by architectures to keep arguments on the stack * untouched by the compiler by keeping them live until the end. From patchwork Wed Oct 13 18:16:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556535 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9619C433EF for ; Wed, 13 Oct 2021 18:17:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9762B61152 for ; Wed, 13 Oct 2021 18:17:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238555AbhJMSTR (ORCPT ); Wed, 13 Oct 2021 14:19:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238475AbhJMSTO (ORCPT ); Wed, 13 Oct 2021 14:19:14 -0400 Received: from mail-qk1-x749.google.com (mail-qk1-x749.google.com [IPv6:2607:f8b0:4864:20::749]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2FFA3C061570 for ; Wed, 13 Oct 2021 11:17:11 -0700 (PDT) Received: by mail-qk1-x749.google.com with SMTP id v14-20020a05620a0f0e00b0043355ed67d1so2557811qkl.7 for ; Wed, 13 Oct 2021 11:17:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7Et8itix18GpyAjahZqPt1V8kIsz34x/KqZyZkJ8saM=; b=ozICM49CE2OWJqCOH9tP80XKMk3vu1AtbDr/v3RLj5sNl9OdewL1mtqBHEkZgm/jre dy7ooHFtMVO0amhWXoZs6i5zgN3Uu37lKHSqW0Bsv8Jmq8R8cVVGoyywDiOFq5XGedI9 194cN1LFqMqQEhmMLr1Eqinsgk33ThbxFdrvVvY1Hx7p2a1ZfdfqxHS0i8dTENOBn/sL b8pYfNQ4mQFPllXmBEgNKGgA/0E1I4lTRrvh83vb/bpCu+nOXD487+XFinwyHZevwJo2 2+/rtj1Cek7q66Z5Ii3mdZXqBBp6cXT/Wz94WgSIowULd2Z76AeAWP3pXXgDJx26oKI+ hEvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7Et8itix18GpyAjahZqPt1V8kIsz34x/KqZyZkJ8saM=; b=LdY46A3Ge+m9RydnhH9OHqPQgZR2E1Hs2/l4d0K8n1C3gWAtJcnryjO9HoTboEpYXl PvFdK6XbjZO11aokcv5f2bgB8K7UNUrkdXNt2x0+CPg7z+uHgNt1LFw4xtv22wPI2zid L6nUsKGHtWk6YKb+ilMXEaHFl+agdcWNC6ywL2ACUfE9IPdIQmrF5OHKK7iwXB/N8jLX Mk2wZavj8RfqLS7yLWwjdlRD0bTry/7ow9H7kA1IOELQ9mpx3AIoBiu9eiUdkT1a1UiZ cfCl0iR6CRtZQj2nep5TxZz2l3K5AqezXXTJ7AzVqNkcd2wn0enRBCskabQu44qBizFa cZeA== X-Gm-Message-State: AOAM532vcPHYDYB2S6uxTeCPPxHYf7CrKwL6RDKr1alL9nmsHWtygcUn 7yCabLEuj0md3c+rWGMzUerxHIHVzNsQnTrcmkw= X-Google-Smtp-Source: ABdhPJwcoHVQJavUD3ZFgfmM1PTs5OPnXrvBPJgKaJnj/ce2aSdRwx6NsvwguvF8iGXaOvNW1dEloN+G1M/p4J7aauQ= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a05:622a:394:: with SMTP id j20mr1042103qtx.386.1634149030337; Wed, 13 Oct 2021 11:17:10 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:47 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=3814; h=from:subject; bh=c20vs+8oCNIwFtONU4ML5OORlTf8ohrpjgEoh/S//sg=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKYmw2MiX69EDT1JRi2oj1H0ISRQ8X3gMVdZ1nt h4/nvC+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimAAKCRBMtfaEi7xW7uJ8C/ 98X2JIAb8WoYZ0uzW9SPF07AGAyyiJapAKnuP2YI1/zCaq0VUDo7bRT95fO8VEgNThWznatVDRz268 t12ofjD41BS+qUksuSg0gYEoGCDondtLp0mC8rUcAWGGM0XwZeaZMCdNjy1LHBit2qlaplf45eaObr K1AvDg5YyHfGkG4ZROPn2R0jlO1YKt6RtJ+di6FHHjWP+03CzQ1+K3aH2U0g5OK304fnGDjB3LVoNb xOF06HYXFSdVJMBE7TC19OhUsIuwGqXP+JDAL1JRJ6o+jt+zZdxpqVIOJVcprhyPc3EX/NZSN9MsF/ eH3FU41w/QNEowm0RVHSz2TIhmwOuFJTvrV3m2YF2EE+2GdHZh659rUlJ7VaNJ5mNDmezePqwBX6D6 Ubb4JZLobYZNFtGFZs7bhXOwEgVbZ2TFZrzW+jc0cFHXevmx23gp49PMVdi+5Q+NKAW5ZB1UrJFqTd cp90deW3H7Lmp9E7X99yJwjLa/f14Hc7a+jf170aaiQSA= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 04/15] cfi: Add DEFINE_CFI_IMMEDIATE_RETURN_STUB From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org This change introduces the DEFINE_CFI_IMMEDIATE_RETURN_STUB macro, which defines a stub function that immediately returns and when defined in the core kernel, always passes indirect call checking with CONFIG_CFI_CLANG. Note that this macro should only be used when a stub cannot be called using the correct function type. Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- include/asm-generic/vmlinux.lds.h | 11 +++++++++++ include/linux/cfi.h | 13 +++++++++++++ kernel/cfi.c | 24 +++++++++++++++++++++++- 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index f2984af2b85b..5b77284f7221 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -407,6 +407,16 @@ KEEP(*(.static_call_tramp_key)) \ __stop_static_call_tramp_key = .; +#ifdef CONFIG_CFI_CLANG +#define CFI_EXCLUDED_DATA \ + . = ALIGN(8); \ + __start_cfi_excluded = .; \ + KEEP(*(.cfi_excluded_stubs)) \ + __stop_cfi_excluded = .; +#else +#define CFI_EXCLUDED_DATA +#endif + /* * Allow architectures to handle ro_after_init data on their * own by defining an empty RO_AFTER_INIT_DATA. @@ -430,6 +440,7 @@ __start_rodata = .; \ *(.rodata) *(.rodata.*) \ SCHED_DATA \ + CFI_EXCLUDED_DATA \ RO_AFTER_INIT_DATA /* Read only after init */ \ . = ALIGN(8); \ __start___tracepoints_ptrs = .; \ diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 879744aaa6e0..19f74af8eac2 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -20,6 +20,17 @@ extern void __cfi_check(uint64_t id, void *ptr, void *diag); #define __CFI_ADDRESSABLE(fn, __attr) \ const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn +/* + * Defines a stub function that returns immediately, and when defined and + * referenced in the core kernel, always passes CFI checking. This should + * be used only for stubs that cannot be called using the correct function + * pointer type, which should be rare. + */ +#define DEFINE_CFI_IMMEDIATE_RETURN_STUB(fn) \ + void fn(void) { return; } \ + const void *__cfi_excl_ ## fn __visible \ + __section(".cfi_excluded_stubs") = (void *)&fn + #ifdef CONFIG_CFI_CLANG_SHADOW extern void cfi_module_add(struct module *mod, unsigned long base_addr); @@ -35,6 +46,8 @@ static inline void cfi_module_remove(struct module *mod, unsigned long base_addr #else /* !CONFIG_CFI_CLANG */ #define __CFI_ADDRESSABLE(fn, __attr) +#define DEFINE_CFI_IMMEDIATE_RETURN_STUB(fn) \ + void fn(void) { return; } #endif /* CONFIG_CFI_CLANG */ diff --git a/kernel/cfi.c b/kernel/cfi.c index 9594cfd1cf2c..8d931089141b 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -278,12 +278,34 @@ static inline cfi_check_fn find_module_check_fn(unsigned long ptr) return fn; } +extern unsigned long __start_cfi_excluded[]; +extern unsigned long __stop_cfi_excluded[]; + +static inline bool is_cfi_excluded(unsigned long ptr) +{ + unsigned long *p = __start_cfi_excluded; + + for ( ; p < __stop_cfi_excluded; ++p) + if (*p == ptr) + return true; + + return false; +} + +static void __cfi_pass(uint64_t id, void *ptr, void *diag) +{ +} + static inline cfi_check_fn find_check_fn(unsigned long ptr) { cfi_check_fn fn = NULL; - if (is_kernel_text(ptr)) + if (is_kernel_text(ptr)) { + if (unlikely(is_cfi_excluded(ptr))) + return __cfi_pass; + return __cfi_check; + } /* * Indirect call checks can happen when RCU is not watching. Both From patchwork Wed Oct 13 18:16:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556537 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5A39C433EF for ; Wed, 13 Oct 2021 18:17:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CD87B61053 for ; Wed, 13 Oct 2021 18:17:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238564AbhJMSTT (ORCPT ); Wed, 13 Oct 2021 14:19:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47132 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238515AbhJMSTR (ORCPT ); Wed, 13 Oct 2021 14:19:17 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8869BC061749 for ; Wed, 13 Oct 2021 11:17:13 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id i21-20020a253b15000000b005b9c0fbba45so4056953yba.20 for ; Wed, 13 Oct 2021 11:17:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=pwc+FjCPki+pUsdoZo4XtJgdpZmZm/wSJdGRGya5uYY=; b=gOF7RA7uIlhQH2y6fpTZ/eYAsnv1UDVeHBdG5Kz1y5KjInfhB/skiCNuMhYaz6eYMP 6GeQ2qks2JCVGdaRZGOZLkvn8C/4B/RAaTLcXXC2JWDx4WcSdWIwcHfkX81YLVBXmS23 QztXIV6wFQRws60P9NG88hizCJNTlWFUA/gCLyntCxc2YYRnSw0HQb0eY9wLpXIUaetJ /3F+yRlpTuztm2JCTPrGCw4izcPp406dteS3fYtJaRbRREtcpZV02aA5BiXGg9J8FHPl 5Ik8sgKoc95K5v9HO3PCu+zEclGvM0zPjV1HMq6Vuhjg/uV+pgU1gcZEO5PHwQhx0fOh qsdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=pwc+FjCPki+pUsdoZo4XtJgdpZmZm/wSJdGRGya5uYY=; b=Rg/MXVfLSdeA1R6/7MWJJiOQhoDkuP1nmtFxYZDKft8eG3XrMC9U+jBp4HmaqMEAC2 ZRw6aRtjIU94XQGUDE4Ajb9wqstHhSfCUptwI2Hn3+dGAxtFNU2pQyQvoCEyQEDeUTp3 OBMM0yggMDbM4D5LJYN3l8yDssSD1YNUlLvfOX503aFAPDIBOr2K72VSccncDj2V55NB wldCtwzW9dtoNdrlcMldkSK0nG5OmLukjVmK4CXmf/j9kh3c3hOLuxDgleb8qGIaGMzE zcTnMqMqCaLD7DdA9XZOgwR2Wmjr/1sSiU1/MXb2FHK/6QN4PvGHYeuvG45ZbcCEmt8q +Pww== X-Gm-Message-State: AOAM533hhsWE/pLCj1JeHS4Z/3Xc488kiRoxgVEXkKcFHiEADZCEdjxN CpNL5JNr6WMur1CL7rt7d4dQjc4fUtC8Eoz3U5M= X-Google-Smtp-Source: ABdhPJyWPDqKT324szFJC4m98Gmao0mZQffA/TQHyI6vRVx35cd0fK6KMipKD9p3PzfsdYuss7rwTR0Khdlr26P6Xwk= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:3444:: with SMTP id b65mr1043658yba.14.1634149032759; Wed, 13 Oct 2021 11:17:12 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:48 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-6-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1309; h=from:subject; bh=BL9K7dUCONXE4VvXTqnjSPxrA+FUfOmovuNFxXJ8MRk=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZY/qhtY/5gujF/wKD5yM9Ja1YB+6s4Oesturj aO9VY8yJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7jcGDA CpV1/NduuFcm3XECRF3c5hFL6tJA8OCSbz+U3Zgb1RZh2f0MRl+klpd04bXkPbEBdveq6mfleQeGGH gbW51ynVOOFQ8jhVJRwWaf0TKudEr46kKi9XrXPPz81eIatGXP5tFmYpV8hwLX1fjQw9xy94z66T0s U8SJzEYszjKtbHIfP+IDX0BcdEl/zd67ZgvmepKwivvX/1B11iC8rSN8iEzO167nOHET7Q3d9b6yYV baaovxkM36P3Lo4LuWtwO1zfcb1Qq9Yfgn3QpOqDAKT0RkXWhoH45GZfYB0yi1EOOQbrXeHi7XWANV ArCGDunFiLdLhFt9VWvmPGqBcb5YHmllurJe+UxIKtSBWmqIAeUVAEt0WFuXnJ3Otx+ahNYyFo7Djk LimIQquwgKSfEXEYUl9NwfcbZ0jSccnFx5n1D3CVFuCV3QDrchxDrl1VXorvxRdsqDc4Cg4tbUP7qo 4RS4vYNlusrgwq/ARKH95rzQ7yvYLG7UObThxGmXXX4P8= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 05/15] tracepoint: Exclude tp_stub_func from CFI checking From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org If allocate_probes fails, func_remove replaces the old function with a pointer to tp_stub_func, which is called using a mismatching function pointer that will always trip indirect call checks with CONFIG_CFI_CLANG. Use DEFINE_CFI_IMMEDATE_RETURN_STUB to define tp_stub_func to allow it to pass CFI checking. Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook Reviewed-by: Steven Rostedt (VMware) --- kernel/tracepoint.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/kernel/tracepoint.c b/kernel/tracepoint.c index 64ea283f2f86..8a0d463c8507 100644 --- a/kernel/tracepoint.c +++ b/kernel/tracepoint.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include #include @@ -99,10 +100,7 @@ struct tp_probes { }; /* Called in removal of a func but failed to allocate a new tp_funcs */ -static void tp_stub_func(void) -{ - return; -} +static DEFINE_CFI_IMMEDIATE_RETURN_STUB(tp_stub_func); static inline void *allocate_probes(int count) { From patchwork Wed Oct 13 18:16:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556539 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C8C3C433FE for ; Wed, 13 Oct 2021 18:17:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3CD3061151 for ; Wed, 13 Oct 2021 18:17:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238504AbhJMSTZ (ORCPT ); Wed, 13 Oct 2021 14:19:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238533AbhJMSTT (ORCPT ); Wed, 13 Oct 2021 14:19:19 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 08D85C061570 for ; Wed, 13 Oct 2021 11:17:16 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id s66-20020a252c45000000b005ba35261459so4101583ybs.7 for ; Wed, 13 Oct 2021 11:17:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=uYgui4LcJCAu520X9XRPu73XHip6FUKmXdkDEHt9sf4=; b=DFFjEsk0DHYUkvEg71gesxM1jhY/PvKsosaTZYW26zppRAWHyO7xGBmA3GW1+3SvZO vJ3Aty5bZrryPS1KQ89oeEsy3OorFeX2/O/MCFV4ak4kQ8Q5j5DJpUm9p2ALqj1Kh67l BWeeV8dEb3J9BWb5QHusfPmt5pthzRIshMzvMpZxCxawvff7QBh6P4HF6iu5Y6EyIhIq j3VYtLAXRqrdSu0S9/j09gbPIVvqcjqFDcZUuGljfZTpgOmsRp5jk1tFY3odw2W5Y+g7 FyE4G0zjHsSFxSQN9TUScZpEgdBZFAmH9/Bqh/lP3Cufg96rt6JMMsKv8DnRVq/dKSJq 0QnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=uYgui4LcJCAu520X9XRPu73XHip6FUKmXdkDEHt9sf4=; b=DeJU4LL9LCM/ssUEURkTM2rAwramd0TgyGSlnTV/Y2v2i2EIJoRYIjVuyJdJNffqN+ fwYOvUO5iittXZckqnLXM3FGCLXNH25Ar4TvQp6fiu37oc3/mtjZvrO2Q4FwTX3prRvJ +dRGxsApMfOyuOXQr3MAUVaGfaScEQ8czu81WMYEMBhdBY2MVPG/5uaT5qs2R+bGTHFj Sh1nQAzlT+4hS8f0uNoLeb6Npxyv0+1on0M2JPyJflN1jxINsnd4LL3jJCG3ZFzrf/zE 1G4+WM+Sie89um/AYxgGH+wjAmiHPTilZbQX7tDaZCHNdIQAikcgTfzsf92wyyFqAgof e0Lw== X-Gm-Message-State: AOAM531LZajkBCaOklhRl79MAD2qwxf38dQSSJ9dmO3QSvsaZtZdQVOB yTeUoFEMr8kIdbLl0b+8E5mpwFPr9FZNhka4faA= X-Google-Smtp-Source: ABdhPJxGrZ3uK2o7zBGwJFbwOUMIqY2Gr1+8SNaYVvaItj5OgelXf3WnAMO9FMgcvi9tN2iVM+ZUHg1aJ2eifFKiBEM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:b309:: with SMTP id l9mr1016589ybj.188.1634149035299; Wed, 13 Oct 2021 11:17:15 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:49 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-7-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1273; h=from:subject; bh=5DShhAajwjmzrfSwj/lEi4XSN+JegxsOm6BWBdFck6I=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZKs7Z8rJfh+XBswnV4fhruJzNX+jRaxkL1iyj 4ScskumJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7tp1C/ 9Z/6X7sYi+7RUoe7jG9LbKiOnREua/5UZWNkOXSEymJa7LVemcvOMNsKyEOC9bP9A0M+qJEVqWg4M4 pLHVLlgAolDCiMSiDi3FPL5L8flnwyZWd5n7gonK6/ixYUGBU07O9ESMM+dZJSH2IpYq30t5Ghke9v W0FINWJcXfxur39c0c8U29feQjsHKwm6daEajkBJFJd9PcfQRbIKiou77cVkOkmmNSG55Q5Ab3Z28E ZYPXpA0btI9EAdOu89pUqJw3rwmxn/Ni+5iSv/zvw2j86xgcxIaOsIViRTjFZgH18zW64DlQwLkOtt /PnM9fWSkZuUNii0yPNlfB3o5yDP4RJkn702PeCmhecpcwbFQm2DYaWR63yCDMQ0859YTZ5TY6hMU6 myaumMSkRFZo4xTPI3ND4PwssMappyQY0FKvBNEO4gCatylLrEQ8IqeFO2/YhiwSfWna7zqlWQkZUA u4UYby5V6XzqSjO5dmP3oV2fXNlw41TzefnqDCZqdQOxY= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 06/15] ftrace: Use an opaque type for functions not callable from C From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With CONFIG_CFI_CLANG, the compiler changes function references to point to the CFI jump table. As ftrace_call, ftrace_regs_call, and mcount_call are not called by C code, but are trampolines injected as calls replacing the nops at the start of functions added by the compiler, use DECLARE_NOT_CALLED_FROM_C to declare them. Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook Reviewed-by: Steven Rostedt (VMware) --- include/linux/ftrace.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h index 832e65f06754..c53a00b96ba9 100644 --- a/include/linux/ftrace.h +++ b/include/linux/ftrace.h @@ -578,9 +578,10 @@ extern void ftrace_replace_code(int enable); extern int ftrace_update_ftrace_func(ftrace_func_t func); extern void ftrace_caller(void); extern void ftrace_regs_caller(void); -extern void ftrace_call(void); -extern void ftrace_regs_call(void); -extern void mcount_call(void); + +DECLARE_NOT_CALLED_FROM_C(ftrace_call); +DECLARE_NOT_CALLED_FROM_C(ftrace_regs_call); +DECLARE_NOT_CALLED_FROM_C(mcount_call); void ftrace_modify_all_code(int command); From patchwork Wed Oct 13 18:16:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556541 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53E2AC4332F for ; Wed, 13 Oct 2021 18:17:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F7C361151 for ; Wed, 13 Oct 2021 18:17:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238640AbhJMST0 (ORCPT ); Wed, 13 Oct 2021 14:19:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238557AbhJMSTW (ORCPT ); Wed, 13 Oct 2021 14:19:22 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8352FC06174E for ; Wed, 13 Oct 2021 11:17:18 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id b126-20020a251b84000000b005bd8aca71a2so4115023ybb.4 for ; Wed, 13 Oct 2021 11:17:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=d0myA17I+7bzLvfYc8WHo0j2jMBEdMbw8i8TN5wyosE=; b=IU3puBL85zj6Lx8k4sxk1Vw+UZ6n0eSMGWYdDv1HWpAXtehTLImiKTIqNI8ZzKWioc xbaEb9HE2+3N/olyHG5DVJLiXbVoy0RO2zUjcSarVnPNKEcgdKzM3cDxTPJFmh4PlC+b ldsZU8MjooW18ndQoHH87+8/Nuo6wlM6oH2aome4v3bBD7Edom65JnzvsVOTp8a7nAed Rp4Sm+0/cvPA3aDMSFrMaDfOBHSEzhGzJClJCQmvjBAtPBZ7jRWoXXyBRk8YvF9hOw7O oZ3k2eNIWusXbwJ8H2QpYVeDxQT4vRxeLHjR7/djcxp/tjqb4McdBXKezl/BNfwDYy2/ wfKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=d0myA17I+7bzLvfYc8WHo0j2jMBEdMbw8i8TN5wyosE=; b=q2n5ruHK+BzAZc444Nw2kPD8x4T5DVypGRTGqXySFIs2MaLr+5vOlT2yGiGewLz8dE zexhU9nH2YTzLmv2YGtixt+mpR4pzonI5wcJ3ae0SUxp9TSy+e0tAh336kcRAbESVbDM vog46BobLSv3Bi36bHftNgVsqIn95dSzkTEmydgLEZ79QWcWnhj3/CSY3LRvARD5KSqe +PhBcKBcRr8sGExXufzqJOYCHR1Nrhv57FriwRmGBy7a14zgYM3ASCgtK7eWJzj0XzJX q5nCMvZYlthKIhx9ZZC4zaf4Ek7BpTe/61nPgpkRiSi6YEIoFZMYzZUQnDxIjy0wdOOf 1eyQ== X-Gm-Message-State: AOAM530oEU7dkMcY/z8E2FBLiHw/EKNVughsIRDkMs15LBcdnRXeKX60 SgEdNb9BPo93EYSKKhlTTmPHJVn0Mz+wNGXR9eU= X-Google-Smtp-Source: ABdhPJxLofLw24b6KvMkb6/9IfjRE3ce7HS8wD/+pToqpEp8bcshKcziZt+D/7ShfGQQfccqAkKGNoZFIxuIjeB6ZBA= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:2456:: with SMTP id k83mr938311ybk.415.1634149037711; Wed, 13 Oct 2021 11:17:17 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:50 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=979; h=from:subject; bh=O+PaBODm9kG+zFsWMVfjJTxNTAynccnVKijauL7nZZs=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZHb4In89UMhF2olHlFGx0ZeS0I2mAiB4jtqJV 2JFSlHeJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7lC7C/ 0Sbg2PtH7Pl511XtaTsCmo5QTlsiT11zPMwNMKZFjvfs+Zwl6eRCQuD+xiyyk4trIYyM5GQb3uQlSS YnvMpRVXK36rC1oommRCtB/94BDa2DvfQy7i86807BVBUH79CfVaGYHXckT8OP3tqaGnOxOvzVaT3F +X8RB8thB49j+gL4DjOODm5pzIlh+3OH+WjaLeHgY9sKjHM2uANWABcTHnJa094vL6CBoGx449aNZ6 +EUTS9HaqcL+t+8APLql7yjP6gR57DmzDAAskjz6gGv/64g/N3622JQ4XMV6bcgzohUIK5hIBTHUSJ 11VyzFRULvgWkc96JEQHHf942vLVMciwgiEz9vIOlbNQC7L75gwmLoWE+pPRfmpA6NvwAjy5e8sv8y ACaTfL6pG86uCqQortI9EWay8zCj2FyTcZdH8dpOnRoSmGTodcqdcBmADYh2a+dWKP5YoZKhNHm0g3 oL0rNliTUkp3ZAktvtEh3ZsFC7VZUML8ePWx6zPhnDZho= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 07/15] lkdtm: Disable UNSET_SMEP with CFI From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Disable the UNSET_SMEP test when CONFIG_CFI_CLANG is enabled as jumping to a call gadget would always trip CFI instead. Signed-off-by: Sami Tolvanen Acked-by: Kees Cook Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- drivers/misc/lkdtm/bugs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/lkdtm/bugs.c b/drivers/misc/lkdtm/bugs.c index 4282b625200f..6e8677852262 100644 --- a/drivers/misc/lkdtm/bugs.c +++ b/drivers/misc/lkdtm/bugs.c @@ -367,7 +367,7 @@ void lkdtm_STACK_GUARD_PAGE_TRAILING(void) void lkdtm_UNSET_SMEP(void) { -#if IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_UML) +#if IS_ENABLED(CONFIG_X86_64) && !IS_ENABLED(CONFIG_UML) && !IS_ENABLED(CONFIG_CFI_CLANG) #define MOV_CR4_DEPTH 64 void (*direct_write_cr4)(unsigned long val); unsigned char *insn; From patchwork Wed Oct 13 18:16:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556543 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8BD10C433F5 for ; Wed, 13 Oct 2021 18:17:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 729CE61151 for ; Wed, 13 Oct 2021 18:17:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238565AbhJMSTd (ORCPT ); Wed, 13 Oct 2021 14:19:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238621AbhJMSTY (ORCPT ); Wed, 13 Oct 2021 14:19:24 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC280C061762 for ; Wed, 13 Oct 2021 11:17:20 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id x16-20020a25b910000000b005b6b7f2f91cso4156892ybj.1 for ; Wed, 13 Oct 2021 11:17:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=zmv8JzbzBTLA62LcosQrTnF8inM4/ujL1RSgZDP29E8=; b=jXXnBJxv0b07/cGFqpGevnT1fh+20ZZCm23uU34BS+ygdeR3x+1nkPRE0KVCt2jR68 /sfFg0nXNzG7XAGbrJWaOVvFrygpeVVr0RpLo3kGyx3yNpLk9zTOrzyxhs1F9uC4I9CW 6q3ZZigb34tCL9VSIdGW/lRR/LRAoqEwzNVhPfd78Il8WS6seGvPUse7ePzREuFbMCWx ekEMjQxIoq55uKC1aaCKRhR8H9CY0a5x0Gxb9CVkgqVHzsL7FUAeUULOC1Mwh7gQzfCD /DcgpfktUC7ykZsfB4D62XngGhv6U4CmQ7j2C5rF3EbiQUsib8zrxHGdD/F0SUA/l7l0 LZlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=zmv8JzbzBTLA62LcosQrTnF8inM4/ujL1RSgZDP29E8=; b=lQnN8Pqr9Bb+qu69aoi5jUeh/wVihALuLs5635uY4H8HuHhM69CjJ48Zjr9MG3n1Jc wu/s7GzgXlg8qFkpucPRBLASNLKPEMKwHgRsmL4nvmQSHTAqdHWKozAHLeP2h0V4q4ZS glW1NlX0fhWS9FVGCcrNTk0a4r5sX+KcDBQWFMpbmeIuJ4rCMRIh/ZhsIiNM5ef9wg7X qVGxDpWOQEb6yU98Elttxu4xra3YPWJzEkIuJFp1akARCdwMnv7zaWI4/+f/QR/o8Rgf JeSn1yFXkXAwIarCCD1MIbusKVMCOvKSMz3Bb7pUrjvJQMd5M8/b+oJLOa2ihUrO1hQO Bauw== X-Gm-Message-State: AOAM531oPKJYrZ+aRnLvQfhwXUURWbfk0azkx6+G0oxKUzNXDVvMpnAe jtl3ZuQzeM0V52cPLclKRgMMlDsL/cEdsV3hey8= X-Google-Smtp-Source: ABdhPJwLTd5lpAUz47nTkqm8bIbmDw/6IEtZGq5BpovbEhi49oVmzIhQGeNKQ41jXqONzZubk/hG/YlyOkmKEICkhYo= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:1a07:: with SMTP id a7mr1138062yba.30.1634149040163; Wed, 13 Oct 2021 11:17:20 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:51 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-9-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1880; h=from:subject; bh=aJOu8QEazc9wzBvdGokAB4Q+ctVZ+8OLAvbNqeZO6o0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZXRzLEq7R5KD47cFm8izK9OsGJlkTRUagHLJP Bc7BxViJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7p1JC/ 4m/cUeByxF1jvj7RvWifYnVRReGToai8pyoAp0lJDh9RMTkI/4i7Ngbg+JpNKihPwE0DDQCX0B5m1J kultTTxkwkJD8me5ETr7WDcgA6pZVObTc43irlPQzfWRF1F/K8rjDhOZmDV2EL2lPyE2ha/NCoZJaD 4e6RkyMaHolk3yoKbg0Svz4sjEG5Ps/1uIB2UTOPxOe6BX7G4zZyrf+U+6kWHRIIV6Qm43Oe1R0x4v 3PqgxY+IAF5GJGNMrzQVIQyXkDflEdBnWDKB3olfp6zbboJLvep7CpZQpyCwjWnbFfX8K3jpcUrpwD HZSJqi34gmVWbntJszdl75zGrSchbbe6T+MMb/yconZwPY5QXxE4xbToCoVXFx/7/FU2+DSUz4K7wn 8NZ4eRbNb+jGv1NiL3Ix0iBsdee7Ep62U2B7khisjmNOO537rtsBg9U4wCXauiKYv0ZbkO2leRG6Ma e17h4J4Z868U9gqju5DLF8kMu6/5gSKYYPvX89GRK8VJg= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 08/15] lkdtm: Use an opaque type for lkdtm_rodata_do_nothing From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Use an opaque type for lkdtm_rodata_do_nothing to stop the compiler from generating a CFI jump table entry that jumps to .rodata. Signed-off-by: Sami Tolvanen Acked-by: Kees Cook Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- drivers/misc/lkdtm/lkdtm.h | 2 +- drivers/misc/lkdtm/perms.c | 2 +- drivers/misc/lkdtm/rodata.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index c212a253edde..35535c422939 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -137,7 +137,7 @@ void lkdtm_REFCOUNT_TIMING(void); void lkdtm_ATOMIC_TIMING(void); /* rodata.c */ -void lkdtm_rodata_do_nothing(void); +DECLARE_NOT_CALLED_FROM_C(lkdtm_rodata_do_nothing); /* usercopy.c */ void __init lkdtm_usercopy_init(void); diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 2dede2ef658f..fa2bd90bd8ee 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -151,7 +151,7 @@ void lkdtm_EXEC_VMALLOC(void) void lkdtm_EXEC_RODATA(void) { - execute_location(lkdtm_rodata_do_nothing, CODE_AS_IS); + execute_location((void *)lkdtm_rodata_do_nothing, CODE_AS_IS); } void lkdtm_EXEC_USERSPACE(void) diff --git a/drivers/misc/lkdtm/rodata.c b/drivers/misc/lkdtm/rodata.c index baacb876d1d9..17ed0ad4e6ae 100644 --- a/drivers/misc/lkdtm/rodata.c +++ b/drivers/misc/lkdtm/rodata.c @@ -3,7 +3,7 @@ * This includes functions that are meant to live entirely in .rodata * (via objcopy tricks), to validate the non-executability of .rodata. */ -#include "lkdtm.h" +void lkdtm_rodata_do_nothing(void); void noinstr lkdtm_rodata_do_nothing(void) { From patchwork Wed Oct 13 18:16:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AE766C433FE for ; Wed, 13 Oct 2021 18:17:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9369261154 for ; Wed, 13 Oct 2021 18:17:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238374AbhJMSTf (ORCPT ); Wed, 13 Oct 2021 14:19:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238557AbhJMST1 (ORCPT ); Wed, 13 Oct 2021 14:19:27 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66727C061570 for ; Wed, 13 Oct 2021 11:17:23 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id z130-20020a256588000000b005b6b4594129so4077577ybb.15 for ; Wed, 13 Oct 2021 11:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=0YPzvSu8I8z38cqeM0ydMzIYqYvG4tWb5eEYvqyu3ik=; b=RkvAQyq+pZ3aaeT6FZPkZw/0BNs5x5TU0gyv48FKfUOeOnTJJXLXQdWE6gThen+amf ExWPdLCVADq+eJ3Dcph7v+bTw+imLnx8NK+TlG/4BkYPwoD5sFQZj6PdBho79gRGALRs YJqRmPiHQcVFoJg4rJea1FpA1vjMPRNkvun64MKvmQrkx/b85rTSlCGmgRmi9yUZbaqd uj/sTajOvE8jgVJMtcLEOPzr4MWuMsn25E05zdse1JO64wmYFeE2LBo8Y5hip/lb+12s 9d+i/OalQrvRxVNdnC/V9FnESqGuO3nMeE/pVJV4XtWhxcSrpMQywviotV+Jc5GHdvma jVvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=0YPzvSu8I8z38cqeM0ydMzIYqYvG4tWb5eEYvqyu3ik=; b=mnIgv5N7Yh9QyIN/iAGhxBkHCRkCJe/LHb+ZjPMPR7tNSui6cq8wcJlJQspA+Jzfh6 s8snVbvBYq6dpvnhllrTBq/49Ku2RRPPV5+0Okc/N9PIEVx0AwR/9Ggz6LIJDSBsrHQj 6UHFAh6TU9qkRztJEKqOx1713LLSLuKdpnyIoDl+UCbwHlhUWtq1ZDqTX/F33Ty6ysk+ YWUQeiH89RAU0rSogWu6Zl4cZqybu7uMn01y0sTlTQ9c8TJHbNT46HxOu5qExCQOk4Ee tWSkHH48S4CmxdUxZyarqEhqcpJLZ3aCyCaqz1WQ+YejH68UKkgdqS9ZUSLXW0psguXI Z4fA== X-Gm-Message-State: AOAM5317iMTeGNHFgt4XPWPc1rfBd2rmqYcfFj2IL+SwxWv4fvxNIGIB g7CayrsWUucJk0avXB8pCRqm1HvXYnnOv+u+/Go= X-Google-Smtp-Source: ABdhPJwldmLbQTFpFRJzosSNvO++znxslvEH3dfW21scWkXBUDvveZBM4/KBIhW2HY98gYTvjoRazwmqzkXoPZ/7xjc= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:aa6d:: with SMTP id s100mr1038945ybi.331.1634149042588; Wed, 13 Oct 2021 11:17:22 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:52 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-10-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=12795; h=from:subject; bh=EwWqZ4YSgPpElhpO00hhOFQSZxR67So4Q1TnxzEfSc0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZ0TRxf3LVMFOxsCgHRQUhq0Te7ZJ2KWku/fzI yr9+OhyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7o08C/ 0eJV3XQuCWr4YchiXvisClZdbC7l398JZ3mkctDYfILcUIfstJ4lzSfbFjhphF3dUNo5WtJyv8tGaL sUmvtaehVUj0REmNq7Gt2Ti2rag/VaHZMcH+YKDpRe8q19c8OJHrYphoZ8ejsavR6MMQXy8Aw6+V9T mfB+Rhlu2gVnAfm4Ky3H0Jc1yygkCKKpUtaUFalJL30F1yhHBQBuJMQWAzZxWYfSssXNiyEm1VUJHb u8BPkuhtWLyaofaxo/2xihXKzfpfMNzB7jF8GDPnDVwo3CTD7lifpVyaI6Jgw/ga6w9m1Nkxeqx5hJ iRq1uh05iNTvl19APu4tJOGZRISMY50D5BabpVaSPWmgLNVLDS4P6CaA4k1VRfCVEiO72F29J2Gp48 p3hbbX9FxoOE9+uhvt5Z12IU7Lt3k9n+dXAUqsYShECUxcxSK/oV4dkFeTcmPLtFCZwKwDdR1dIqk+ R4CiM5ujooN+ORSpG/MaIXrvLDSeoTQKco5xxMf1xNjjA= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 09/15] x86: Use an opaque type for functions not callable from C From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The kernel has several assembly functions that are not directly callable from C. Use an opaque type for these function prototypes to make misuse harder, and to avoid the need to annotate references to these functions for Clang's Control-Flow Integrity (CFI). Suggested-by: Andy Lutomirski Suggested-by: Alexander Lobakin Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- arch/x86/include/asm/ftrace.h | 2 +- arch/x86/include/asm/idtentry.h | 10 +++++----- arch/x86/include/asm/page_64.h | 7 ++++--- arch/x86/include/asm/paravirt_types.h | 3 ++- arch/x86/include/asm/processor.h | 2 +- arch/x86/include/asm/proto.h | 25 +++++++++++++------------ arch/x86/include/asm/uaccess_64.h | 9 +++------ arch/x86/kernel/alternative.c | 2 +- arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/paravirt.c | 4 ++-- arch/x86/kvm/emulate.c | 4 ++-- arch/x86/kvm/kvm_emulate.h | 9 ++------- arch/x86/xen/enlighten_pv.c | 6 +++--- arch/x86/xen/xen-ops.h | 10 +++++----- 14 files changed, 45 insertions(+), 50 deletions(-) diff --git a/arch/x86/include/asm/ftrace.h b/arch/x86/include/asm/ftrace.h index 9f3130f40807..bc675d6ce4eb 100644 --- a/arch/x86/include/asm/ftrace.h +++ b/arch/x86/include/asm/ftrace.h @@ -17,7 +17,7 @@ #ifndef __ASSEMBLY__ extern atomic_t modifying_ftrace_code; -extern void __fentry__(void); +DECLARE_NOT_CALLED_FROM_C(__fentry__); static inline unsigned long ftrace_call_adjust(unsigned long addr) { diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index 1345088e9902..6538bf5a47d6 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -27,8 +27,8 @@ * as well which is used to emit the entry stubs in entry_32/64.S. */ #define DECLARE_IDTENTRY(vector, func) \ - asmlinkage void asm_##func(void); \ - asmlinkage void xen_asm_##func(void); \ + DECLARE_NOT_CALLED_FROM_C(asm_##func); \ + DECLARE_NOT_CALLED_FROM_C(xen_asm_##func); \ __visible void func(struct pt_regs *regs) /** @@ -78,8 +78,8 @@ static __always_inline void __##func(struct pt_regs *regs) * C-handler. */ #define DECLARE_IDTENTRY_ERRORCODE(vector, func) \ - asmlinkage void asm_##func(void); \ - asmlinkage void xen_asm_##func(void); \ + DECLARE_NOT_CALLED_FROM_C(asm_##func); \ + DECLARE_NOT_CALLED_FROM_C(xen_asm_##func); \ __visible void func(struct pt_regs *regs, unsigned long error_code) /** @@ -386,7 +386,7 @@ static __always_inline void __##func(struct pt_regs *regs) * - The C handler called from the C shim */ #define DECLARE_IDTENTRY_DF(vector, func) \ - asmlinkage void asm_##func(void); \ + DECLARE_NOT_CALLED_FROM_C(asm_##func); \ __visible void func(struct pt_regs *regs, \ unsigned long error_code, \ unsigned long address) diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index 4bde0dc66100..22beb80c0708 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -5,6 +5,7 @@ #include #ifndef __ASSEMBLY__ +#include #include /* duplicated to the one in bootmem.h */ @@ -40,9 +41,9 @@ extern unsigned long __phys_addr_symbol(unsigned long); #define pfn_valid(pfn) ((pfn) < max_pfn) #endif -void clear_page_orig(void *page); -void clear_page_rep(void *page); -void clear_page_erms(void *page); +DECLARE_NOT_CALLED_FROM_C(clear_page_orig); +DECLARE_NOT_CALLED_FROM_C(clear_page_rep); +DECLARE_NOT_CALLED_FROM_C(clear_page_erms); static inline void clear_page(void *page) { diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h index d9d6b0203ec4..dfaa50d20d6a 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h @@ -38,6 +38,7 @@ #include #include #include +#include struct page; struct thread_struct; @@ -271,7 +272,7 @@ struct paravirt_patch_template { extern struct pv_info pv_info; extern struct paravirt_patch_template pv_ops; -extern void (*paravirt_iret)(void); +extern asm_func_ptr paravirt_iret; #define PARAVIRT_PATCH(x) \ (offsetof(struct paravirt_patch_template, x) / sizeof(void *)) diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h index 577f342dbfb2..1e6b6372b53b 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -449,7 +449,7 @@ static inline unsigned long cpu_kernelmode_gs_base(int cpu) DECLARE_PER_CPU(void *, hardirq_stack_ptr); DECLARE_PER_CPU(bool, hardirq_stack_inuse); -extern asmlinkage void ignore_sysret(void); +DECLARE_NOT_CALLED_FROM_C(ignore_sysret); /* Save actual FS/GS selectors and bases to current->thread */ void current_save_fsgs(void); diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h index 8c5d1910a848..55d1161c985a 100644 --- a/arch/x86/include/asm/proto.h +++ b/arch/x86/include/asm/proto.h @@ -2,6 +2,7 @@ #ifndef _ASM_X86_PROTO_H #define _ASM_X86_PROTO_H +#include #include struct task_struct; @@ -11,26 +12,26 @@ struct task_struct; void syscall_init(void); #ifdef CONFIG_X86_64 -void entry_SYSCALL_64(void); -void entry_SYSCALL_64_safe_stack(void); +DECLARE_NOT_CALLED_FROM_C(entry_SYSCALL_64); +DECLARE_NOT_CALLED_FROM_C(entry_SYSCALL_64_safe_stack); long do_arch_prctl_64(struct task_struct *task, int option, unsigned long arg2); #endif #ifdef CONFIG_X86_32 -void entry_INT80_32(void); -void entry_SYSENTER_32(void); -void __begin_SYSENTER_singlestep_region(void); -void __end_SYSENTER_singlestep_region(void); +DECLARE_NOT_CALLED_FROM_C(entry_INT80_32); +DECLARE_NOT_CALLED_FROM_C(entry_SYSENTER_32); +DECLARE_NOT_CALLED_FROM_C(__begin_SYSENTER_singlestep_region); +DECLARE_NOT_CALLED_FROM_C(__end_SYSENTER_singlestep_region); #endif #ifdef CONFIG_IA32_EMULATION -void entry_SYSENTER_compat(void); -void __end_entry_SYSENTER_compat(void); -void entry_SYSCALL_compat(void); -void entry_SYSCALL_compat_safe_stack(void); -void entry_INT80_compat(void); +DECLARE_NOT_CALLED_FROM_C(entry_SYSENTER_compat); +DECLARE_NOT_CALLED_FROM_C(__end_entry_SYSENTER_compat); +DECLARE_NOT_CALLED_FROM_C(entry_SYSCALL_compat); +DECLARE_NOT_CALLED_FROM_C(entry_SYSCALL_compat_safe_stack); +DECLARE_NOT_CALLED_FROM_C(entry_INT80_compat); #ifdef CONFIG_XEN_PV -void xen_entry_INT80_compat(void); +DECLARE_NOT_CALLED_FROM_C(xen_entry_INT80_compat); #endif #endif diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h index 45697e04d771..96cf72d6b75c 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -17,12 +17,9 @@ */ /* Handles exceptions in both to and from, but doesn't do access_ok */ -__must_check unsigned long -copy_user_enhanced_fast_string(void *to, const void *from, unsigned len); -__must_check unsigned long -copy_user_generic_string(void *to, const void *from, unsigned len); -__must_check unsigned long -copy_user_generic_unrolled(void *to, const void *from, unsigned len); +DECLARE_NOT_CALLED_FROM_C(copy_user_enhanced_fast_string); +DECLARE_NOT_CALLED_FROM_C(copy_user_generic_string); +DECLARE_NOT_CALLED_FROM_C(copy_user_generic_unrolled); static __always_inline __must_check unsigned long copy_user_generic(void *to, const void *from, unsigned len) diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c index e9da3dc71254..1a07ce172667 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c @@ -530,7 +530,7 @@ extern struct paravirt_patch_site __start_parainstructions[], * convention such that we can 'call' it from assembly. */ -extern void int3_magic(unsigned int *ptr); /* defined in asm */ +DECLARE_NOT_CALLED_FROM_C(int3_magic); asm ( " .pushsection .init.text, \"ax\", @progbits\n" diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 1b3ce3b4a2a2..a73dfe7c430d 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -589,7 +589,7 @@ void arch_ftrace_trampoline_free(struct ftrace_ops *ops) #ifdef CONFIG_FUNCTION_GRAPH_TRACER #ifdef CONFIG_DYNAMIC_FTRACE -extern void ftrace_graph_call(void); +DECLARE_NOT_CALLED_FROM_C(ftrace_graph_call); static const char *ftrace_jmp_replace(unsigned long ip, unsigned long addr) { diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c index ebc45360ffd4..d3471c0e285a 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -138,7 +138,7 @@ void paravirt_set_sched_clock(u64 (*func)(void)) } /* These are in entry.S */ -extern void native_iret(void); +DECLARE_NOT_CALLED_FROM_C(native_iret); static struct resource reserve_ioports = { .start = 0, @@ -403,7 +403,7 @@ struct paravirt_patch_template pv_ops = { #ifdef CONFIG_PARAVIRT_XXL NOKPROBE_SYMBOL(native_load_idt); -void (*paravirt_iret)(void) = native_iret; +asm_func_ptr paravirt_iret = native_iret; #endif EXPORT_SYMBOL(pv_ops); diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c index 9a144ca8e146..91600a05b6fd 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -201,7 +201,7 @@ struct opcode { const struct escape *esc; const struct instr_dual *idual; const struct mode_dual *mdual; - void (*fastop)(struct fastop *fake); + fastop_t fastop; } u; int (*check_perm)(struct x86_emulate_ctxt *ctxt); }; @@ -322,7 +322,7 @@ static int fastop(struct x86_emulate_ctxt *ctxt, fastop_t fop); __FOP_RET(#name) #define FOP_START(op) \ - extern void em_##op(struct fastop *fake); \ + DECLARE_NOT_CALLED_FROM_C(em_##op); \ asm(".pushsection .text, \"ax\" \n\t" \ ".global em_" #op " \n\t" \ ".align " __stringify(FASTOP_SIZE) " \n\t" \ diff --git a/arch/x86/kvm/kvm_emulate.h b/arch/x86/kvm/kvm_emulate.h index 68b420289d7e..44c1a9324e1c 100644 --- a/arch/x86/kvm/kvm_emulate.h +++ b/arch/x86/kvm/kvm_emulate.h @@ -290,13 +290,8 @@ enum x86emul_mode { #define X86EMUL_SMM_MASK (1 << 6) #define X86EMUL_SMM_INSIDE_NMI_MASK (1 << 7) -/* - * fastop functions are declared as taking a never-defined fastop parameter, - * so they can't be called from C directly. - */ -struct fastop; - -typedef void (*fastop_t)(struct fastop *); +/* fastop functions cannot be called from C directly. */ +typedef asm_func_ptr fastop_t; struct x86_emulate_ctxt { void *vcpu; diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 4f63117f09bb..d52929ac70c7 100644 --- a/arch/x86/xen/enlighten_pv.c +++ b/arch/x86/xen/enlighten_pv.c @@ -584,8 +584,8 @@ DEFINE_IDTENTRY_RAW(xenpv_exc_machine_check) #endif struct trap_array_entry { - void (*orig)(void); - void (*xen)(void); + asm_func_ptr orig; + asm_func_ptr xen; bool ist_okay; }; @@ -644,7 +644,7 @@ static bool __ref get_trap_addr(void **addr, unsigned int ist) struct trap_array_entry *entry = trap_array + nr; if (*addr == entry->orig) { - *addr = entry->xen; + *addr = (void *)entry->xen; ist_okay = entry->ist_okay; found = true; break; diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h index 8bc8b72a205d..a8fbf485556b 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -8,12 +8,12 @@ #include /* These are code, but not functions. Defined in entry.S */ -extern const char xen_failsafe_callback[]; +DECLARE_NOT_CALLED_FROM_C(xen_failsafe_callback); -void xen_sysenter_target(void); +DECLARE_NOT_CALLED_FROM_C(xen_sysenter_target); #ifdef CONFIG_X86_64 -void xen_syscall_target(void); -void xen_syscall32_target(void); +DECLARE_NOT_CALLED_FROM_C(xen_syscall_target); +DECLARE_NOT_CALLED_FROM_C(xen_syscall32_target); #endif extern void *xen_initial_gdt; @@ -139,7 +139,7 @@ __visible unsigned long xen_read_cr2(void); __visible unsigned long xen_read_cr2_direct(void); /* These are not functions, and cannot be called normally */ -__visible void xen_iret(void); +DECLARE_NOT_CALLED_FROM_C(xen_iret); extern int xen_panic_handler_init(void); From patchwork Wed Oct 13 18:16:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B244C4332F for ; Wed, 13 Oct 2021 18:17:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 660D761151 for ; Wed, 13 Oct 2021 18:17:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238557AbhJMSTh (ORCPT ); Wed, 13 Oct 2021 14:19:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238667AbhJMST3 (ORCPT ); Wed, 13 Oct 2021 14:19:29 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2D31C061765 for ; Wed, 13 Oct 2021 11:17:25 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id j193-20020a2523ca000000b005b789d71d9aso4004244ybj.21 for ; Wed, 13 Oct 2021 11:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=lL161ulzwVpOLIiyInhGTUWjQJeC/JgvEHFDwGDnedU=; b=OFH+RtztT4LKZGpjFxg9u3A/b8A/gDFoPIVZ3haK+jHHcDFThDpQ81L5dEKrZaxGGY RQ8z4tFYZs7Y8a7I5bTdCPrEmA13+spOpmFoe0DtL/PYMFKOvGfJTI9iTm6vBZNIuE3q TSr4Z+jHT8salyxjSIFNhb12RSe69FNLBosGRUlwnXaeal6sjzHcSyxoil8VaYuT0UCO 6BoAbuTcCrBwvuiP4oqeUjvoCGlEGOGj8ZVl57GpqDMc0ueMXDtHFsaZGyDUsSNqIHga vGF6kxtOOklpQNLuOjOZHdnyn2Ng7d8/9qooe4gz2KfdFeeaDlmpgV7geeZV6QpoCtXC EsyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=lL161ulzwVpOLIiyInhGTUWjQJeC/JgvEHFDwGDnedU=; b=SyTHCAzpvDJiAyfCfvQ/QRhlNgIaU8/7yjF9bPpPu0irJGZcDBk+BM0AWmw49kZGrq ySpotqq+EFCE+CM395yw+TStErfgnoDaikDSoExJJwObzQxQFqFq2ODwq8nng0f7nf9D c/zQttyh+lCgrHyEoYDuuOx4HpHEAkZod2t4blREfOJFj/mLujo0ugCNEaeaq/qwpyJ/ SPwW8FCQMCKrdAB6KjVMEBIByWoxt4ah37y1HafUw0X2yNCYijInGPUt5Dy7Wsay7w/Z A7h5ah8cBMm3aIsOcVJp55n51Ki9LZokvzttXwKKrk7BxEN8vIj+gKGMsKcZHnLBzmye TpXA== X-Gm-Message-State: AOAM530XwsHgl2F0e3AfvW7lSeysc6x52qRV9giwU9hlhtAUJdWzaegy rRE7FVDiD0LqE25MFe72WEabcphdNAs5LyNMhA0= X-Google-Smtp-Source: ABdhPJwhYG3rqaRH/lwPQoXA3iVL1GGdO06f7u6Fv1gOf+z40EXeD6MnAt3rCT5yM/P3iA1WeZpKwDVPduQUNEDXs1E= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:bacd:: with SMTP id a13mr1100349ybk.216.1634149044930; Wed, 13 Oct 2021 11:17:24 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:53 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-11-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=868; h=from:subject; bh=FytOEU/o+5YY/23C9OnxYawqfdnsBa9l99avSRS3UMQ=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZ3wUeZRICTWvqz+5tX7enGcxOiulLDncxN782 C5imk3WJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7g8BDA CfQOpJaURms6+ukYXYN8NRrGNVO0v7udElJBWI6Fr/puTtac0gu0RDfwnabwKlgFqXahBQACO3QckH Fm1CixyTfUaBTwHAh6IqrsEY0HPyH/mkWE6n0GzBeC48AZ4pHI53B5cP6Dm9CBd24SfoYYKQY1fCUG Q54gCr+hHGoh0xlj370a7yiCsRMJLhkISnDJinh32xIEiTaFR8S7z095+sYIPbkyk8idyt8sPgsstG +u7COVATax5IoMLybwEy7wFJ0mJjFIhC4JFCY8LvGyyZMjWK5Y4FjLmD1YbynZ1eTlMmq8/l1VypHK XviQgeMOS8og6i3GT6eBBphz7C4weOfTpbMgMiMCK+9nzEzwWi2vVo77xKmdJ940pR3F1PBzLxboB/ gS8EvfZ2Goojz5yRT0buuzcLwjqFO3VPkjTo/IplXmAZ175rp/1TWfEe2I8QNcOIc5EIB949XHspP0 3xKBLpIxUMCav6tY9chMdoowy7wNBH++YQRyz76T6m/+c= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 10/15] x86/purgatory: Disable CFI From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Disable CONFIG_CFI_CLANG for the stand-alone purgatory.ro. Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- arch/x86/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index 95ea17a9d20c..911954fec31c 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -55,6 +55,10 @@ ifdef CONFIG_RETPOLINE PURGATORY_CFLAGS_REMOVE += $(RETPOLINE_CFLAGS) endif +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) From patchwork Wed Oct 13 18:16:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C296C433EF for ; Wed, 13 Oct 2021 18:17:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 08C536113E for ; Wed, 13 Oct 2021 18:17:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238794AbhJMSTj (ORCPT ); Wed, 13 Oct 2021 14:19:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47230 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238606AbhJMSTd (ORCPT ); Wed, 13 Oct 2021 14:19:33 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 28C47C061769 for ; Wed, 13 Oct 2021 11:17:28 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b197-20020a2534ce000000b005b71a4e189eso4142692yba.5 for ; Wed, 13 Oct 2021 11:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Bp3ABDDgGwr3SY/OCgowm1/nKIVkQbAiUY3zLKH0TlA=; b=CwWuzSnFxrYxEv0Fp0YrTp19JtWf77FbwTQs8L6Nkq3+pVyvBV6Y7QPEsV4mh66WIJ mR/qFptNy+di87Blo3ChbU6zgxgRrj7Z9QgbTzO8JRwasz0FjtzLNyxKj6fq1/SYgahX AE902txzN1yewvW/w6xkX8STZqWyQ/QDfgsZtzy2dRyN9C5LVjYpEMaz5juQcvrD5isX r8lgww4TUkpAlXEVscYQ+eS4wi4Dx/i/67gPRrS3cfHzDueXe+G76IqdqgVR0wEkXqL/ JRiZRTMSjicfTL9n/DXZNohwew6sYwqugUv7MhWLxXbCtMm7EFHlrGVES7eS545f+za7 nlig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Bp3ABDDgGwr3SY/OCgowm1/nKIVkQbAiUY3zLKH0TlA=; b=UKoO6uIdxSXw0b0djig5CZPVA6q4lt9aDc53tzLNguUwzi+phJ+coAdc/vNunrmmfy CZBzWyzP+4KZas08oOi3CscHpDu+uJomqNFaedfQzahw8UVEfV1thzVxul2anlZ9ook9 GbQrYNEXZet327p81NWjaHQQHdFbSRD80JksGufm0i4eQKFr1/iN2WKmKEo+UzfdUKTm gjzSvYHI77UXXLjM4WYVKO2/uCZqm+sgGTH5+AfkQvssPqwSxOdnRAS778GvDPzBxz8s rqt8ovbwGVp7ndCowcU4N6opx9glyzCZslktoek375rjQYcytkeFzqC5M24F4Vf6ZMa4 lS/Q== X-Gm-Message-State: AOAM530tpF9Qfw1FKWZXH3SN9eEh4nHbjZYsdCPAWqtNwBRUZwXArP5r WLkIIqu7KAhyic8XEHnRma9rZjQbFCqam2V02gI= X-Google-Smtp-Source: ABdhPJzoR3GLOEpEKtTU8VGRiZfNb9xCjpMaPAcosv/2rRhjgnQm0qVaU7QQM3DX8l9jr7DGuPM3D9dR8KqT+B895sI= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:2a91:: with SMTP id q139mr1022079ybq.146.1634149047393; Wed, 13 Oct 2021 11:17:27 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:54 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1274; i=samitolvanen@google.com; h=from:subject; bh=BaJ7/ZIJcIP+wd0i0W7/Cog2IQO5qIM0klmqJZMRzdo=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKZnAo7lb91pIF3JG0Qog3RUnHirC/3yX5EkWqC 3Gdl6pOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimQAKCRBMtfaEi7xW7hTyC/ 4wtirzSzsYbg5wzUXWYXKwI7/yzC/KMDsWGtxk7RJ9EdvTtBMMXtdGUJ8crX7rzHuJOYTU3MANPFGg NZEspwGqDQhBDfsGnOBcdptcfiJBDl2hl6/E9ekRPjeGf6vE7R+yQ8Tr2sGg5CvmKwiSP2tV8TvHiD YUPNTS1o+xdNtQibQGvz1tVqaFLbtmdqiL0oFE+sKP+17cBqJEdny+19LxSRX8T6I/9ofamEuzMWaI KFbfZB1VLYAc11GhDd9muu9loYxFA56z0rpX4uUEI3M24kCHp96V+eD9oB4ATydGi9/6JVCqy2kLHT raxiUboQdJbySP9CpuqRtkDkTv9mbsLhxzSN+VgI3PDg8P7ghvHHqEdsz+6aa2e/SFLBURmaA8VFXo KeHFvN3tQu6AkVQLbXcJJCj6Cz0fU0aszDyOnO6uk6QomHiiwXjVVdsxdulgwpDpJWpGMwaAmQaeVW PlLB6WoktALL9iT5B8BKKIZ19h7zxGHjY3iuk3uPcqxZA= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 11/15] x86, relocs: Ignore __typeid__ relocations From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org From: Kees Cook The R_X86_64_8 __typeid__* relocations are for constants the compiler generates for indirect call type checking with CONFIG_CFI_CLANG. They can be ignored during relocation generation. Signed-off-by: Kees Cook [ Sami: clarified the commit message ] Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- arch/x86/tools/relocs.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index 27c82207d387..5304a6037924 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -51,6 +51,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { "^(xen_irq_disable_direct_reloc$|" "xen_save_fl_direct_reloc$|" "VDSO|" + "__typeid__|" "__crc_)", /* @@ -811,6 +812,12 @@ static int do_reloc64(struct section *sec, Elf_Rel *rel, ElfW(Sym) *sym, symname); break; + case R_X86_64_8: + if (!shn_abs || !is_reloc(S_ABS, symname)) + die("Non-whitelisted %s relocation: %s\n", + rel_type(r_type), symname); + break; + case R_X86_64_32: case R_X86_64_32S: case R_X86_64_64: From patchwork Wed Oct 13 18:16:55 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7077C433F5 for ; Wed, 13 Oct 2021 18:17:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BD41E61139 for ; Wed, 13 Oct 2021 18:17:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238870AbhJMSTq (ORCPT ); Wed, 13 Oct 2021 14:19:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238732AbhJMSTe (ORCPT ); Wed, 13 Oct 2021 14:19:34 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FAD0C061762 for ; Wed, 13 Oct 2021 11:17:30 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 124-20020a251182000000b005a027223ed9so4021712ybr.13 for ; Wed, 13 Oct 2021 11:17:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=FUM1v4YB6XOXHq0iVVCQLmH4e/+1fH3L4oj9Aiz71+c=; b=cJ1RW4v4aCr+KHTpjNE9nFrgs4HfHet0ukJeIU7uGGP5p9ejwQrOEsliCMYF9FKBIs RciOUaBAZ9CtvoGSa2YuBuvl0bfAbmM0uLrYQVCivLHH1SzaoWyVsNGXEIiHk6hkogY1 nXctVqDcoegt4qKvEegPTWrk28NhZ+lq2OskyVVPMK/ftAMV5VwkzrbIWFt+iQjEgyTe WvbZO+asrN6dpO49mQaalvWHsCWOmuTkYbcTbDmKaPlOltFN5SSfkIeQFrZDe5MazJc8 32dULY5NTK5IykULt4XohX/ptg+q+LZ+8IRtXytJLex7ZVaGGinB9W6CbsD9sANzVpwN NOng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=FUM1v4YB6XOXHq0iVVCQLmH4e/+1fH3L4oj9Aiz71+c=; b=nQfp7aSrw05N/TvEZE1KZIJKXlpe5+sTHgZjF+cHSh1oonb7TrN79lDIGhsPby9b+o tebe9sJxOWGyXBJrZ/oDU+jzWRTbebnB5YlfT0+F70u4MVS0NtKRi5oFKRrCemdUBaAe GgZ0PqlXb+CE8wBzTzmy04hGVwNxrPZ2p0ymY+Njmpi/gTeaHtQ6XSJadJMa2ou2Zy7L 6M4Oqxr/+WwnLNvj6HjUbzN30Q04cRLJwKPkpjSgRE3kJC2uPrm4ptVtsT/oH7ZPB1dV seuJ/ikRX4npWmlkAsLsFkd9MvM5I8yzgs1sfaeYT/tYn1ZeEXQqLsyE/ZbT1lsYBQ0Z ymYA== X-Gm-Message-State: AOAM531ASpOdG1sRg5xU415KjAP12+hE/MQ6BhdteLElJTcfi6n2DifY Ww4pNJiokKuKicwNVG3ixQIGUCgmIfNi5ij9C60= X-Google-Smtp-Source: ABdhPJzEaDja0J/kqrarjfqGPyMXP2WPI/KPS/LGkqwt9jFxz8/AAqr2O4bu1tJnuUjHgs+PlSzdMs9xiMmwlcVbC4Q= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:5044:: with SMTP id e65mr914919ybb.57.1634149049705; Wed, 13 Oct 2021 11:17:29 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:55 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-13-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=979; h=from:subject; bh=dUwvm3Vd/5iEIjZYz+BmaUIzxp/ot2yfAHfQNEA+kUM=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKaIwdgCVuE1IB6wwvqmWNbh+vVqAlev/QJV73m c6jvmMGJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimgAKCRBMtfaEi7xW7msKC/ 9Bl6p6NCMyrV45qX2+L/0+XGMXCRfdOX68muhe1EoKDv1+fByHvxCtLgerfyCudZ7URTfLBME/ZnTD zl6u0n+N8gANWaDZleltiMEz1hQHPk0VlMZA+dmD+e8q9NFj8yTOX+gdEcDw0UiNmw8CNL6HUUSyG5 b2gREsgfpxcD1AELTfurUXi96HkTeXXvl/eyWXucGMh87gHRkDMOkAz9QN823Gg6kfR0wGjDckyss8 dXQrVqJ6XJuwRgr26EXZbLQBe7HJWHq+gXME4PqET7xqp02joqE0j96xPZq6wVHJxQDsHEMRF8RBBz /HQ0r3SEHdSxYW51OoKzO19aswKqAb2Pz9op1ZdSY+u/PFOTIK1fYcMtHT+EQoI6GIuZ9Q1ZK76KTc rebN6zRrpGYSyU0vcA8+SSkVOZBD3K33QrHj1tGQUhaHAuO4Y+YS8rwQuXyrXKTaq2uUCasy/JeuVM htEWYPcnOHQ00htlg7Rfdn9f4tQ1OQiJOevLNaVwDokLA= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 12/15] x86, module: Ignore __typeid__ relocations From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The R_X86_64_8 __typeid__* relocations are for constants the compiler generates for indirect call type checking with CONFIG_CFI_CLANG. Ignore them when loading modules. Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- arch/x86/kernel/module.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c index 5e9a34b5bd74..c4aeba237eef 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -197,6 +197,10 @@ static int __apply_relocate_add(Elf64_Shdr *sechdrs, val -= (u64)loc; write(loc, &val, 8); break; + case R_X86_64_8: + if (!strncmp(strtab + sym->st_name, "__typeid__", 10)) + break; + fallthrough; default: pr_err("%s: Unknown rela relocation: %llu\n", me->name, ELF64_R_TYPE(rel[i].r_info)); From patchwork Wed Oct 13 18:16:56 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 63151C433F5 for ; Wed, 13 Oct 2021 18:17:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4D38F61139 for ; Wed, 13 Oct 2021 18:17:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238897AbhJMSTr (ORCPT ); Wed, 13 Oct 2021 14:19:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47212 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238760AbhJMSTg (ORCPT ); Wed, 13 Oct 2021 14:19:36 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0724CC061764 for ; Wed, 13 Oct 2021 11:17:33 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b126-20020a251b84000000b005bd8aca71a2so4115817ybb.4 for ; Wed, 13 Oct 2021 11:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=NLRoIZHIP07xVaQxZ/Th6ra9+3RRZlDKsNZoVY8HRkw=; b=sQ9nG9JWWa9Mn97zg9W9ZToGFaIJ+2096eP72oFROHBdWmdU++QLmNkakZgzAhGzJI l6VU4DnehIZi61j+bqVrQp6NIU4IOVz+4lFXgddoeQjjJSQZaY4Edt+/4VnpBIfo5p2z ij1YdPs5vzTPQbblRpk/dLZ3/7es3995ybY4KCiZyqsh1kcsvvqK9dJudhqjOG/NESe0 AkhoTR8IwyxPR3LhIcRE1AfA4c0IjmquY9kD0B25IuAhnttXbEHgTDC5vlogLV0M93AM 4xOJeVFJN8JWaglbFKxv5w7Ttx8GMWD/b9W/6V14TuRAWP7OiNnlijLg0oXPHz3Tpnsi Wu7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=NLRoIZHIP07xVaQxZ/Th6ra9+3RRZlDKsNZoVY8HRkw=; b=LN9TKXEquZe7e2u9I6p9JLaqEgro3YqXTPfeVCmmPhgv9eo63pUaSNSh4bsMMcBQ3O kj2O8/3EbENoHd3gLKFhz3OJ8SRadHlLOO1EaebzRefSMNTXl2aW6uO9cZxAZhEhay2G DhmHLvq6GbU3yER3uJasPbmXfjH9W5mHzavmb5iBNJyG0C/kXYUyIxjeqsUt6pyGK7X4 jrg9Xk1RUGqtBDfytWIhX0pyIAMD/UFge76dmZvtEnLJDUA0sQ6aLGV1rN85rg8+Qfu/ ioEXaFhjlvSWeYWfG8wHsiPbpUSmc/p+xaWHZl5RNU79sedfzLmmmuT5RIxnkGJH5wQV gJ8Q== X-Gm-Message-State: AOAM531jk5lEXDHpsM6TpcSJrVOb4ggujLJ5bvSzUyii/1MW7QL/+73p 7cSwATiPpMbdj5ycUDRwYzA5LeWRTVt62M2PYyM= X-Google-Smtp-Source: ABdhPJxxwA0QAFoSJFmxMJVo9O5lXkV6PkXGEUhUNY0e3KZZDPZAgK5Eup8ThmkRmda4JlzpF43HiVY2FVug05najQ8= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:b790:: with SMTP id n16mr917302ybh.395.1634149052151; Wed, 13 Oct 2021 11:17:32 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:56 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-14-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1165; h=from:subject; bh=cWgW7c++4rTsWL5fNfmGI8mvplNIrZThQL76GT9fg04=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKaCYCUH7T+fWoNdx2QCDRdr+KfWhTjVE/9EB9M oD6hwNCJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimgAKCRBMtfaEi7xW7qhXDA Cc8MvkJ9dETn63gZb8T2sHkjmWGrk7/WGznHUsqwmQG+VZA5JcCeAh9+c5wesuJXP9BqacwjdRKKSj 56XBWu4BovM5i7dniaLFJq179rRY9/YlknjUBgAR1sMDvpHbQM0wYBlTSTsSwqXgM2rUulhLu2H9+c TbjBHDXtalxCYUpP/wQgDOFX7J0PwRpHUb4hGKfFuf51FaLAOQzNscIT0JPD9DZ8KMS4tVwR1Ulziv xPJQ1REeLX96kOtZq5doOqPR6h6EWpCs2SnCiTdFCuFNnfwxJoLpFZlL3JGQTDhy8SlIZygC/SN5rD 6FASRz6UJdPQ21fZNHoRizyKcPIE0Iec9NimvjSTAkOv6N/h/+WUTc5Bcgr/hM/8uJzEuIuf0iCGUO 5PVAb8WHGpPCH/GhTfKy9a1qeufVESBFH+hf3G3l4PqhLaM0H6ee1eXG92/lQ8gmBuDVYuqmenjL+R UNmMhCzNAsGzLX49wnTGk7jqkHv93ooYfVDgfgySqKF5A= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 13/15] x86, cpu: Use LTO for cpu.c with CFI From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Allow LTO to be used for cpu.c when CONFIG_CFI_CLANG is enabled to avoid indirect call failures. CFI requires Clang >= 13, which doesn't have the stack protector inlining bug. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- arch/x86/power/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile index 379777572bc9..a0532851fed7 100644 --- a/arch/x86/power/Makefile +++ b/arch/x86/power/Makefile @@ -4,9 +4,11 @@ # itself be stack-protected CFLAGS_cpu.o := -fno-stack-protector +ifndef CONFIG_CFI_CLANG # Clang may incorrectly inline functions with stack protector enabled into # __restore_processor_state(): https://bugs.llvm.org/show_bug.cgi?id=47479 CFLAGS_REMOVE_cpu.o := $(CC_FLAGS_LTO) +endif obj-$(CONFIG_PM_SLEEP) += cpu.o obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o hibernate.o From patchwork Wed Oct 13 18:16:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556555 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B2C5C433F5 for ; Wed, 13 Oct 2021 18:17:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 320AE6113E for ; Wed, 13 Oct 2021 18:17:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238686AbhJMST4 (ORCPT ); Wed, 13 Oct 2021 14:19:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238777AbhJMSTi (ORCPT ); Wed, 13 Oct 2021 14:19:38 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05A74C061768 for ; Wed, 13 Oct 2021 11:17:35 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id z130-20020a256588000000b005b6b4594129so4078145ybb.15 for ; Wed, 13 Oct 2021 11:17:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=4Xp81G5gu+GVQC6nDFOKXKxKiHI1/VWta4gwSbjLNy8=; b=lYVdwZp+WUP+p7kjwZi3YG+l5DntTZRPJ2u0QYLrbQeGMwJlDILX5sMscVRVcyQgRU QYIaGEJbDrdrkCXHSB8QLScHi4LISaBgJL5rMHiErMgk7JionKq5V4Pi2b8AMAe44uYY mSg+wC4qohxA1DzHfnar9vyp4IgGq04qZcHWN/bAetbs12V84OWeid44X0WUluDqUTOQ hG4Xb7v6FhLfCRzLwYvk+tx/AO8gW1QTDSxonUXNcfUqTN4HfsjH6H9dKSu4dg0EOtmn LZRroCmn0D5yg5XtUmXUFTCiDPXuUCski7zrptT3RyoHk3HcBNIaXdAzd0V8ibCWDrm/ fR8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=4Xp81G5gu+GVQC6nDFOKXKxKiHI1/VWta4gwSbjLNy8=; b=r1Nf3KdFcsYEAwZxxl5cOc5Ko2KVJb7+GywmPzjQ6/uPXOfP7YZz+1KM/AP4H8dZHB Agg3I10qs3u3pGcnXLr61WlQglN9QAqOBsN4qRDTHcmBhfO9cPrlxCjwGg6GPrI7zQOc 0vFHbmxRMsuoPdV3vmhGSBoVhy+yAypzw51Y5PmXxAouvrJsPnIv+Y8BBgEv1wPSkwB9 QXZdvVNRywTab+tVNgyRol0JZssuNlI7YNMAHpS33okoQ4RKYN0NhWC4uRuY9OxryBxY 8fZqy5HnA7331jDDGEL9gQOVczbRHbs+OyFUoPTvILQRRB8BdrV6NyFzhgi+juXjhoY2 o09A== X-Gm-Message-State: AOAM5336Ifqz/uHbjogbfJPDut4vdPsNWIl+0BzoboOw/jVh/KVBJdyB alak3lgnXNR00hlEjO++G3R3I2FwHhZpRTCDXew= X-Google-Smtp-Source: ABdhPJwfOX+06p6IWXOO2fyionbsLW/uPZ3rJH/DQZhYPquzPNHFEqW+3Af1FidHpvBclmfhJoQleHN40gKpi9FbUng= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:a25:a089:: with SMTP id y9mr998734ybh.474.1634149054240; Wed, 13 Oct 2021 11:17:34 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:57 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-15-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1741; h=from:subject; bh=/pDfN4tCkwWT5Z/C8RPpxpsDI4YiDV/Z436g/w8+UyE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKaMymlHFFQPJvWCB2V+lErjUmlnn1iBJYCBoQa oblgBRuJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimgAKCRBMtfaEi7xW7oHdC/ 9MrKLp0CtcToPDhWw+aY9NAsfBzIC0bTwAuCDUIVvP7ya3YdaC7ArJtJrTIcuEhoJkbvyRQhYf9sLF NHIbeEs63iMVP9eo1hyZJh2n21vIyVLr2hZCTKMaKDnvwCoXHJmka/ZWnlCp2dcZwb7SXNI/C+2Jn9 uoxMqqBFkg0dDrin1EDCfxsbOjjyVsLdp4rV0Rj3ByH21+bBM4dukk+HJHSUfWcfgys75A3Wj1nFEV JI5kRiSelHD1OMpVUKEFNW1O+ld4UAmE6SCbVk1y1O6U/6csLeiTG0TYwQeqUHzctwWfidE65Xm4wI FhK+23zt5GFpmpejHlIzC5qYAY2lSdt9Mo2qVwy4H4R6EWK6tbmz+YHXRhKl2NUXOd/zIdmtOsoM1b /+TtR3EQUUJlN8X5iUkXFUSjI12eL0eU0A7YPnf7PQo8wvDOflbPQcQPYbuPDkpYOzJqRwqKeJBQUG erZ7/C4jOv53BDYZySy5jJl2vQY9PUGwog7UhwV29fpWM= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 14/15] x86, kprobes: Fix optprobe_template_func type mismatch From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The optprobe_template_func symbol is defined in inline assembly, but it's not marked global, which conflicts with the C declaration needed for STACK_FRAME_NON_STANDARD and confuses the compiler when CONFIG_CFI_CLANG is enabled. Marking the symbol global would make the compiler happy, but as the compiler also generates a CFI jump table entry for all address-taken functions, the jump table ends up containing a jump to the .rodata section where optprobe_template_func resides, which results in an objtool warning. Use ASM_STACK_FRAME_NON_STANDARD instead to avoid both issues. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Nick Desaulniers Tested-by: Sedat Dilek --- arch/x86/kernel/kprobes/opt.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c index 71425ebba98a..95375ef5deee 100644 --- a/arch/x86/kernel/kprobes/opt.c +++ b/arch/x86/kernel/kprobes/opt.c @@ -103,6 +103,7 @@ static void synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val) asm ( ".pushsection .rodata\n" "optprobe_template_func:\n" + ASM_STACK_FRAME_NON_STANDARD(optprobe_template_func) ".global optprobe_template_entry\n" "optprobe_template_entry:\n" #ifdef CONFIG_X86_64 @@ -154,9 +155,6 @@ asm ( "optprobe_template_end:\n" ".popsection\n"); -void optprobe_template_func(void); -STACK_FRAME_NON_STANDARD(optprobe_template_func); - #define TMPL_CLAC_IDX \ ((long)optprobe_template_clac - (long)optprobe_template_entry) #define TMPL_MOVE_IDX \ From patchwork Wed Oct 13 18:16:58 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12556557 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04862C4332F for ; Wed, 13 Oct 2021 18:17:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E337761152 for ; Wed, 13 Oct 2021 18:17:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238776AbhJMST6 (ORCPT ); Wed, 13 Oct 2021 14:19:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238822AbhJMSTk (ORCPT ); Wed, 13 Oct 2021 14:19:40 -0400 Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4E94BC061771 for ; Wed, 13 Oct 2021 11:17:37 -0700 (PDT) Received: by mail-qk1-x74a.google.com with SMTP id l27-20020a05620a211b00b0045fbe374e2dso1259808qkl.10 for ; Wed, 13 Oct 2021 11:17:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=odWUCzELK8O06v4rgAnqn7QfSrw6bcxGsZOkEiE3yxs=; b=T8mfk6a/BVjhAIm+TTzj9BsOJLGtqn7Xmh6TnxguTLqc5eksMPiI1rRsouAKOAZZEv 9IZexIvnVbZIwtmssMcG4cUdKaEQK4iU7BoaedaOfRdSlfaCmRCCk9okijggE4F8VMIo iyhu6MKyD0MAOFapZirwpCKCsp8VCuZ2s5BwOjxQhhAEQRaSEVl0cBQzQGlWNzcMujGd h+Ji+J4E/uyxkjWTn+nroxa7yw+WIUlT286H0tkblGSlnVtIIughgHwoNOyjDqYArutp uJye0tk9chLAQBr2hXgjiwWYlTVFnFjzh9vatF0kyYiDs+ikusjXkJFaeBxyH/ZZ5z0V ewkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=odWUCzELK8O06v4rgAnqn7QfSrw6bcxGsZOkEiE3yxs=; b=Q9Vw0WI5Y+4U9t1zSiu6lrQtKPZaSqRalgRGb++xHKMovMesAXJdXjyu+haNvhAVG+ Yd9Tqvnb6FxG4DLUSbXBZSmyJPK8lqgQIv10nUKfPyVCiKbtRx6LdioNPsOZhkxIImMy 050OIV6ziH2Rq45lpi5kX72y7nD13w84Q5+xk3adrUf4Dv/XMl3Ub+/cfoVvMVjMUXra o2XiapDt/EMdSUCEvff9Jw63zv0+NN2sEo3DdcD9TWxskVo6Rw1nKJQfcTI4B88JxsBN raT5xgSZoClIPKHwT6BeQMYK1HMVIAdJf/MCI3IEnJqje0FGwQxUGeJ8v4i2mmX1u8+H bn5g== X-Gm-Message-State: AOAM530xuRRM7sMsbUxA3a6PeLBLXDv598dN46tJ5JhoZCSnr6rFe/nb HWGRbQY29Z/Pzukd6PWT1MUFRg89Xr6EkgrQxYc= X-Google-Smtp-Source: ABdhPJzoBvz9uRB/5XtKrSVxidJedwzVIrcBFBa2Xmp+3T3pEjgWjxcC5FxihILY6d8dZXKASllMZp5d/IDEIRTFg/8= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:9ea6:6c27:1876:926c]) (user=samitolvanen job=sendgmr) by 2002:ac8:5ac9:: with SMTP id d9mr1078571qtd.136.1634149056447; Wed, 13 Oct 2021 11:17:36 -0700 (PDT) Date: Wed, 13 Oct 2021 11:16:58 -0700 In-Reply-To: <20211013181658.1020262-1-samitolvanen@google.com> Message-Id: <20211013181658.1020262-16-samitolvanen@google.com> Mime-Version: 1.0 References: <20211013181658.1020262-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=864; h=from:subject; bh=0yCPcS9wePai6S+o7jrbmHmxOFPxYhJtUyM9GzzoYQQ=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBhZyKaXaEzVzl9BeZkACcM57288N9ZbVGe2BZJRDPU Dg0io0SJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYWcimgAKCRBMtfaEi7xW7j7KC/ 0cVPke3fQulMZ2+Xd7Hy7IH1S8JKE4lOZ14lgY15tXviG/OPlovK/8knZaeX+9fpJluEu+X805OC9S RB9Mbe7PAvEkNZ6Wtc/I9OGTusZBobuUUjGGfap8/s0OiJA2zfUyP54CgTZ12Z7+F3BFt6kmSdihAx oySFFednh0yF/kOba641U3nLXqhI0kJdEDwnFI4VGyI5GmxOMq0P+mVDZpAXeu6k6NxllhDEfVfOvm 0RqjG15tpRa9o3LdldCMr7GDseLTw5M6CT2TF2QxG3H5/oKK9uz2CEpUtIKlG0RIP5yqMfD//q8Whs g5fviSHDDVj1SCrVMFrcuamfjQ3ETPl7qAaLNpMxLrwLxkI6RpvBLKGCfMCg6YPWNNHA4KkgyuZwpS yO04Vpf7/oKpl8qqa8GhsadQYiUIqGrfbaI2sR/UKedwHvk2TG00yjDXzyh1TeRTDMT4HuKd5SAqKJ mNL8WdNDtpbAzwMhrXNK3DAFjvNLS9TnVIFw7FpLjOlIA= X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog Subject: [PATCH v5 15/15] x86, build: Allow CONFIG_CFI_CLANG to be selected From: Sami Tolvanen To: x86@kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Select ARCH_SUPPORTS_CFI_CLANG to allow CFI to be enabled with Clang >= 13. Link: https://bugs.llvm.org/show_bug.cgi?id=51588 Signed-off-by: Sami Tolvanen Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- arch/x86/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 47023166fb7b..1f310cc4e344 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -107,6 +107,7 @@ config X86 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 select ARCH_SUPPORTS_LTO_CLANG select ARCH_SUPPORTS_LTO_CLANG_THIN + select ARCH_SUPPORTS_CFI_CLANG if X86_64 && CLANG_VERSION >= 130000 select ARCH_USE_BUILTIN_BSWAP select ARCH_USE_MEMTEST select ARCH_USE_QUEUED_RWLOCKS