From patchwork Fri May 13 20:21:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849358 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3DB7C433F5 for ; Fri, 13 May 2022 20:22:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384091AbiEMUWG (ORCPT ); Fri, 13 May 2022 16:22:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42716 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384108AbiEMUWG (ORCPT ); Fri, 13 May 2022 16:22:06 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A98F6153533 for ; Fri, 13 May 2022 13:22:04 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id j2-20020a2597c2000000b0064b3e54191aso7407496ybo.20 for ; Fri, 13 May 2022 13:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7dzNFqFFreuuGTeKc8mtJ6zzQ7MnT/UZgCYnwegkikw=; b=n4tHKOJgDtPcp400cFfhloKlxJotstNLkDrF4z8JP1rzR6HPjAR9HOs6jJBLmYOB5l 4+Y2KlsHR5sfl8hlG5Y2YO+uXY1XI0e2TXINNjhFpaz3QIuWawMkTRTCBrjaopQyaxLa cBhG2HDKSrXaUfoLLBgPjgOcp482uo/oyH92PRBXhbRR9yF3onu8TOJ/ZGaqiFzX2+MA ZJ5mlRUuYytvGHLeEX/wYO5xCTnb4kuxxKZm18if4rlYDNnia3kdXzS5XA/U0nmH95AC ve41FgmB9bTufogbJdpviDZ/EZU3vVH7ccMM08Dtf8J1ylIz0SSX0V+uQLGdW5GTIavt KFMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7dzNFqFFreuuGTeKc8mtJ6zzQ7MnT/UZgCYnwegkikw=; b=zhBel6uqAyL0EUIvXW31s5UiEI9QroG9vZ6GhLatMAHNMrv95Bzf1dGvXFES7O17qD 54LEWqnbxtEKUcoFll8kMBfku3rghffV/b9t7r+43lKKXm4SdTbsU8KGu2ejumdojKU6 sG2j3QohlJlqZeOJsYQ00utl13T8ARFkMibL6ouUBZuighadoMhJjfsW/e+HZ3vavyAS 48Wid8DwJqEyTXxzZsQgaFQ5XkXaZKlRBXRuv+TG1Y03300g8IPNPyb0veNrCnnrkP5e eyNTt2U1LJBUwtiCCn06D9t07mTXV0LiYZ3TwkLeEpt8DrvWnRpKVfSCY03jn46WdTjw Kxqw== X-Gm-Message-State: AOAM530v3cI5L4EKBfGXz6BEC5r/eq6SjhwoBG8obyfvd7ogaYNFO6sJ SVTWGDRccf/aaDhh25n62pPzAMhziz+eDIG1l1E= X-Google-Smtp-Source: ABdhPJx1JJ0XmShhi74TIbh32BtvTGVhISwacttcRGpIVP/D3e+Li9khIRUZk3Job+crje8gCf5m3Gtudj8ga74RriM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:704:b0:649:cadc:bcf0 with SMTP id k4-20020a056902070400b00649cadcbcf0mr6772144ybt.537.1652473323920; Fri, 13 May 2022 13:22:03 -0700 (PDT) Date: Fri, 13 May 2022 13:21:39 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-2-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=880; h=from:subject; bh=EZLomphfIH08U3z4yVCd/QNb6Zb3C1icGxpk/OdeOrs=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3ix9PIgN+KybiMjc7a7S4+3nkZ58mRwAo49nTd DGA2iOSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7vTLC/ 9hgHRRO5928cbJy0Lj4dyh/HzCmTIsX5aRyNv3FaExai4tXtGIkEc9t07OQsdSHwe+vOQ4GaN0K0Yo Ez6WpASKIqAWw1CeqAT9mb8YffUPQZ15oosx922RKgOBLn7W0GuI+uzyNSW4zK4l0XtGaSzZaCx+bO VwwGaaThKY0gplbHU9YXLsLgqQFHuUD4yvfaAmhmWNeltzIlMqEj5P7eTYsqRATnkmvNGQL5jBJkGw 8MYNAlP6T/iaCDs7BeP0sPlgm3fIItcqzRKbtCg8953xYBCXp7UcapXhQYFZ+1fZ6g0txkD3HYt7bv /gdeVagNoIHK12tbnXliT67mMG/k2TufwaqBB4HbMNE6B51ElwuEdXvLY/cQftfGrkMKDn3/0c4UPI D5vLLZP1Z9I1is5YqP9C/K2jOqD2gPEXFjVPRK21z5UWzZe53fEZM39HScCeOsPT5AHuN9wQXQhzzD LW8o4It0Oany72uLq2n4E1wVX7ylkcng+6S6YFDEngVsM= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 01/21] efi/libstub: Filter out CC_FLAGS_CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Explicitly filter out CC_FLAGS_CFI in preparation for the flags being removed from CC_FLAGS_LTO. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- drivers/firmware/efi/libstub/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index d0537573501e..234fb2910622 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -39,6 +39,8 @@ KBUILD_CFLAGS := $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \ # remove SCS flags from all objects in this directory KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +# disable CFI +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) # disable LTO KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO), $(KBUILD_CFLAGS)) From patchwork Fri May 13 20:21:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06FF8C433EF for ; Fri, 13 May 2022 20:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384119AbiEMUWJ (ORCPT ); Fri, 13 May 2022 16:22:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384108AbiEMUWH (ORCPT ); Fri, 13 May 2022 16:22:07 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 060DB154F90 for ; Fri, 13 May 2022 13:22:07 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2d7eaa730d9so81517467b3.13 for ; Fri, 13 May 2022 13:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=dq5ya0HLbqhoGaxybMwD+u455UO61ysiO/Cn6SCUV4E=; b=QhvLqyQ7SGkhcJcmlPcAMvH4X9HlQFOiCjtBh/sxV7YFuCJ87i5PkY99k8mpn88Z7L bAJHA6Yi+ZPZn6RvkqV/eFGCG1px4tIYEl7/NiOpU+6qbrDMEZhC+SRZjcWXz+crVMyB k89fvJN/FDgzHnNowBikxn+RDEi5rz5cjkFzu4OdcmLuH5qG5wD0z0VtWR17tHJLAXz6 D/UCknaW80Q18TX1vss3qORW2jhII4B6rQkGv+V6pGg9zIzJdJU8oSKhfhM1q13nyTu0 RtKAlKqIMYJgUOayt2WSeBxXLwmjgEC/4qZ7cyJ+5su7ftJjYIt4dwxMI94GP5ohXkvi VOKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=dq5ya0HLbqhoGaxybMwD+u455UO61ysiO/Cn6SCUV4E=; b=vn1XTvaMKaq+fxFgqYxtjoMA8BwLBzX5G+7titVkBju19Tx3+us1y+Pk2KRQmx7V02 0zyiwZ2Dd6AU2J+s634EDaxXVmNzwh41A0K5UQJ2MklhT84y4D9ViKxMhw0HU5CKClbB U2L3WGACRSvYYA2hnKLl8tpAz4e+/mntiHqGDYLXYTltWirEGM9j3lb77Z2J4KoiWqFZ Vsfl08/2p1k7G5QSv0HvGy9g5SK1BPyKpvgKVfHMXiwDTFHLU7jue/CiMomJ84Wnwh3Y RnhQizKEpIdCLJvkYLY2ZY+/E4c9yFB5MSAS3w5rQrq/uyPHGRq1rqvzG57cQE368rHA O2sQ== X-Gm-Message-State: AOAM530/RTL1plKhu5JX5UyfDnNkP1PjAMVpTAgbEcPxe19ss8nIs3qI 4QFfjpJY+xESDuSDnoAWzOUo0sR/NbOSgoFwt2U= X-Google-Smtp-Source: ABdhPJx6nPe/UG4ioi9xxrUNrDLMncxESewxC/vESjwPAZ8T0UiRXU3Rn9QJIYSuvrV9TPZrXKmlIeVohGiRmaBJe18= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:d1d7:0:b0:64b:6193:cd6d with SMTP id i206-20020a25d1d7000000b0064b6193cd6dmr6849614ybg.149.1652473326244; Fri, 13 May 2022 13:22:06 -0700 (PDT) Date: Fri, 13 May 2022 13:21:40 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-3-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=988; h=from:subject; bh=RNVQHrlEA9fX91aGJUv17nzO52aQ646VsAxq7TYCVmE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3isUdSjjLVv9wzgpsbojWEfNbcYqclULDOWDcw kQXpx/yJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7p9EC/ 9JO2MwCu1MjbT8Exc52X4QzT9yYK9ojOtmr6WsnYMtpgxHa2q1EE6j+R5DjIqzA+m2ZWPHkY8SrMeG ZrpJnTHJPvFOmOV9L+KDF1UT+Vgo2YVrHJuQqxkraewUIudUDq4Bab1FpnWkPZ4QtwJ9xuzKjcnA12 rUIsUKiEhUi1G12cNkjH+aGc4Ny0YP4T2rz89dMrdARLVOHhRPupWfkUNfNVLrIlXbnof/ZCCjhJz1 /gosCtk/66Q2tgY9KlHpacjuBslmTAN6blKpml6eqY1jRO1Hqa6ScjNXsr7+p5muSKkIRmxw1nPydt uEjXwjPlU5Ruc4YYTkRQ1SHEvAY/KmfK1bxhTW2zqyS909mhqMUEKaAw+n3DCzcCfosyD9GzAspMLK SZA/KsxdlXzjUxfsDSQMVqyc7AOnO30FS+TtKeAMlZU6kbhpl6I1yJyRW4cejjllmWB/ynZIDhDZTJ mZiNpwrFr0PQBQTYS1f63TSat1c1BfyDD5IZxeq1F4sM0= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 02/21] arm64/vdso: Filter out CC_FLAGS_CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Explicitly filter out CC_FLAGS_CFI in preparation for the flags being removed from CC_FLAGS_LTO. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/kernel/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile index 172452f79e46..6c26e0a76a06 100644 --- a/arch/arm64/kernel/vdso/Makefile +++ b/arch/arm64/kernel/vdso/Makefile @@ -33,7 +33,8 @@ ccflags-y += -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO # the CFLAGS of vgettimeofday.c to make possible to build the # kernel with CONFIG_WERROR enabled. CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) \ - $(CC_FLAGS_LTO) -Wmissing-prototypes -Wmissing-declarations + $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) \ + -Wmissing-prototypes -Wmissing-declarations KASAN_SANITIZE := n KCSAN_SANITIZE := n UBSAN_SANITIZE := n From patchwork Fri May 13 20:21:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849360 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEB1BC433F5 for ; Fri, 13 May 2022 20:22:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384124AbiEMUWP (ORCPT ); Fri, 13 May 2022 16:22:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384121AbiEMUWJ (ORCPT ); Fri, 13 May 2022 16:22:09 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50762158F8C for ; Fri, 13 May 2022 13:22:09 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id g26-20020a25b11a000000b0064984a4ffb7so8208163ybj.7 for ; Fri, 13 May 2022 13:22:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=IxHEer1R7aVI+23m0/FmYa+I+TASlrgBBKCjzC35/is=; b=OxMA8KuHb8XyzEjNcQew0ArZPh+FVcPLuUudPe8Jic4JWJ2qN0iVlwiAZZSV9Gtzwv 7HrYwsvduCROdph8yijbuUGSiOimDaejwPHZbVJ1M734lxldw057vMrtMmT4JDtTWicN LFtVcyF/iv6fifWYUO8WReZUA0eigVeQwl1sgTgmQEQ2c5FaP2Mr+ePC13K4wuaZayO1 d8+lzT59gwHtCXP+id4mRPGTa9D7RNmpX55+YjUZbLnUUDJp3++JVBGJgL1r3FL1rFgD 9c/LZv5mImy0vO1Qkn8xvEDuDTkaHE5SP9oiguHQSFWAB0RU+W3gKv3DkAA64d0G0jNq TI0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=IxHEer1R7aVI+23m0/FmYa+I+TASlrgBBKCjzC35/is=; b=5psJTPkqDPEDSufKasRypzlfmIF59VNrLp8HMG6NU2DbxuDFYiISc0vXWEctj0wZrA 7Ga8GPK16HIqFcjWAc4bdYOsNsuySu5K3NsmSZoT+9/+RZJmDsdBndbfTlSixPTg6FXR okR++1FSiQqNXdCU8ueS2XFdPutBpEGmTYtNHN4Z9imQa6laZKWCKfW162kPyQqyLNPn 9wJp0DSkc5MYUE55Y6ox36fidCT1RNXhmPAhWhEkT9J/IlkULwBFDVryMeJsFobcPpeA S8QwisNgIB2fU96WMAA6qKjSDT7XajEznp0Ti0abM4xV71fnk7OdY6v8z57OEvn4GjOe DHeQ== X-Gm-Message-State: AOAM532WAphs8hDu/o7dqnio3Ypg76Cf6+2oA+snpskMQ17vyYUjhgO9 PUzb34+zBR35G9mkIcm3EBuLSKCNTgQoh1QR3DU= X-Google-Smtp-Source: ABdhPJzUS09TySpKZNXM6m4ea8HNMDMOfILnzeEqlsd04WIi/iMakGhB41x1yNg+3tqOE5zhpyksH9HH+6A5s0pmUMM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:5607:0:b0:2db:c245:5ff4 with SMTP id k7-20020a815607000000b002dbc2455ff4mr7860740ywb.244.1652473328452; Fri, 13 May 2022 13:22:08 -0700 (PDT) Date: Fri, 13 May 2022 13:21:41 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-4-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=669; h=from:subject; bh=nqUrm2wetpzQHlcH5NE19NaoXqu5E22beF1fMMwNKYU=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3iMv7g14dMbgfDCXDLb8bbUgmfd0gW8V9AeL1O zzXtTTuJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7iEdDA CI6z4FnJ7PlqvcN6HOYf/c+XXnT7MWbgCS2HoVv2P8QoFQ7TpgbvN9zIdJ2RqY6xEuuz3emRk6Ah6L m3BDCj8zH2JvuDhGU8CvazPYASgz94v/HBmS7NVikbjwkqCaqgwWglXdD2apJxu5anZhqnCpft8QPP bsIYUu1URvNbcxZKEGTmZ+CfaHo8s7SG6cXjrxevYWrVVsTwtujQ9JyLn0OoTcm/Fz7e+vQTkJ8h83 tVq2x9/I247t3sHmmcB9KPidgRSvcn1f9jJq0P1G7rSEDpVyZu2g0xj0mridXoViXt4rnsB3q1jmCE BVikAZnVI/yfasdkpS9g3uH/FygOBkKSfIT27/K+DLNc7XcLJJfDlhBepjYoQ2RwC0/vfOhr+7iq8Z S6gs/HjMHr5L+Y77qMjwRSwMNE2rdV+mTed4i9qBwlRWYaCWx3uwygO/JhgxJmegZ36M5eaQI+mxtd OYZMFi5iejcuHT5TOPjKY0v8Ia7ODn5SOlEwOFOqDPNMs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 03/21] kallsyms: Ignore __kcfi_typeid_ From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The compiler generates CFI type identifier symbols for annotating assembly functions at link time. Ignore them in kallsyms. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/kallsyms.c | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c index 8caabddf817c..eebd02e4b832 100644 --- a/scripts/kallsyms.c +++ b/scripts/kallsyms.c @@ -118,6 +118,7 @@ static bool is_ignored_symbol(const char *name, char type) "__ThumbV7PILongThunk_", "__LA25Thunk_", /* mips lld */ "__microLA25Thunk_", + "__kcfi_typeid_", /* CFI type identifiers */ NULL }; From patchwork Fri May 13 20:21:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8DD6C433EF for ; Fri, 13 May 2022 20:22:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384153AbiEMUW1 (ORCPT ); Fri, 13 May 2022 16:22:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384128AbiEMUWO (ORCPT ); Fri, 13 May 2022 16:22:14 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A6BAD15793A for ; Fri, 13 May 2022 13:22:11 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f8be9326fcso81323937b3.18 for ; Fri, 13 May 2022 13:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3rbENypqCeAz/IgIID+ZPW4C5aWsshvKkILt+5AAV00=; b=bVJWBrl7cDicHt9Gi4+ohHVYJBoB8rZ6BgZAKwfP8uX9YjIQHwpZCAfW+vlcRrMVfV hOn7N8mJzNb5q3DcduzmGvI2YDGVO8Hde136EbMK6VJ7u/UY9cMxBKn/onItf9wZ0/2b uvjjh13z0t2JbcU7Y8Q3vDqdV7iGmwPSjcXGu4dcjyzQelfU+QNc5m18/VdQbiNZkjrR CAYwtqHWmbmlRTWy/1yvZH0/wRpuEtS3VCcisXs2vEgZpgHywKQshxqtwhQEZarYKtDd Au983eBbGCjr7uwjoSBmhj1xenO5980v0wb+hupg9JROuhQV1yrQ1ZzQ7YIWWHobJk99 JbsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3rbENypqCeAz/IgIID+ZPW4C5aWsshvKkILt+5AAV00=; b=FMolUVUzC0gruU55FOFJqFuw43nREvVNqGp9UpSTkbzxgq9qd7jnxSv8YikhUO0MGy AJk3BtzDr4/VKINItbYxKIa+cw957jmIs6GbY4L9MCdv/SbwzF2dUaPWoM2N0ythYXwn uPZQDPIEkwvjxJP+t4C/Ne5ZYcvc22p/bXvR26MYgX6JLh4VcEHPim+nrMoykjySeEuB LLgJEQdIX/S4du4ZUsqOtF7eW5Ur1aT0hIF0Ngd5DoO42l9A3T2LliU7H+y/dudTNlMy 5V894+FRd2pa2Nlq/7MhZTVGXFjMMbOr5Y0pI0QzFAz8/yGrH8vQ8xlKwVWzcWh5/YVW uhNQ== X-Gm-Message-State: AOAM532gueAV2vcRRGBRTkOx1dqfVz5DPTRM5wYZbN7/pOWTn4CC2Kov DmC8yYx3Gd7Hw+cvX1meSI3KTXwEniTcIpCjfNI= X-Google-Smtp-Source: ABdhPJzOneMOR1qH6SrOCLKX1t/PSF8tSleCLOirNGH0OtvMabHyIeeG3/ryzlTKbyWHzdCYSvBSGT8CbXKeaVZfa28= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:140e:0:b0:2fe:c3a3:5b19 with SMTP id 14-20020a81140e000000b002fec3a35b19mr3011936ywu.392.1652473330890; Fri, 13 May 2022 13:22:10 -0700 (PDT) Date: Fri, 13 May 2022 13:21:42 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=10304; h=from:subject; bh=ESJ8fWLOKLg6swwonEQ3eCuG0rWXn+X2k0PhZ4hQjD0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3jvI8tsv16brUmow32xC6syargdN+HlcSO8QJh nXSXDGaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7mTRC/ 0dB/Xj5GX4TvXus6/NQ2HnP7prDwgL22vz4nVgvgs7zn6shfiXrh9zDpZOowpe7ko60ZDceOJA8n3V 5LCpX1b6kO8ppbqY81KthIKrk/6yxEVQlGXjx95ZiKzm9J8qUHUQZgLF9fQceVbv9OmQthnrYusFRu +ETQNrWVh+vzhJ8KuboqY8VGX/GYyfBaR8K3IOgAUZzhOhYiDvYir6seKP7fry4A5qksTsLRLZsEy7 WPSWod6n/4e73ndNNMP+Iom/09XrhmwFp0jmWudgUyxFxNr9rSTTSemOHOSHLJ+xmFUVGOULQn/+Sj 2a7scRtBfM6cOiYhFQ5wMyBGsse/JZnELRlwe3aCSpJREob6rZYF+0jT2nYnfjvM/okC2iWLRCVUnK 3csLlqgxKK8PMLDuBk60EF3zyZThdTE1Wgcz8b2tLtfkxbFYc5wC5AhmMyG4Ls74BzFAfExt2qGABE wEvsTOM6jwj/N9rvbVbtdmRPqGQD79oOokeQY/la3Hsus= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 04/21] cfi: Remove CONFIG_CFI_CLANG_SHADOW From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org In preparation to switching to -fsanitize=kcfi, remove support for the CFI module shadow that will no longer be needed. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/Kconfig | 10 -- include/linux/cfi.h | 12 --- kernel/cfi.c | 237 +------------------------------------------- kernel/module.c | 15 --- 4 files changed, 1 insertion(+), 273 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 31c4fdc4a4ba..625db6376726 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -739,16 +739,6 @@ config CFI_CLANG https://clang.llvm.org/docs/ControlFlowIntegrity.html -config CFI_CLANG_SHADOW - bool "Use CFI shadow to speed up cross-module checks" - default y - depends on CFI_CLANG && MODULES - help - If you select this option, the kernel builds a fast look-up table of - CFI check functions in loaded modules to reduce performance overhead. - - If unsure, say Y. - config CFI_PERMISSIVE bool "Use CFI in permissive mode" depends on CFI_CLANG diff --git a/include/linux/cfi.h b/include/linux/cfi.h index c6dfc1ed0626..4ab51c067007 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -20,18 +20,6 @@ extern void __cfi_check(uint64_t id, void *ptr, void *diag); #define __CFI_ADDRESSABLE(fn, __attr) \ const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn -#ifdef CONFIG_CFI_CLANG_SHADOW - -extern void cfi_module_add(struct module *mod, unsigned long base_addr); -extern void cfi_module_remove(struct module *mod, unsigned long base_addr); - -#else - -static inline void cfi_module_add(struct module *mod, unsigned long base_addr) {} -static inline void cfi_module_remove(struct module *mod, unsigned long base_addr) {} - -#endif /* CONFIG_CFI_CLANG_SHADOW */ - #else /* !CONFIG_CFI_CLANG */ #ifdef CONFIG_X86_KERNEL_IBT diff --git a/kernel/cfi.c b/kernel/cfi.c index 9594cfd1cf2c..2cc0d01ea980 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -32,237 +32,6 @@ static inline void handle_cfi_failure(void *ptr) } #ifdef CONFIG_MODULES -#ifdef CONFIG_CFI_CLANG_SHADOW -/* - * Index type. A 16-bit index can address at most (2^16)-2 pages (taking - * into account SHADOW_INVALID), i.e. ~256M with 4k pages. - */ -typedef u16 shadow_t; -#define SHADOW_INVALID ((shadow_t)~0UL) - -struct cfi_shadow { - /* Page index for the beginning of the shadow */ - unsigned long base; - /* An array of __cfi_check locations (as indices to the shadow) */ - shadow_t shadow[1]; -} __packed; - -/* - * The shadow covers ~128M from the beginning of the module region. If - * the region is larger, we fall back to __module_address for the rest. - */ -#define __SHADOW_RANGE (_UL(SZ_128M) >> PAGE_SHIFT) - -/* The in-memory size of struct cfi_shadow, always at least one page */ -#define __SHADOW_PAGES ((__SHADOW_RANGE * sizeof(shadow_t)) >> PAGE_SHIFT) -#define SHADOW_PAGES max(1UL, __SHADOW_PAGES) -#define SHADOW_SIZE (SHADOW_PAGES << PAGE_SHIFT) - -/* The actual size of the shadow array, minus metadata */ -#define SHADOW_ARR_SIZE (SHADOW_SIZE - offsetof(struct cfi_shadow, shadow)) -#define SHADOW_ARR_SLOTS (SHADOW_ARR_SIZE / sizeof(shadow_t)) - -static DEFINE_MUTEX(shadow_update_lock); -static struct cfi_shadow __rcu *cfi_shadow __read_mostly; - -/* Returns the index in the shadow for the given address */ -static inline int ptr_to_shadow(const struct cfi_shadow *s, unsigned long ptr) -{ - unsigned long index; - unsigned long page = ptr >> PAGE_SHIFT; - - if (unlikely(page < s->base)) - return -1; /* Outside of module area */ - - index = page - s->base; - - if (index >= SHADOW_ARR_SLOTS) - return -1; /* Cannot be addressed with shadow */ - - return (int)index; -} - -/* Returns the page address for an index in the shadow */ -static inline unsigned long shadow_to_ptr(const struct cfi_shadow *s, - int index) -{ - if (unlikely(index < 0 || index >= SHADOW_ARR_SLOTS)) - return 0; - - return (s->base + index) << PAGE_SHIFT; -} - -/* Returns the __cfi_check function address for the given shadow location */ -static inline unsigned long shadow_to_check_fn(const struct cfi_shadow *s, - int index) -{ - if (unlikely(index < 0 || index >= SHADOW_ARR_SLOTS)) - return 0; - - if (unlikely(s->shadow[index] == SHADOW_INVALID)) - return 0; - - /* __cfi_check is always page aligned */ - return (s->base + s->shadow[index]) << PAGE_SHIFT; -} - -static void prepare_next_shadow(const struct cfi_shadow __rcu *prev, - struct cfi_shadow *next) -{ - int i, index, check; - - /* Mark everything invalid */ - memset(next->shadow, 0xFF, SHADOW_ARR_SIZE); - - if (!prev) - return; /* No previous shadow */ - - /* If the base address didn't change, an update is not needed */ - if (prev->base == next->base) { - memcpy(next->shadow, prev->shadow, SHADOW_ARR_SIZE); - return; - } - - /* Convert the previous shadow to the new address range */ - for (i = 0; i < SHADOW_ARR_SLOTS; ++i) { - if (prev->shadow[i] == SHADOW_INVALID) - continue; - - index = ptr_to_shadow(next, shadow_to_ptr(prev, i)); - if (index < 0) - continue; - - check = ptr_to_shadow(next, - shadow_to_check_fn(prev, prev->shadow[i])); - if (check < 0) - continue; - - next->shadow[index] = (shadow_t)check; - } -} - -static void add_module_to_shadow(struct cfi_shadow *s, struct module *mod, - unsigned long min_addr, unsigned long max_addr) -{ - int check_index; - unsigned long check = (unsigned long)mod->cfi_check; - unsigned long ptr; - - if (unlikely(!PAGE_ALIGNED(check))) { - pr_warn("cfi: not using shadow for module %s\n", mod->name); - return; - } - - check_index = ptr_to_shadow(s, check); - if (check_index < 0) - return; /* Module not addressable with shadow */ - - /* For each page, store the check function index in the shadow */ - for (ptr = min_addr; ptr <= max_addr; ptr += PAGE_SIZE) { - int index = ptr_to_shadow(s, ptr); - - if (index >= 0) { - /* Each page must only contain one module */ - WARN_ON_ONCE(s->shadow[index] != SHADOW_INVALID); - s->shadow[index] = (shadow_t)check_index; - } - } -} - -static void remove_module_from_shadow(struct cfi_shadow *s, struct module *mod, - unsigned long min_addr, unsigned long max_addr) -{ - unsigned long ptr; - - for (ptr = min_addr; ptr <= max_addr; ptr += PAGE_SIZE) { - int index = ptr_to_shadow(s, ptr); - - if (index >= 0) - s->shadow[index] = SHADOW_INVALID; - } -} - -typedef void (*update_shadow_fn)(struct cfi_shadow *, struct module *, - unsigned long min_addr, unsigned long max_addr); - -static void update_shadow(struct module *mod, unsigned long base_addr, - update_shadow_fn fn) -{ - struct cfi_shadow *prev; - struct cfi_shadow *next; - unsigned long min_addr, max_addr; - - next = vmalloc(SHADOW_SIZE); - - mutex_lock(&shadow_update_lock); - prev = rcu_dereference_protected(cfi_shadow, - mutex_is_locked(&shadow_update_lock)); - - if (next) { - next->base = base_addr >> PAGE_SHIFT; - prepare_next_shadow(prev, next); - - min_addr = (unsigned long)mod->core_layout.base; - max_addr = min_addr + mod->core_layout.text_size; - fn(next, mod, min_addr & PAGE_MASK, max_addr & PAGE_MASK); - - set_memory_ro((unsigned long)next, SHADOW_PAGES); - } - - rcu_assign_pointer(cfi_shadow, next); - mutex_unlock(&shadow_update_lock); - synchronize_rcu(); - - if (prev) { - set_memory_rw((unsigned long)prev, SHADOW_PAGES); - vfree(prev); - } -} - -void cfi_module_add(struct module *mod, unsigned long base_addr) -{ - update_shadow(mod, base_addr, add_module_to_shadow); -} - -void cfi_module_remove(struct module *mod, unsigned long base_addr) -{ - update_shadow(mod, base_addr, remove_module_from_shadow); -} - -static inline cfi_check_fn ptr_to_check_fn(const struct cfi_shadow __rcu *s, - unsigned long ptr) -{ - int index; - - if (unlikely(!s)) - return NULL; /* No shadow available */ - - index = ptr_to_shadow(s, ptr); - if (index < 0) - return NULL; /* Cannot be addressed with shadow */ - - return (cfi_check_fn)shadow_to_check_fn(s, index); -} - -static inline cfi_check_fn find_shadow_check_fn(unsigned long ptr) -{ - cfi_check_fn fn; - - rcu_read_lock_sched_notrace(); - fn = ptr_to_check_fn(rcu_dereference_sched(cfi_shadow), ptr); - rcu_read_unlock_sched_notrace(); - - return fn; -} - -#else /* !CONFIG_CFI_CLANG_SHADOW */ - -static inline cfi_check_fn find_shadow_check_fn(unsigned long ptr) -{ - return NULL; -} - -#endif /* CONFIG_CFI_CLANG_SHADOW */ static inline cfi_check_fn find_module_check_fn(unsigned long ptr) { @@ -291,11 +60,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr) * up if necessary. */ RCU_NONIDLE({ - if (IS_ENABLED(CONFIG_CFI_CLANG_SHADOW)) - fn = find_shadow_check_fn(ptr); - - if (!fn) - fn = find_module_check_fn(ptr); + fn = find_module_check_fn(ptr); }); return fn; diff --git a/kernel/module.c b/kernel/module.c index 6cea788fd965..296fe02323e9 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2151,8 +2151,6 @@ void __weak module_arch_freeing_init(struct module *mod) { } -static void cfi_cleanup(struct module *mod); - /* Free a module, remove from lists, etc. */ static void free_module(struct module *mod) { @@ -2194,9 +2192,6 @@ static void free_module(struct module *mod) synchronize_rcu(); mutex_unlock(&module_mutex); - /* Clean up CFI for the module. */ - cfi_cleanup(mod); - /* This may be empty, but that's OK */ module_arch_freeing_init(mod); module_memfree(mod->init_layout.base); @@ -4141,7 +4136,6 @@ static int load_module(struct load_info *info, const char __user *uargs, synchronize_rcu(); kfree(mod->args); free_arch_cleanup: - cfi_cleanup(mod); module_arch_cleanup(mod); free_modinfo: free_modinfo(mod); @@ -4530,15 +4524,6 @@ static void cfi_init(struct module *mod) if (exit) mod->exit = *exit; #endif - - cfi_module_add(mod, module_addr_min); -#endif -} - -static void cfi_cleanup(struct module *mod) -{ -#ifdef CONFIG_CFI_CLANG - cfi_module_remove(mod, module_addr_min); #endif } From patchwork Fri May 13 20:21:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849362 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82C76C433EF for ; Fri, 13 May 2022 20:22:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346200AbiEMUWb (ORCPT ); Fri, 13 May 2022 16:22:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384132AbiEMUWQ (ORCPT ); Fri, 13 May 2022 16:22:16 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F288515E636 for ; Fri, 13 May 2022 13:22:13 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id c205-20020a254ed6000000b0064d5bd93479so618015ybb.17 for ; Fri, 13 May 2022 13:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=WU3889iAo2cV03hsiSf5x6zZ/LJ50Xw+92L/EGbhqXo=; b=pZmQDolJvtI0oNoMjFNSs3O4PlnuoIjxWCSUTvNrtCNsWJ/IOfR8nWwmexM+XOZ6VX OBRVl1lCMhpAir8Qb7vKRhjqFO/0FzS9EVJ3+fXOBepXFdP/5tbt6Qv8F2FqZSU9iKzE atW4/BeR2eJaG9x3o1pDimccoqSy9pLSqz1jExrKsvRGU9cfglLErk9kp4JuLSKg0iXS p7fMRI12tbpyBZuSMGUPY12uCE6PP8eUbAqRAoWl+/m1mgK57/DCD4cUyoxzFnUaZNSf aHJ6m/fhSPutclhWYUwr7oDegK72KoFH6Dh5q/VvXM8pxI4DquPJOfYPsJN9ew1qZ1WE ADnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=WU3889iAo2cV03hsiSf5x6zZ/LJ50Xw+92L/EGbhqXo=; b=LW5znexfjO+xK/eJBnU5VWVVwXPrN0G87tN/+zpN4AYPEq2b28XPW+78fLkVFocDli 0U+LxzWOwfNslTuojUaP2sTV9Ebls0D6Y8IWCUCJWe23UqqA5/4Ly4y+D/5E/rxt5/3L fA+HolMa3JK+RICcInLeNuN2NOMrPueuk02l51KnHQPUIOPcMIQy3PdhX2a0eKAkXrCm hwclloxZl94Yqbmb/hmGOY2DRjHbAVl5104t3aqcdtn1gcAnrg5Oxiw0FJ4OWbOKqsOG mvKW9IVE5tx8u9fIhOuBSXjQBTdHZIBttvz0lkhhl2O3IBQvWs8ckm6TRTbc6RyyBNrN dqIQ== X-Gm-Message-State: AOAM532O1tGOTUuQNTHMRG/gvkEyl/EDLtahxC9A6CBqP909RCCeRg7u ayxOOPB9cExnGyBUF63NQdYfXrq0cDOp7QdNKbs= X-Google-Smtp-Source: ABdhPJwxuELEVPnOQKDtqsVDrkvVAVIRZ1hdHAD2MT+Q+cgbmxzoKXzbrC/MSqHsHIXSfCC9M9j87P/P+HCKcQRnswM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:83d1:0:b0:648:725c:6a05 with SMTP id v17-20020a2583d1000000b00648725c6a05mr6581691ybm.218.1652473333130; Fri, 13 May 2022 13:22:13 -0700 (PDT) Date: Fri, 13 May 2022 13:21:43 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-6-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=3214; h=from:subject; bh=NEJlZMdKjd8Zr3EJq4f2U/eOaR2VOw8ZJNPjD2WS5Pg=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3jsP84AqoF0iPnb8FMjL+St7Zjb6XNSfFd8CUa 8toyEnOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7tzdC/ 9mHIFZ0j3RnJTawg3pYHmudgAx+YsmdirdE8TFxUnZEf8oHYhTkUlg7HOO3hmf5f63KPJpAii3HWfP x9V4qiLz1iAjZ0nt29HurNVlJJwPrPHCAzqmcDL1HncXMzkbJCseEu7h4oldZ0nXQ7G3T9XRplwELO IavmbB2Eijy2MIkwJHs2c3dCXg0Cara5MVl2GeFuFSmIZT4Jfdu6GT1fM4vEYPmHgtRZg4pcRK945G ub5OI9K19suVmpGxkPlg11HeNJe+o1hoAN0OzNEWwfEVNOULVaVwV8SCEq/g+cRVB3Jm4A7GIlI1Ai jgefyruG8c3xYc+hsnDXmBQE99RIclVfn5GRqT/+Z79fNQc5HgKRvjxaAYVxs4BN+XC8VSPP6q0WCL csImxtt33P9GdjW7kYGIYq2IF+1wiH5U4iUzV8w7ibhTmTsyza3JW86J49V7i7sEKr99x0QPmP0u2e AbGrPE5JTOJt2ddxl3S8VQALAnKF+pj9AN9XiaFcxAkWU= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 05/21] cfi: Drop __CFI_ADDRESSABLE From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The __CFI_ADDRESSABLE macro is used for init_module and cleanup_module to ensure we have the address of the CFI jump table, and with CONFIG_X86_KERNEL_IBT to ensure LTO won't optimize away the symbols. As __CFI_ADDRESSABLE is no longer necessary with -fsanitize=kcfi, add a more flexible version of the __ADDRESSABLE macro and always ensure these symbols won't be dropped. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/cfi.h | 20 -------------------- include/linux/compiler.h | 6 ++++-- include/linux/module.h | 4 ++-- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 4ab51c067007..2cdbc0fbd0ab 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -13,26 +13,6 @@ typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag); /* Compiler-generated function in each module, and the kernel */ extern void __cfi_check(uint64_t id, void *ptr, void *diag); -/* - * Force the compiler to generate a CFI jump table entry for a function - * and store the jump table address to __cfi_jt_. - */ -#define __CFI_ADDRESSABLE(fn, __attr) \ - const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn - -#else /* !CONFIG_CFI_CLANG */ - -#ifdef CONFIG_X86_KERNEL_IBT - -#define __CFI_ADDRESSABLE(fn, __attr) \ - const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn - -#endif /* CONFIG_X86_KERNEL_IBT */ - #endif /* CONFIG_CFI_CLANG */ -#ifndef __CFI_ADDRESSABLE -#define __CFI_ADDRESSABLE(fn, __attr) -#endif - #endif /* _LINUX_CFI_H */ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 219aa5ddbc73..9303f5fe5d89 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -221,9 +221,11 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, * otherwise, or eliminated entirely due to lack of references that are * visible to the compiler. */ -#define __ADDRESSABLE(sym) \ - static void * __section(".discard.addressable") __used \ +#define ___ADDRESSABLE(sym, __attrs) \ + static void * __used __attrs \ __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)&sym; +#define __ADDRESSABLE(sym) \ + ___ADDRESSABLE(sym, __section(".discard.addressable")) /** * offset_to_ptr - convert a relative memory offset to an absolute pointer diff --git a/include/linux/module.h b/include/linux/module.h index 1e135fd5c076..87857275c047 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -132,7 +132,7 @@ extern void cleanup_module(void); { return initfn; } \ int init_module(void) __copy(initfn) \ __attribute__((alias(#initfn))); \ - __CFI_ADDRESSABLE(init_module, __initdata); + ___ADDRESSABLE(init_module, __initdata); /* This is only required if you want to be unloadable. */ #define module_exit(exitfn) \ @@ -140,7 +140,7 @@ extern void cleanup_module(void); { return exitfn; } \ void cleanup_module(void) __copy(exitfn) \ __attribute__((alias(#exitfn))); \ - __CFI_ADDRESSABLE(cleanup_module, __exitdata); + ___ADDRESSABLE(cleanup_module, __exitdata); #endif From patchwork Fri May 13 20:21:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849376 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41240C433EF for ; Fri, 13 May 2022 20:23:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384222AbiEMUXM (ORCPT ); Fri, 13 May 2022 16:23:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44550 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384168AbiEMUWm (ORCPT ); Fri, 13 May 2022 16:22:42 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEBA71611D0 for ; Fri, 13 May 2022 13:22:16 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2f902276272so80455177b3.21 for ; Fri, 13 May 2022 13:22:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc:content-transfer-encoding; bh=pCLU/hXWpDFHII+5GFPvqWhTC0IvLx0cTjkTj7lZmbc=; b=Mjo3Zg4GXcSEYygFB3gUeYErey3L9NNmSyjOIi18QzNpHfJy9bulp3ty3kddEgJ9J4 OPopww/RNZMAY9EqNOt8UF/ur5jA4xe6Vl4e4J9AaOMr5Cvr53O0MDj9V6zOuahgukPh whNbmEtNYcTwmi5ExvRm3P7wuEcc3XI3iMrUTv/+vhWbGaJN7D8iBsSS8Yiv4aD4qdX2 RR4Phvjc5oomZsk9nHp90Pe1Hzk3aTdyy6u1oGKYCyAyoFiiPohavnqrLuMge9o3occh IY17V2npSM/kSAcnAxOw8PLdxW+pSd5E2wi75qbJAw0bn5FUPhJZUWJItdmmZ+cDRi4X jEhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc:content-transfer-encoding; bh=pCLU/hXWpDFHII+5GFPvqWhTC0IvLx0cTjkTj7lZmbc=; b=V6zveo3NzSlMTSv8j4xVQ7cxVErVNucnzxcQpwWgDHaeOUx/a3sD89E05fiUJJxbVY J0tqRvavE/b3s03QIO89tPxTnSxGg3/ypAjJauvqsxprEaMEYzvYPeWHyOCqHeAFmRc7 GghpmEgBijYPY/15VQsioWOWHgD72k/jySTMRDU+Rr/asFXhGFPni83uZEqQeJ8Rk5vs FzyKftJ3Aiqu6mfvqmDki4LTYY8tv+f1MlwMLoojTWl1FJzSseHKCSUjZQgttLPBi9xG spATsT6BkDm/O2bPRonb0q2LjDRl5ceVSrdcPvD6bfDTv4wvbAPOF5G0z6wjjUfBaZHR bNlw== X-Gm-Message-State: AOAM533c5l02f0PoE9TMJNgR68nRrzN/BnQQLXHsy7kalXuKGpBu02M6 NJ8R85CCoXetxGQARZyLoMSE/L9rohhq8zRRCmc= X-Google-Smtp-Source: ABdhPJy565vLDtoozxUDDhWLLpuoP38XA6FVRX2KCRBMjTPvFI8LzIegV3p504NDk/E/gB0tUPauPneqNQ2rk7e5uq8= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a0d:d0c1:0:b0:2dc:5950:c72f with SMTP id s184-20020a0dd0c1000000b002dc5950c72fmr7381095ywd.185.1652473335511; Fri, 13 May 2022 13:22:15 -0700 (PDT) Date: Fri, 13 May 2022 13:21:44 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-7-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=15262; h=from:subject; bh=o6CdCuNcxPwKwpmkpv7p1X90CAdPdvaaWPEtZqzJ3XE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j6rhd7VRsqD7zucXreXJ7ZaNf6DPaYMcLutG9 7vnfmlOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7r0QC/ 97uOH7x5RKTU/aAHQLlxOmNegxtd2PtEXwOXGVEKW203D4f6n5MqdBdM2Jj6NLSMS2zVXhO1Ix6JpJ wTeaiv5+oMu5GTzWiYkYpDvT7RugGEiOdwW3lWmrX+/8B0G1XbIZyDkLykymeurzjZcG9L5tDgR8M/ jVIirG2M0l5jtzmMmkfqjH/KYcOHCxTwRs2HE0wpmb0SX2Ctpdymw8SuT+vzzGM2KsqQHYJK7Hzob7 bA+KuvgvhQgsgA3pvWOEa/nIQ1wAQTaRTsjs8UeV/Uokf6fNitmtiHztvm3oFpMvySBJQLK6fMjD6j aB+WZH+h5FgVTvUVQNkQHy+SZvgJZ1Wn5DgpfZ8Q0GpJbVLszH9dC2dp8j+GR7td5Z61OEJOxELkJl 4R1qr8PF8PdrxXEvDYZkcQig4q/1lsv834hPEbiZMk0Su5+XsWidHS8xX8cCa52ewu1zuR82hnQK2F us/l/jDOQgh5ZvSyIcOZ6nuHO4c6PRKyUK8gB/+FtSfgA= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 06/21] cfi: Switch to -fsanitize=kcfi From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Switch from Clang's original forward-edge control-flow integrity implementation to -fsanitize=kcfi, which is better suited for the kernel, as it doesn't require LTO, doesn't use a jump table that requires altering function references, and won't break cross-module function address equality. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Kees Cook --- Makefile | 13 +-- arch/Kconfig | 11 ++- include/asm-generic/vmlinux.lds.h | 37 ++++----- include/linux/cfi.h | 35 +++++++-- include/linux/compiler-clang.h | 6 +- include/linux/module.h | 6 +- kernel/cfi.c | 126 ++++++++++++++---------------- kernel/module.c | 34 +------- scripts/module.lds.S | 23 +----- 9 files changed, 128 insertions(+), 163 deletions(-) diff --git a/Makefile b/Makefile index 2284d1ca2503..8439551954f1 100644 --- a/Makefile +++ b/Makefile @@ -915,18 +915,7 @@ export CC_FLAGS_LTO endif ifdef CONFIG_CFI_CLANG -CC_FLAGS_CFI := -fsanitize=cfi \ - -fsanitize-cfi-cross-dso \ - -fno-sanitize-cfi-canonical-jump-tables \ - -fno-sanitize-trap=cfi \ - -fno-sanitize-blacklist - -ifdef CONFIG_CFI_PERMISSIVE -CC_FLAGS_CFI += -fsanitize-recover=cfi -endif - -# If LTO flags are filtered out, we must also filter out CFI. -CC_FLAGS_LTO += $(CC_FLAGS_CFI) +CC_FLAGS_CFI := -fsanitize=kcfi KBUILD_CFLAGS += $(CC_FLAGS_CFI) export CC_FLAGS_CFI endif diff --git a/arch/Kconfig b/arch/Kconfig index 625db6376726..f179170cb422 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -720,14 +720,13 @@ config ARCH_SUPPORTS_CFI_CLANG An architecture should select this option if it can support Clang's Control-Flow Integrity (CFI) checking. +config ARCH_USES_CFI_TRAPS + bool + config CFI_CLANG bool "Use Clang's Control Flow Integrity (CFI)" - depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG - # Clang >= 12: - # - https://bugs.llvm.org/show_bug.cgi?id=46258 - # - https://bugs.llvm.org/show_bug.cgi?id=47479 - depends on CLANG_VERSION >= 120000 - select KALLSYMS + depends on ARCH_SUPPORTS_CFI_CLANG + depends on $(cc-option,-fsanitize=kcfi) help This option enables Clang’s forward-edge Control Flow Integrity (CFI) checking, where the compiler injects a runtime check to each diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 69138e9db787..fcb3c7146a43 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -421,6 +421,22 @@ __end_ro_after_init = .; #endif +/* + * .kcfi_traps contains a list KCFI trap locations. + */ +#ifndef KCFI_TRAPS +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +#define KCFI_TRAPS \ + __kcfi_traps : AT(ADDR(__kcfi_traps) - LOAD_OFFSET) { \ + __start___kcfi_traps = .; \ + KEEP(*(.kcfi_traps)) \ + __stop___kcfi_traps = .; \ + } +#else +#define KCFI_TRAPS +#endif +#endif + /* * Read only Data */ @@ -529,6 +545,8 @@ __stop___modver = .; \ } \ \ + KCFI_TRAPS \ + \ RO_EXCEPTION_TABLE \ NOTES \ BTF \ @@ -537,21 +555,6 @@ __end_rodata = .; -/* - * .text..L.cfi.jumptable.* contain Control-Flow Integrity (CFI) - * jump table entries. - */ -#ifdef CONFIG_CFI_CLANG -#define TEXT_CFI_JT \ - . = ALIGN(PMD_SIZE); \ - __cfi_jt_start = .; \ - *(.text..L.cfi.jumptable .text..L.cfi.jumptable.*) \ - . = ALIGN(PMD_SIZE); \ - __cfi_jt_end = .; -#else -#define TEXT_CFI_JT -#endif - /* * Non-instrumentable text section */ @@ -579,7 +582,6 @@ *(.text..refcount) \ *(.ref.text) \ *(.text.asan.* .text.tsan.*) \ - TEXT_CFI_JT \ MEM_KEEP(init.text*) \ MEM_KEEP(exit.text*) \ @@ -1008,8 +1010,7 @@ * keep any .init_array.* sections. * https://bugs.llvm.org/show_bug.cgi?id=46478 */ -#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) || \ - defined(CONFIG_CFI_CLANG) +#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) # ifdef CONFIG_CONSTRUCTORS # define SANITIZER_DISCARDS \ *(.eh_frame) diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 2cdbc0fbd0ab..655b8b10ac3d 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -2,17 +2,42 @@ /* * Clang Control Flow Integrity (CFI) support. * - * Copyright (C) 2021 Google LLC + * Copyright (C) 2022 Google LLC */ #ifndef _LINUX_CFI_H #define _LINUX_CFI_H +#include +#include + #ifdef CONFIG_CFI_CLANG -typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag); +enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr, + unsigned long target, unsigned long type); +#else +static inline enum bug_trap_type report_cfi_failure(struct pt_regs *regs, + unsigned long addr, + unsigned long target, + unsigned long type) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ -/* Compiler-generated function in each module, and the kernel */ -extern void __cfi_check(uint64_t id, void *ptr, void *diag); +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +bool is_cfi_trap(unsigned long addr); +#else +static inline bool is_cfi_trap(unsigned long addr) { return false; } +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ -#endif /* CONFIG_CFI_CLANG */ +#ifdef CONFIG_MODULES +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +void module_cfi_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + struct module *mod); +#else +static inline void module_cfi_finalize(const Elf_Ehdr *hdr, + const Elf_Shdr *sechdrs, + struct module *mod) {} +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ +#endif /* CONFIG_MODULES */ #endif /* _LINUX_CFI_H */ diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index babb1347148c..42e55579d649 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -66,8 +66,10 @@ # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif -#define __nocfi __attribute__((__no_sanitize__("cfi"))) -#define __cficanonical __attribute__((__cfi_canonical_jump_table__)) +#if __has_feature(kcfi) +/* Disable CFI checking inside a function. */ +#define __nocfi __attribute__((__no_sanitize__("kcfi"))) +#endif /* * Turn individual warnings and errors on and off locally, depending diff --git a/include/linux/module.h b/include/linux/module.h index 87857275c047..3b485834be74 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -27,7 +27,6 @@ #include #include #include -#include #include #include @@ -388,8 +387,9 @@ struct module { const s32 *crcs; unsigned int num_syms; -#ifdef CONFIG_CFI_CLANG - cfi_check_fn cfi_check; +#ifdef CONFIG_ARCH_USES_CFI_TRAPS + unsigned long *kcfi_traps; + unsigned long *kcfi_traps_end; #endif /* Kernel parameters. */ diff --git a/kernel/cfi.c b/kernel/cfi.c index 2cc0d01ea980..456d5eac082a 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -1,94 +1,86 @@ // SPDX-License-Identifier: GPL-2.0 /* - * Clang Control Flow Integrity (CFI) error and slowpath handling. + * Clang Control Flow Integrity (CFI) error handling. * - * Copyright (C) 2021 Google LLC + * Copyright (C) 2022 Google LLC */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Compiler-defined handler names */ -#ifdef CONFIG_CFI_PERMISSIVE -#define cfi_failure_handler __ubsan_handle_cfi_check_fail -#else -#define cfi_failure_handler __ubsan_handle_cfi_check_fail_abort -#endif - -static inline void handle_cfi_failure(void *ptr) -{ - if (IS_ENABLED(CONFIG_CFI_PERMISSIVE)) - WARN_RATELIMIT(1, "CFI failure (target: %pS):\n", ptr); - else - panic("CFI failure (target: %pS)\n", ptr); -} - -#ifdef CONFIG_MODULES +#include -static inline cfi_check_fn find_module_check_fn(unsigned long ptr) +enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr, + unsigned long target, unsigned long type) { - cfi_check_fn fn = NULL; - struct module *mod; + pr_err("CFI failure at %pS (target: %pS; expected type: 0x%08x)\n", + (void *)addr, (void *)target, (u32)type); - rcu_read_lock_sched_notrace(); - mod = __module_address(ptr); - if (mod) - fn = mod->cfi_check; - rcu_read_unlock_sched_notrace(); + if (IS_ENABLED(CONFIG_CFI_PERMISSIVE)) { + __warn(NULL, 0, (void *)addr, 0, regs, NULL); + return BUG_TRAP_TYPE_WARN; + } - return fn; + return BUG_TRAP_TYPE_BUG; } -static inline cfi_check_fn find_check_fn(unsigned long ptr) +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +#ifdef CONFIG_MODULES +/* Populates `kcfi_trap(_end)?` fields in `struct module`. */ +void module_cfi_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + struct module *mod) { - cfi_check_fn fn = NULL; + char *secstrings; + unsigned int i; - if (is_kernel_text(ptr)) - return __cfi_check; + mod->kcfi_traps = NULL; + mod->kcfi_traps_end = NULL; - /* - * Indirect call checks can happen when RCU is not watching. Both - * the shadow and __module_address use RCU, so we need to wake it - * up if necessary. - */ - RCU_NONIDLE({ - fn = find_module_check_fn(ptr); - }); + secstrings = (char *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; - return fn; + for (i = 1; i < hdr->e_shnum; i++) { + if (strcmp(secstrings + sechdrs[i].sh_name, "__kcfi_traps")) + continue; + + mod->kcfi_traps = (unsigned long *)sechdrs[i].sh_addr; + mod->kcfi_traps_end = (unsigned long *)(sechdrs[i].sh_addr + + sechdrs[i].sh_size); + break; + } } -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) +static bool is_module_cfi_trap(unsigned long addr) { - cfi_check_fn fn = find_check_fn((unsigned long)ptr); + bool found = false; + struct module *mod; + unsigned long *p; - if (likely(fn)) - fn(id, ptr, diag); - else /* Don't allow unchecked modules */ - handle_cfi_failure(ptr); -} -EXPORT_SYMBOL(__cfi_slowpath_diag); + rcu_read_lock_sched_notrace(); -#else /* !CONFIG_MODULES */ + mod = __module_address(addr); + if (mod) + for (p = mod->kcfi_traps; !found && p < mod->kcfi_traps_end; ++p) + found = (*p == addr); + + rcu_read_unlock_sched_notrace(); -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) + return found; +} +#else /* CONFIG_MODULES */ +static inline bool is_module_cfi_trap(unsigned long addr) { - handle_cfi_failure(ptr); /* No modules */ + return false; } -EXPORT_SYMBOL(__cfi_slowpath_diag); - #endif /* CONFIG_MODULES */ -void cfi_failure_handler(void *data, void *ptr, void *vtable) +extern unsigned long __start___kcfi_traps[]; +extern unsigned long __stop___kcfi_traps[]; + +bool is_cfi_trap(unsigned long addr) { - handle_cfi_failure(ptr); + unsigned long *p; + + for (p = __start___kcfi_traps; p < __stop___kcfi_traps; ++p) + if (*p == addr) + return true; + + return is_module_cfi_trap(addr); } -EXPORT_SYMBOL(cfi_failure_handler); +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ diff --git a/kernel/module.c b/kernel/module.c index 296fe02323e9..411ae8c358e6 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -57,6 +57,7 @@ #include #include #include +#include #include #include "module-internal.h" @@ -3871,8 +3872,9 @@ static int complete_formation(struct module *mod, struct load_info *info) if (err < 0) goto out; - /* This relies on module_mutex for list integrity. */ + /* These rely on module_mutex for list integrity. */ module_bug_finalize(info->hdr, info->sechdrs, mod); + module_cfi_finalize(info->hdr, info->sechdrs, mod); module_enable_ro(mod, false); module_enable_nx(mod); @@ -3928,8 +3930,6 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname, return 0; } -static void cfi_init(struct module *mod); - /* * Allocate and load the module: note that size of section 0 is always * zero, and we rely on this for optional sections. @@ -4059,9 +4059,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); - /* Setup CFI for the module. */ - cfi_init(mod); - /* Now copy in args */ mod->args = strndup_user(uargs, ~0UL >> 1); if (IS_ERR(mod->args)) { @@ -4502,31 +4499,6 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, #endif /* CONFIG_LIVEPATCH */ #endif /* CONFIG_KALLSYMS */ -static void cfi_init(struct module *mod) -{ -#ifdef CONFIG_CFI_CLANG - initcall_t *init; - exitcall_t *exit; - - rcu_read_lock_sched(); - mod->cfi_check = (cfi_check_fn) - find_kallsyms_symbol_value(mod, "__cfi_check"); - init = (initcall_t *) - find_kallsyms_symbol_value(mod, "__cfi_jt_init_module"); - exit = (exitcall_t *) - find_kallsyms_symbol_value(mod, "__cfi_jt_cleanup_module"); - rcu_read_unlock_sched(); - - /* Fix init/exit functions to point to the CFI jump table */ - if (init) - mod->init = *init; -#ifdef CONFIG_MODULE_UNLOAD - if (exit) - mod->exit = *exit; -#endif -#endif -} - /* Maximum number of characters written by module_flags() */ #define MODULE_FLAGS_BUF_SIZE (TAINT_FLAGS_COUNT + 4) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 1d0e1e4dc3d2..0708896139cc 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,20 +3,10 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ -#ifdef CONFIG_CFI_CLANG -# include -# define ALIGN_CFI ALIGN(PAGE_SIZE) -# define SANITIZER_DISCARDS *(.eh_frame) -#else -# define ALIGN_CFI -# define SANITIZER_DISCARDS -#endif - SECTIONS { /DISCARD/ : { *(.discard) *(.discard.*) - SANITIZER_DISCARDS } __ksymtab 0 : { *(SORT(___ksymtab+*)) } @@ -31,6 +21,10 @@ SECTIONS { __patchable_function_entries : { *(__patchable_function_entries) } +#ifdef CONFIG_ARCH_USES_CFI_TRAPS + __kcfi_traps : { KEEP(*(.kcfi_traps)) } +#endif + #ifdef CONFIG_LTO_CLANG /* * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and @@ -51,15 +45,6 @@ SECTIONS { *(.rodata .rodata.[0-9a-zA-Z_]*) *(.rodata..L*) } - - /* - * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning - * of the .text section, and is aligned to PAGE_SIZE. - */ - .text : ALIGN_CFI { - *(.text.__cfi_check) - *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) - } #endif } From patchwork Fri May 13 20:21:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849363 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 375A3C433EF for ; Fri, 13 May 2022 20:22:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384174AbiEMUWq (ORCPT ); Fri, 13 May 2022 16:22:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384134AbiEMUWm (ORCPT ); Fri, 13 May 2022 16:22:42 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D57B6165D44 for ; Fri, 13 May 2022 13:22:18 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id y73-20020a638a4c000000b003c63424fb3aso4664454pgd.17 for ; Fri, 13 May 2022 13:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=MESMouEFY2G4SFqcafmefQWoFCP7ps3QB1tZ46af/jtYe6cn5zcxOwxTwft4N8E1NQ +UuIHuj5VEcDhbnPdN1c0OsP0m7BBsr8MIip1QKYnYg6zeoMy088Pl9eVtEl5uK0saGo XtR42j6pIymFijnyo6XcDzAed95J3W7UJ8IviGf6zqWy//NvXfkBj+GJVwnuCt9lcOFH Z4nLVMl3mKjxxgvlkFCBZewyyE5+nMu5wsw21EWC3AA96x/4tIfvIZsY75Roh12akrho avQ626Wx3RZtmrx/IEAGQSI1UB2H2FZgt4JgCTLLjEpfu6Qdx7RMgQixkMV7q4jIt2ca yN7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=2LF4DyTeXH7+qJ0z074twPTidth9fW0sDRBb2/xZ1gZBeTmSmqAFXGQc6bEzxlyMeN fqfvgRll5/C/pp92ijcXpQJ6BVfZ6r4mSgVdzQ2v4l/KjocIvgb5g+Clt3yM83rhyyNe HrJvl7UE0/LgWMBtuX6XU5mLT0mHdEb91DkhNnaittXHsVw3psd0KrPosTMCkRWOEquf ED7eXx3Zxk3MqoWvCmagnlE2Ilx5MDkl3i0ierX4eZloz8gqAo31r0Brmhyu6AzV3XtE E78212KoY7Hk0w61Dj3PkLBv59xC4bC/WbA98HUiMvCy61ZFHHDrmLEUVh6VCq6hKCry eBFw== X-Gm-Message-State: AOAM531szqA4DTi9uRKXRm6aMTdUbO38Vzu0HCqIBj0oSUmGZgPQtFZG uzDh+nAei4bmX3goatfQ+2oRlePwMTfwGzw984Y= X-Google-Smtp-Source: ABdhPJwfcFjFJSZbXy4dFXWlYx0UTPoVmJGQDFAqlwZxMLFtphKEHH2VS3sWnVMuhcTFKwv+pj6ccI88tY8WuVvcx7E= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:aa7:88d1:0:b0:510:3ee2:3f25 with SMTP id k17-20020aa788d1000000b005103ee23f25mr6048858pff.41.1652473338024; Fri, 13 May 2022 13:22:18 -0700 (PDT) Date: Fri, 13 May 2022 13:21:45 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2369; h=from:subject; bh=TboG0ryIg4JgbMTsV2OXgx0SX/UFOnu1UldMJxVt8Po=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j4WY4BkbqYI6dC/ZfJbPOV8T4fFdqndEpsBM/ hV5fbI2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7gMxC/ 4pxFRx4HmL+KUme/ZjGLLUnoT9FbQCcyon3/8qR0GI2jddZNW3zIDnAihW+p9AayVGcFBw/cucqeD6 aXfUmw4i5Efc8tn7VJtIfgwBMJEeT97CO0koKO1cJfqhLgyPXQDEp5x3qbmJIPEvXkFbMwd9T0no37 HPRxilpeC2rxuO4N07WfXvHHMyvz873twQyminhgkImNDn8LWrzNZD2TYLXYTmCSbYCFGu5tXSDEhw ZHK28QweaPZFMYbk0wN8AvV4LKrTN0/LJoOuYP485lixfm/DeCd/25TzV57VDBt4ZfW/VlEHh4RkgX cFHax638u12jlXDQHJK2SS7MLmlojw27IhKgnEszme11T0yFry4yEqhhcfa1m4PMtHA6DBWFAZjYwA CCw/0R+hbTncTA8X3SMH0fWDvX+13ZsaiGA+rH7eLAG+M6F+T6JF6K+96BK3G6xvoablbMV270wlb8 +GZCYAV3P1rotvaWrcFV5saGNcr9RR12T6hfVDEQ+LtAA= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 07/21] cfi: Add type helper macros From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With CONFIG_CFI_CLANG, assembly functions called indirectly from C code must be annotated with type identifiers to pass CFI checking. The compiler emits a __kcfi_typeid_ symbol for each address-taken function declaration in C, which contains the expected type identifier. Add typed versions of SYM_FUNC_START and SYM_FUNC_START_ALIAS, which emit the type identifier before the function. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/cfi_types.h | 57 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 include/linux/cfi_types.h diff --git a/include/linux/cfi_types.h b/include/linux/cfi_types.h new file mode 100644 index 000000000000..dd16e755a197 --- /dev/null +++ b/include/linux/cfi_types.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Clang Control Flow Integrity (CFI) type definitions. + */ +#ifndef _LINUX_CFI_TYPES_H +#define _LINUX_CFI_TYPES_H + +#ifdef CONFIG_CFI_CLANG +#include + +#ifdef __ASSEMBLY__ +/* + * Use the __kcfi_typeid_ type identifier symbol to + * annotate indirectly called assembly functions. The compiler emits + * these symbols for all address-taken function declarations in C + * code. + */ +#ifndef __CFI_TYPE +#define __CFI_TYPE(name) \ + .4byte __kcfi_typeid_##name +#endif + +#define SYM_TYPED_ENTRY(name, fname, linkage, align...) \ + linkage(name) ASM_NL \ + align ASM_NL \ + __CFI_TYPE(fname) ASM_NL \ + name: + +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#endif /* __ASSEMBLY__ */ + +#else /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_FUNC_START_ALIAS(name) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_FUNC_START(name) +#endif /* __ASSEMBLY__ */ + +#endif /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define SYM_TYPED_FUNC_START_ALIAS(name) \ + __SYM_TYPED_FUNC_START_ALIAS(name, name) + +#define SYM_TYPED_FUNC_START(name) \ + __SYM_TYPED_FUNC_START(name, name) +#endif /* __ASSEMBLY__ */ + +#endif /* _LINUX_CFI_TYPES_H */ From patchwork Fri May 13 20:21:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849367 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7A62EC433EF for ; Fri, 13 May 2022 20:22:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384169AbiEMUW6 (ORCPT ); Fri, 13 May 2022 16:22:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43210 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384178AbiEMUWn (ORCPT ); Fri, 13 May 2022 16:22:43 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7965615A744 for ; Fri, 13 May 2022 13:22:21 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2fb7bf98f1aso81568517b3.5 for ; Fri, 13 May 2022 13:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=bOpzM5rX2l4ip7yxSBZMEDJLuv66hWELCctweBJJHks=; b=rL/hL6OntTIlT6+vghCQAiZfUmoZf+JKLSwkZf+IrrsNgssVEJVawitmFaYY55jmBe amD7Eq+wsfiNCduzWZ9qsgP4L4Eaoz5WdsbalKIQn6dmzQtZSjg5Ws94G9xU2GMA3379 ptYLd/GCT/HZYVruQu1ULOS8r60MhY8tYFWaQkLiwx/jHZy3Hv8nqZJGcbTTlO61CRHO Ui5viFE1OPI2iQTd8ZFgpeNNg8UIf9lxq/5l0yMHnkI4aHbNASnhtiPtCkKN6ow4/8Gy Buw+p+M5hlwFYUt71jzAT461tK+NYI45ChnwXdq3pjmdEybkufp0sSLOl8jFCSlKjOtr c9KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=bOpzM5rX2l4ip7yxSBZMEDJLuv66hWELCctweBJJHks=; b=OaS0suH5CCtMHMFc/m88cKAUxnTLCYgGauJ82B1LgAbYIEY71jycw+bMldyfuCLDSi SZZNMwGVnGH7loS6iE0HPZqYFS37ljYGYz+2lUNyF1NA/08IcIxKZeUL/YCzntvzeMvG q8UeFuCcQsIDJGr2krQaUoWDwHeJ52TJdZiWzzWFcHoKtOWUxAt5p6xRl1tu8jsTrGIL 5yKkbxiD1i8ZaIpptqHrB2HbM6hJJRgeQ+w3ur6C4+M1gSSdZBZ3lmlxEEryKPBJGJlU Udv99egJpaedf3wdVd0DTRH32huBNXM7jnN9t0AJziIOVtf2ncWG0chNNMpmQAgule1K 9+8Q== X-Gm-Message-State: AOAM5309L2GLQGa4bFMzb5i91mmJyytp6exWszvVTuSNmIuxTl3SjkI+ lUTxipm11KZpPfe/WdM8KpGvqxYBvBpv5+qxI8Y= X-Google-Smtp-Source: ABdhPJwWzw5BAhCv70kXSSaCh7PhBQVVl4ghLTYlA0W/0QO97ijY+sTWmPSKw5zlsA+je25PPHFJReZCMSvJtqlJTmo= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:b320:0:b0:645:6969:52f4 with SMTP id l32-20020a25b320000000b00645696952f4mr6410598ybj.466.1652473340628; Fri, 13 May 2022 13:22:20 -0700 (PDT) Date: Fri, 13 May 2022 13:21:46 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-9-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=835; h=from:subject; bh=HH1ZoZ4U7IrTG0qT02hkMGqwA8ikkqMw52ht6iNCIe8=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j/HnryEij1/HDUc2sbZLQyYN7d6556HPZq1qT l1xSJNOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7ktXDA CU67UkQ9+rP6BZrl4m0BX4xUiwzSmmKPLl9nByQ7yxpXu6x9cOxvsh7U+Y+kdEvD+wXiJX/83jCg88 viRNpRYeMvJXxI1DPEyJhK+E2GSrC8RfNlnOKOCBWyBm9pDr7/akIxQSKPItAZ9NR9hoZDzYxImk2b kFlY7+tt3abbniKqgwD2SlAe9ab1jJeTDp1b8ijpK85f3dEHhJtGWHn4ijrJQWlimUHtN4amn+DJmV I7Ti8ClmSh7Lky12ga65DmJQ3s1WHHj5ZrZGalNG25evyzYj+FTwpvEv/D9IRDB2+brvZ/pidt0x7N F1EQbzuYgZCDrr4PNCycx1HLCBZ4pC1q+96fvrsjj4UyPP6hEiyzGaqhTM211QovCAKh8N5YyyY8Kq cgmRTA/+rmphPKNrl6e434tN7thBoUXXn9pnTlR1B7tNq5ZAio1MvLBno+7zYk2Lthd97TwEgrcjPV xYOFqJC1W7SajhbCnMeZUuTW5HZSIq64lZnTLiQXLJKfU= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 08/21] psci: Fix the function type for psci_initcall_t From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Functions called through a psci_initcall_t pointer all have non-const arguments. Fix the type definition to avoid tripping indirect call checks with CFI_CLANG. Reported-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- drivers/firmware/psci/psci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c index cfb448eabdaa..6554bf4b8c99 100644 --- a/drivers/firmware/psci/psci.c +++ b/drivers/firmware/psci/psci.c @@ -521,7 +521,7 @@ static int __init psci_probe(void) return 0; } -typedef int (*psci_initcall_t)(const struct device_node *); +typedef int (*psci_initcall_t)(struct device_node *); /* * PSCI init function for PSCI versions >=0.2 From patchwork Fri May 13 20:21:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F5C4C433F5 for ; Fri, 13 May 2022 20:22:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384144AbiEMUWq (ORCPT ); Fri, 13 May 2022 16:22:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384152AbiEMUWn (ORCPT ); Fri, 13 May 2022 16:22:43 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D61E316D4A8 for ; Fri, 13 May 2022 13:22:23 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id d134-20020a25e68c000000b006483b1adcc3so8189090ybh.11 for ; Fri, 13 May 2022 13:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=qSFqHEoM0jVY7Xc145M1tC6JaMH9LeBcrCGvTvckEBI=; b=cByubZC95NZHiGgqSDuLONtA3X/WkLE+HVnc2mzvEL8ZduMsM8hhr6bGQhjb5MAoBf AlxWoFJljgvPJAPexGdsYAU2nkBf2511z76YHeCLBBKG0AAYVqG85Ns8p0H5W1w5vphk R+kEXvZ920Vz9rWKPcwDnTjphfS8yAb1vP3H2TwcJedrvDrAz0I2StTob25tINYtK41w dFHR1/CxVJuaplVjk1XnKzaYEW6m/C1cuf3Iqs0DUZ9htCJOpUbLQuifBjU1Cnimx+Bw DryMNF1HR27a9YQqZ5rpnYIGLfjb9lXH9MM5byY46h79zx0IWoycyOAqIAeODvAlCl4n g0fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qSFqHEoM0jVY7Xc145M1tC6JaMH9LeBcrCGvTvckEBI=; b=WuqQJuNM5cFdTeKe0018rZgv1snojCvHeTnFBIJKP58q6P3v80KB16iec7olVkzwkJ 1Qxyuiku+ZCgu11pIl6vVAeTAqpRMHr5//uKn7rcyM24+ECNtpc4PyiTGXHkkNpHPLUB mk9uHjh0q4NZlFtbn8krGDSqdL4hYmZYFSel5IISG6bG3/UGfzg5oOPmvBTmsveWjD/F RGo5n6cHbyllsWeW5lskHmLg2uAGTt1DZ743R8L166y8AHulHesoPECJAd1+Bs+3eoTB JTP9hvrKyhNhGvVNxaFA5UVFg2qAin9GHnBLraoqjAaD68zgosgMCh3pS+0pqd7/RMHv Nx3Q== X-Gm-Message-State: AOAM533dckM42m909nOZoUyYKKLTsRRr/CwBLvogR7upFA64RQk2rSf8 8qjWs/PPxCx+Zs5gN0L+8Oi0Y4JXPFfbaAlcIS4= X-Google-Smtp-Source: ABdhPJxDA6ZdqsEPj1xJDYsYUmAOPwqTrdnMoq/rG+psn5HvqkJ8fzRIKNGmJ0yGoi6cJV7H5UV2gjxi7x01RpVxzCs= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:84:b0:63d:4a3d:eb5 with SMTP id h4-20020a056902008400b0063d4a3d0eb5mr6762470ybs.145.1652473342924; Fri, 13 May 2022 13:22:22 -0700 (PDT) Date: Fri, 13 May 2022 13:21:47 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-10-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=3798; h=from:subject; bh=4TCS/TOOZQmpZTvnkB/4gv9RquE2CFE6aPMp1ORi+F8=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3keudw4QkzukoMzVjW96Vw+mRxd/N17uuheg4o ZrrHzi+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7mAnC/ 9MFFSpVcCRnjn6y/sZgCMgB5v8SzFD4fcUMRzQdCuywzauLs6IVlf2abTnws4RBuqt7xXRPaT0d/Tp CCDvoWoZFKFeNWuUyQQdq8O7hdkgMuRAE+YdBhUJj7/b8NNcxtC//EOkOMwUrddtnhRe+mpqu114Wt x0LCWvLmWILbkSArCygz4rgemA07WPWqt5qveGMr/+j2gvuZlXXlrz8HUewJ30uyHQeeeFk8dXRH41 Q59fHATagQlVvKd+rYHMie0iY8PA0hShyA8NRIc3pLg+ZezhtHPudqd7m93l8758xWWMK/RGkNUWqc yIWBB4W3oOfq6RzuUShftpo40PN+Gp2cNvGocpje01s8dROy4bqL2HYjWmLS1nJN4v9PEsMc0KdLMy IbmU/jfkO9j3mbRV3Eg2GqPE/h5IpHeC/yo4w6LEJ69OktyEoM6DTD+k0eg3RitzHvCPjTnnf2eE0E NwIRPdYI8Xg4cSruMxRSdJXpLJx6qOsiQBXk9HWActwcE= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 09/21] arm64: Add types to indirect called assembly functions From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use SYM_TYPED_FUNC_START for indirectly called functions. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/crypto/ghash-ce-core.S | 5 +++-- arch/arm64/crypto/sm3-ce-core.S | 3 ++- arch/arm64/kernel/cpu-reset.S | 5 +++-- arch/arm64/mm/proc.S | 5 +++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/arm64/crypto/ghash-ce-core.S b/arch/arm64/crypto/ghash-ce-core.S index 7868330dd54e..ebe5558929b7 100644 --- a/arch/arm64/crypto/ghash-ce-core.S +++ b/arch/arm64/crypto/ghash-ce-core.S @@ -6,6 +6,7 @@ */ #include +#include #include SHASH .req v0 @@ -350,11 +351,11 @@ CPU_LE( rev64 T1.16b, T1.16b ) * void pmull_ghash_update(int blocks, u64 dg[], const char *src, * struct ghash_key const *k, const char *head) */ -SYM_FUNC_START(pmull_ghash_update_p64) +SYM_TYPED_FUNC_START(pmull_ghash_update_p64) __pmull_ghash p64 SYM_FUNC_END(pmull_ghash_update_p64) -SYM_FUNC_START(pmull_ghash_update_p8) +SYM_TYPED_FUNC_START(pmull_ghash_update_p8) __pmull_ghash p8 SYM_FUNC_END(pmull_ghash_update_p8) diff --git a/arch/arm64/crypto/sm3-ce-core.S b/arch/arm64/crypto/sm3-ce-core.S index ef97d3187cb7..ca70cfacd0d0 100644 --- a/arch/arm64/crypto/sm3-ce-core.S +++ b/arch/arm64/crypto/sm3-ce-core.S @@ -6,6 +6,7 @@ */ #include +#include #include .irp b, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 @@ -73,7 +74,7 @@ * int blocks) */ .text -SYM_FUNC_START(sm3_ce_transform) +SYM_TYPED_FUNC_START(sm3_ce_transform) /* load state */ ld1 {v8.4s-v9.4s}, [x0] rev64 v8.4s, v8.4s diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S index 48a8af97faa9..6b752fe89745 100644 --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -28,7 +29,7 @@ * branch to what would be the reset vector. It must be executed with the * flat identity mapping. */ -SYM_CODE_START(cpu_soft_restart) +SYM_TYPED_FUNC_START(cpu_soft_restart) mov_q x12, INIT_SCTLR_EL1_MMU_OFF pre_disable_mmu_workaround /* @@ -47,6 +48,6 @@ SYM_CODE_START(cpu_soft_restart) mov x1, x3 // arg1 mov x2, x4 // arg2 br x8 -SYM_CODE_END(cpu_soft_restart) +SYM_FUNC_END(cpu_soft_restart) .popsection diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 50bbed947bec..dfa715315551 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -184,7 +185,7 @@ SYM_FUNC_END(cpu_do_resume) * This is the low-level counterpart to cpu_replace_ttbr1, and should not be * called by anything else. It can only be executed from a TTBR0 mapping. */ -SYM_FUNC_START(idmap_cpu_replace_ttbr1) +SYM_TYPED_FUNC_START(idmap_cpu_replace_ttbr1) save_and_disable_daif flags=x2 __idmap_cpu_set_reserved_ttbr1 x1, x3 @@ -224,7 +225,7 @@ SYM_FUNC_END(idmap_cpu_replace_ttbr1) */ __idmap_kpti_flag: .long 1 -SYM_FUNC_START(idmap_kpti_install_ng_mappings) +SYM_TYPED_FUNC_START(idmap_kpti_install_ng_mappings) cpu .req w0 num_cpus .req w1 swapper_pa .req x2 From patchwork Fri May 13 20:21:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849365 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B38D0C433F5 for ; Fri, 13 May 2022 20:22:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384247AbiEMUWs (ORCPT ); Fri, 13 May 2022 16:22:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384107AbiEMUWo (ORCPT ); Fri, 13 May 2022 16:22:44 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 363611632A7 for ; Fri, 13 May 2022 13:22:26 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id b33-20020a25aea1000000b0064588c45fbaso8147647ybj.16 for ; Fri, 13 May 2022 13:22:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Md6wwFDvMB4PVLqDkhfp9mTXd6QYVPx7Z8FPR5f9BSc=; b=KiVS3O4bekcxB7zRZoUJHFZJC7pmj9et4ExYBMRQtrZU8uDdsD3u+yuBe2bpvHaboU icZWw3PUM7spsGQu8RtA1aBOVIb1TYAejdog7cMCVttwD9GBxAh1mMFoUmkbc8g6LhE6 7VkGoEPn54yf0UcOMBF+yOqdXQNuzX/wnmG40puQlxRB6ekpOaaFEp0ZczuHMwwQpq4o 3x3klsFe0NGwLywlH8fDArVTUG5ZKzuXuhX1Ua2NneiDnzgkNTJPR3JX0InVVnr7olCT ha0Lzz9IjicA8KUwWf24IYVSSBiuTB6Kr4ntbh/fI76NbITvA/+8xWXIGKUZjKbOmq8I Q3dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Md6wwFDvMB4PVLqDkhfp9mTXd6QYVPx7Z8FPR5f9BSc=; b=lyjTkugcvz3q0cewNyKa2Y5r7n/HXr0stLOMH0hjYuUzYOxcMt4oHkauhxOeT4LLdF 883I5plrxCaDjV55kZsPmQvCpHBqZJ6LskqoyNrH5AzaOWeVpC0CdfDyO6NStKJA6/nA cEnabgTV04dMw4YbTkyM/gXmEOADjHDeJ2heFDk1lN0d0spC5JMMagcB4uE6m+BfKdju 1DI3JJdOwS264LCJhUiRs1mM3/GF7E1zkch0EIxxYU98EddWE8hMi7HjE78Th8yXftxc 0we8wD5tZx5nUFnBbxnmmaoK4ArcTbgRUjz9un0/XE67QDsdIrmnnGmlXHtOUiWCAfvv 9Nzw== X-Gm-Message-State: AOAM532IEh4d8IXFicE8gi+TNylflvBXGaNTUS58q5B7XSaTgHwQri8T MTL/j+3NCX316XoOblmQa+TgXGTHJv9gVxSxeTg= X-Google-Smtp-Source: ABdhPJzzS+hgrDXkIQ78C1jkwVYeeiqi5zDv7GpOH8HTs/OQpJlVpQOvxTx5coGiuLkilLM7qnBvEsaxCyb0BC1W874= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a0d:f545:0:b0:2fe:abb3:7c with SMTP id e66-20020a0df545000000b002feabb3007cmr6167664ywf.442.1652473345464; Fri, 13 May 2022 13:22:25 -0700 (PDT) Date: Fri, 13 May 2022 13:21:48 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-11-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=4086; h=from:subject; bh=cZE++FYxgA229q0aEVyJMl4ketApj5AOcD5nAVOWycA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kd278w3J1O0/fEBAHIfTms9eoTg4xVty1x+fK sxtAHyaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7oQyC/ 9MK5AaJuJ0icIag21s1ACQae/rcQ41SWh1Ec8GZwcMOoJRNqBhJHgFoOgs6sXcBcAb/evxOT6/I4Yt PoLSoTUYzU/wrJ67vPbLcuVppH1i8JDgV902A1wsjtaNLZEfqjtMFOlNsx2qlwJb/m3jqyReATfZUl Di7bvD/X8nPduu+wx+FYK6yN1CbB2MyanTnqytQDgBJG+ekfG3qwYZU6caWhHxli8mW3Aaol4qf5Ez uzXpaVu1FeVEw57NTqcwwSB5qIuMm3Ex1TGjLW/M0aeSUEcW0GiG6fr2EiWsdQILSlGG5zlaBW5GUR 2qnQXy5m1b/upu1i1lHM+rRuqMQ63eAn4tOoVvsQbRb5wh3z4+xRPiR6WYV9JtWCDN/aXKegiDKzZY Ddi/6Azc4I2/hxVQoB2KvshJfM3hpkm+Y1RPwZwmJY+h7v4eucWpyQEKru0C9hp3vvSQ1tK31t9kMV KOiO4NAvTjGTUhPLwehD8ina98kge2npOGXqie6Wf/i2A= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 10/21] arm64: Add CFI error handling From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With -fsanitize=kcfi, CFI always traps. Add arm64 support for handling CFI failures. The registers containing the target address and the expected type are encoded in the first ten bits of the ESR as follows: - 0-4: n, where the register Xn contains the target address - 5-9: m, where the register Wm contains the type hash Suggested-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/brk-imm.h | 6 +++++ arch/arm64/kernel/traps.c | 46 +++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/brk-imm.h b/arch/arm64/include/asm/brk-imm.h index ec7720dbe2c8..6e000113e508 100644 --- a/arch/arm64/include/asm/brk-imm.h +++ b/arch/arm64/include/asm/brk-imm.h @@ -17,6 +17,7 @@ * 0x401: for compile time BRK instruction * 0x800: kernel-mode BUG() and WARN() traps * 0x9xx: tag-based KASAN trap (allowed values 0x900 - 0x9ff) + * 0x8xxx: Control-Flow Integrity traps */ #define KPROBES_BRK_IMM 0x004 #define UPROBES_BRK_IMM 0x005 @@ -28,4 +29,9 @@ #define KASAN_BRK_IMM 0x900 #define KASAN_BRK_MASK 0x0ff +#define CFI_BRK_IMM_TARGET GENMASK(4, 0) +#define CFI_BRK_IMM_TYPE GENMASK(9, 5) +#define CFI_BRK_IMM_BASE 0x8000 +#define CFI_BRK_IMM_MASK (CFI_BRK_IMM_TARGET | CFI_BRK_IMM_TYPE) + #endif diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 0529fd57567e..17b083b683f4 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -990,6 +991,37 @@ static struct break_hook bug_break_hook = { .imm = BUG_BRK_IMM, }; +#ifdef CONFIG_CFI_CLANG +static int cfi_handler(struct pt_regs *regs, unsigned int esr) +{ + unsigned long target, type; + + target = pt_regs_read_reg(regs, FIELD_GET(CFI_BRK_IMM_TARGET, esr)); + type = pt_regs_read_reg(regs, FIELD_GET(CFI_BRK_IMM_TYPE, esr)); + + switch (report_cfi_failure(regs, regs->pc, target, type)) { + case BUG_TRAP_TYPE_BUG: + die("Oops - CFI", regs, 0); + break; + + case BUG_TRAP_TYPE_WARN: + break; + + default: + return DBG_HOOK_ERROR; + } + + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); + return DBG_HOOK_HANDLED; +} + +static struct break_hook cfi_break_hook = { + .fn = cfi_handler, + .imm = CFI_BRK_IMM_BASE, + .mask = CFI_BRK_IMM_MASK, +}; +#endif /* CONFIG_CFI_CLANG */ + static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) { pr_err("%s generated an invalid instruction at %pS!\n", @@ -1051,6 +1083,9 @@ static struct break_hook kasan_break_hook = { }; #endif + +#define esr_comment(esr) ((esr) & ESR_ELx_BRK64_ISS_COMMENT_MASK) + /* * Initial handler for AArch64 BRK exceptions * This handler only used until debug_traps_init(). @@ -1058,10 +1093,12 @@ static struct break_hook kasan_break_hook = { int __init early_brk64(unsigned long addr, unsigned int esr, struct pt_regs *regs) { +#ifdef CONFIG_CFI_CLANG + if ((esr_comment(esr) & ~CFI_BRK_IMM_MASK) == CFI_BRK_IMM_BASE) + return cfi_handler(regs, esr) != DBG_HOOK_HANDLED; +#endif #ifdef CONFIG_KASAN_SW_TAGS - unsigned int comment = esr & ESR_ELx_BRK64_ISS_COMMENT_MASK; - - if ((comment & ~KASAN_BRK_MASK) == KASAN_BRK_IMM) + if ((esr_comment(esr) & ~KASAN_BRK_MASK) == KASAN_BRK_IMM) return kasan_handler(regs, esr) != DBG_HOOK_HANDLED; #endif return bug_handler(regs, esr) != DBG_HOOK_HANDLED; @@ -1070,6 +1107,9 @@ int __init early_brk64(unsigned long addr, unsigned int esr, void __init trap_init(void) { register_kernel_break_hook(&bug_break_hook); +#ifdef CONFIG_CFI_CLANG + register_kernel_break_hook(&cfi_break_hook); +#endif register_kernel_break_hook(&fault_break_hook); #ifdef CONFIG_KASAN_SW_TAGS register_kernel_break_hook(&kasan_break_hook); From patchwork Fri May 13 20:21:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849366 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CDB96C433F5 for ; Fri, 13 May 2022 20:22:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384107AbiEMUWu (ORCPT ); Fri, 13 May 2022 16:22:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384199AbiEMUWp (ORCPT ); Fri, 13 May 2022 16:22:45 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A9EB175698 for ; Fri, 13 May 2022 13:22:28 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f8398e99dcso81695567b3.9 for ; Fri, 13 May 2022 13:22:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=hVI2H0xnZ7RmL/u8CtkGkcPsuty3huMjT1xVoaokMS8=; b=ChOWWSpwlZWxcJIQ+SaNXPfO7pMlQzZbg6m7xZvVehWYTAEfesAlK2rfgMl6kKYUJZ PC88MEu08ggaydfb7OYECcrn2NOkrMNmn4eblAgc0zmX5VRvl27k7SoIFReIQfZLRN8r Xj+i+6O7FRCzR9R40JANUSe2JsNQtPUVmZ6bmpUImk/RWRvp35IAvOEg1QHOncWHWOnk XFPQyfBLs72a30aa6J5tmiMLgoA9h+0MOtVMP6BgtZM14sSGVY6sTiFi8Kp9sHcbO8mr 6JuTiZzANlnMwoHHFhf4NoXoBBK3TW7AygfM2wKUm2o2ehKVgRxQJX1O8ZfSyi07I/GC 15xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=hVI2H0xnZ7RmL/u8CtkGkcPsuty3huMjT1xVoaokMS8=; b=AqsZ/cMUHtUX8JmgzVo08hfev0IijOZkwyCqAxnVc1DErQguNLWAIcuQqx+MlM5gIQ XLzWVvGC+JN/nuuL+aO4njlhZtgP9P/4mMfHIh/5SzQf6Af+vSe/lFHb7NSvjF0jDeFf OxdXw+xLvIBZOPcrzF9K8XKuzhrP/8OQ0Mtrip3PYcmFjobADTdbXbUtJD9pih+OEKrp gSuepEPKlJurZbfw2gOJ+hR4ihhEpjCQCHZ90McsIhabtLIKQkJN82C5J4uYZBEbQP/O BnAqfwnGGszHud8qI9/OnMnszQ0c76ERBXfEGoaPKQ1jPfTc0dp/4pfvPctxHmFuWNfv CgVg== X-Gm-Message-State: AOAM532myg8xSMyJrDbamopnGXCNjeS6gY6555Ui/xcod9iC5KjsBVJO 5djyJMlrhk0a2uIvZiK349tXMkFQKUgHfh17hr4= X-Google-Smtp-Source: ABdhPJyXOQ8uvyWPL+12fGNZws/BE5YW9i9nX3hNgx2mGOV+806AxTC5RpGIfedu/1NbCFyEdmO58l9WKRQjRyjzaEE= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:6407:0:b0:64b:4b88:a3a1 with SMTP id y7-20020a256407000000b0064b4b88a3a1mr6935792ybb.320.1652473347761; Fri, 13 May 2022 13:22:27 -0700 (PDT) Date: Fri, 13 May 2022 13:21:49 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2335; h=from:subject; bh=UQlGPlwtYybM8FEAV0vACm4HLycz0znjf8+xx6gkTx0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3knoHGJRQ8lklk1VH0eWFsW6jNYP2xh19dScd+ EuJIIM2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7kRSC/ 42vBryC3ccOIXP/usmo03Al21Qca5sIegalwVHuJV+choTcYrlXsVgpXmKEbgvi0MOdXz7P2uXwf6N ZMqBuYr2/fS7MiuRb0lv3fUxcWTBSlLokzEKszNO55+3k1A2+OaE1jGDM26vzTk4E6f/ehXixU/lmb EPwPWGqa6vrC9QuGN0TOqrJw9h6RZh7EmB5kzUNvXQx0dPN/t0h4qyIufAjODvsE/Umg2MZ+NwqIww SXHqyzYZeaEY3pxLTbJ2FC9WvJaK/LnVAtWGuvmNdvdTjHq7ly2b3SVz/5el1sPLp+v5ZoAZ1C6wF/ HeIsnn2jx/Mk2gb7IcxRwxwtMZjrnTDW9lfq/d0TDHhReaCXOqEWfwE02+h7xRT+xyVP0J2XVbpUK4 KbUE3kdbMCFdQidVvRFCZlCYl5UbTml8VKUW+GZu1taVIPo5a9jIUwUHJXhrLhxKRfAWWFnz5DnB2g vTke5m0gcOVH/HeP/DAQgo3aqLyGnKoS8NlOfBBSnEqmc= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 11/21] arm64: Drop unneeded __nocfi attributes From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With -fsanitize=kcfi, CONFIG_CFI_CLANG no longer has issues with address space confusion in functions that switch to linear mapping. Now that the indirectly called assembly functions have type annotations, drop the __nocfi attributes. Suggested-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/kernel/alternative.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 6770667b34a3..ca0140d0b8cf 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -143,7 +143,7 @@ static inline void cpu_install_ttbr0(phys_addr_t ttbr0, unsigned long t0sz) * Atomically replaces the active TTBR1_EL1 PGD with a new VA-compatible PGD, * avoiding the possibility of conflicting TLB entries being allocated. */ -static inline void __nocfi cpu_replace_ttbr1(pgd_t *pgdp) +static inline void cpu_replace_ttbr1(pgd_t *pgdp) { typedef void (ttbr_replace_func)(phys_addr_t); extern ttbr_replace_func idmap_cpu_replace_ttbr1; diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c index 7bbf5104b7b7..e98466bab633 100644 --- a/arch/arm64/kernel/alternative.c +++ b/arch/arm64/kernel/alternative.c @@ -133,7 +133,7 @@ static void clean_dcache_range_nopatch(u64 start, u64 end) } while (cur += d_size, cur < end); } -static void __nocfi __apply_alternatives(struct alt_region *region, bool is_module, +static void __apply_alternatives(struct alt_region *region, bool is_module, unsigned long *feature_mask) { struct alt_instr *alt; diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d72c4b4d389c..af78dcacf9fe 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1596,7 +1596,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, } #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -static void __nocfi +static void kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) { typedef void (kpti_remap_fn)(int, int, phys_addr_t); From patchwork Fri May 13 20:21:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849375 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 746FCC433F5 for ; Fri, 13 May 2022 20:23:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384211AbiEMUXK (ORCPT ); Fri, 13 May 2022 16:23:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384222AbiEMUWq (ORCPT ); Fri, 13 May 2022 16:22:46 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58F3817857F for ; Fri, 13 May 2022 13:22:30 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f7c5767f0fso81488287b3.4 for ; Fri, 13 May 2022 13:22:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=pKueGfTY/goVznJAZHYRfYoVZQS7FwsuWNl2D1WQxOc=; b=AicD+aVMHbyUQgelDu/u1R/RkuImfZ3NGDh4a/dhInL4LzdUJxQBUWHXlNlcacf0eI CegXrZ2hbEYHxCUPYInEXPizy12BBQI2p1qyscoH6IJ4i67DbcWl83hZ0URoR1t83ocY c46yJ7P8M3Or0ilkvKBy91bhCu6kDnwYsiF04Im92neNmb6JP6jzyBds6Mv6f8qqAhbl oITe/nj0cScYIxxAw+C2IhHsj3Xs9ByKn4k4SHBna424pWvxrFdSR/60KXeg7yESas/W iOC1TWXB+03qjcnLDnZSLHddRJ8TkQYFlQZLdByDZojTADJhNpC7XlLuaG4fErPLqiX2 soxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=pKueGfTY/goVznJAZHYRfYoVZQS7FwsuWNl2D1WQxOc=; b=uKAzzVueUkgLzIy4xHetkgjIDS9pNrKVtMZujxt905J8tefF94bYZkSZ7Ko27CwUiD OlmxWn073zU0E2PuHsWejsb8n7GHv4Gi4svJmQ4hlkmNOzaUxZdrtmiYJSWkD5K4L3nq oGmaIkXujuvXVKN13K3yY9Cg9QQPHKSgoxoMXNUuHqRVkmSAt2/In0dDUF2SrXLKAOe3 7kGCCNyLXmKVIpRTL/cf7oRNfaFUWfAGIHw/srFX6HFmd8JJ1TDvG5IB3e2KT8BWZEgV xpZwzdJs2qR2Qq2gFVpdmgVfQv0tygAonJPSzTanDB6D/Jtz/pjpOvn9IzAyky+CUgta 3vOw== X-Gm-Message-State: AOAM5317rxT0gXnJYrVY3Gr5ITfksqV5rFHwPeLEcHRiFNJ1z4CW/02W LwKYR019t4HwJK6EPIwgDjpV2MQCtn2vGG1etVA= X-Google-Smtp-Source: ABdhPJy5NerZ1QnDRY0rssJnyjhliebRM5u8sYM6yAbU5xicftCyA+akr+zUPpxv5UkC8ZHwoVf/gQSETw7HtPBynIE= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:1f85:0:b0:64b:a5fc:e881 with SMTP id f127-20020a251f85000000b0064ba5fce881mr3747683ybf.514.1652473349990; Fri, 13 May 2022 13:22:29 -0700 (PDT) Date: Fri, 13 May 2022 13:21:50 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-13-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8359; h=from:subject; bh=GtdEXeDqgjL7YUExR6pdSdJ+hG7BYB7rjNpqb21+UBA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kPJP7OmlNlPlbiAOhG3bHnMXk3ULzMmONyfdc R6B9+SOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7gLlC/ 9ZqJK6Kjg5kn0Elz0CwXBy+P8cvualdfbnv3PcNfhsDu066XR3fGQzuwjfeTr0eiD/FRQZ7YUprO8d jcsKq+FhrcyaqCWDqG2iGCsZTMBWsYjsfakU0qhXmG3kTJCtm/tg09JcqIJW5CkA7k2lYo8c694yFt qbUJDc2cvKyZAXyO0EhZvHWc0I6H7b8rj1tpJmEgmEtCWqxAAyYAOdDsFBZC5tIEe41ao4EfDqxdd7 kKSabDZgPqthIulZjR+830BQxel97CM4e522nqvu10rk5bVTjilOfbX5B9JxHNALN4a6NhBRNjHVi4 iI04qnAKyKPXlXOoqvJuhTAthCuHBKhRTzqQ6yhQK3SBwxL37jqittFUoRUBzEQeGP2ufp6vVAn0dk NjiZ7sAd8rp2L4G0AzwgXsZPKJmuhj+8wexLnS8d8xz2eCFnz6WdTJB0s56pSbW7x9EJfbeoBjFsjd TxOe937WNZgFvk6Fl01Q4sJ7g6aZbD+3bgbs4x4K8HjEs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 12/21] treewide: Drop function_nocfi From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With -fsanitize=kcfi, we no longer need function_nocfi() as the compiler won't change function references to point to a jump table. Remove all implementations and uses of the macro. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/compiler.h | 16 ---------------- arch/arm64/include/asm/ftrace.h | 2 +- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/kernel/acpi_parking_protocol.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/ftrace.c | 2 +- arch/arm64/kernel/machine_kexec.c | 2 +- arch/arm64/kernel/psci.c | 2 +- arch/arm64/kernel/smp_spin_table.c | 2 +- drivers/firmware/psci/psci.c | 4 ++-- drivers/misc/lkdtm/usercopy.c | 2 +- include/linux/compiler.h | 10 ---------- 12 files changed, 11 insertions(+), 37 deletions(-) diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h index dc3ea4080e2e..6fb2e6bcc392 100644 --- a/arch/arm64/include/asm/compiler.h +++ b/arch/arm64/include/asm/compiler.h @@ -23,20 +23,4 @@ #define __builtin_return_address(val) \ (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val))) -#ifdef CONFIG_CFI_CLANG -/* - * With CONFIG_CFI_CLANG, the compiler replaces function address - * references with the address of the function's CFI jump table - * entry. The function_nocfi macro always returns the address of the - * actual function instead. - */ -#define function_nocfi(x) ({ \ - void *addr; \ - asm("adrp %0, " __stringify(x) "\n\t" \ - "add %0, %0, :lo12:" __stringify(x) \ - : "=r" (addr)); \ - addr; \ -}) -#endif - #endif /* __ASM_COMPILER_H */ diff --git a/arch/arm64/include/asm/ftrace.h b/arch/arm64/include/asm/ftrace.h index 1494cfa8639b..c96d47cb8f46 100644 --- a/arch/arm64/include/asm/ftrace.h +++ b/arch/arm64/include/asm/ftrace.h @@ -26,7 +26,7 @@ #ifdef CONFIG_DYNAMIC_FTRACE_WITH_REGS #define ARCH_SUPPORTS_FTRACE_OPS 1 #else -#define MCOUNT_ADDR ((unsigned long)function_nocfi(_mcount)) +#define MCOUNT_ADDR ((unsigned long)_mcount) #endif /* The BL at the callsite's adjusted rec->ip */ diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index ca0140d0b8cf..8fa4cfbdda90 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -164,7 +164,7 @@ static inline void cpu_replace_ttbr1(pgd_t *pgdp) ttbr1 |= TTBR_CNP_BIT; } - replace_phys = (void *)__pa_symbol(function_nocfi(idmap_cpu_replace_ttbr1)); + replace_phys = (void *)__pa_symbol(idmap_cpu_replace_ttbr1); cpu_install_idmap(); replace_phys(ttbr1); diff --git a/arch/arm64/kernel/acpi_parking_protocol.c b/arch/arm64/kernel/acpi_parking_protocol.c index bfeeb5319abf..b1990e38aed0 100644 --- a/arch/arm64/kernel/acpi_parking_protocol.c +++ b/arch/arm64/kernel/acpi_parking_protocol.c @@ -99,7 +99,7 @@ static int acpi_parking_protocol_cpu_boot(unsigned int cpu) * that read this address need to convert this address to the * Boot-Loader's endianness before jumping. */ - writeq_relaxed(__pa_symbol(function_nocfi(secondary_entry)), + writeq_relaxed(__pa_symbol(secondary_entry), &mailbox->entry_point); writel_relaxed(cpu_entry->gic_cpu_id, &mailbox->cpu_id); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index af78dcacf9fe..5dbe381670a0 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1619,7 +1619,7 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) if (arm64_use_ng_mappings) return; - remap_fn = (void *)__pa_symbol(function_nocfi(idmap_kpti_install_ng_mappings)); + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings); cpu_install_idmap(); remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir)); diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c index 4506c4a90ac1..4128ca6ed485 100644 --- a/arch/arm64/kernel/ftrace.c +++ b/arch/arm64/kernel/ftrace.c @@ -56,7 +56,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) unsigned long pc; u32 new; - pc = (unsigned long)function_nocfi(ftrace_call); + pc = (unsigned long)ftrace_call; new = aarch64_insn_gen_branch_imm(pc, (unsigned long)func, AARCH64_INSN_BRANCH_LINK); diff --git a/arch/arm64/kernel/machine_kexec.c b/arch/arm64/kernel/machine_kexec.c index e16b248699d5..4eb5388aa5a6 100644 --- a/arch/arm64/kernel/machine_kexec.c +++ b/arch/arm64/kernel/machine_kexec.c @@ -204,7 +204,7 @@ void machine_kexec(struct kimage *kimage) typeof(cpu_soft_restart) *restart; cpu_install_idmap(); - restart = (void *)__pa_symbol(function_nocfi(cpu_soft_restart)); + restart = (void *)__pa_symbol(cpu_soft_restart); restart(is_hyp_nvhe(), kimage->start, kimage->arch.dtb_mem, 0, 0); } else { diff --git a/arch/arm64/kernel/psci.c b/arch/arm64/kernel/psci.c index ab7f4c476104..29a8e444db83 100644 --- a/arch/arm64/kernel/psci.c +++ b/arch/arm64/kernel/psci.c @@ -38,7 +38,7 @@ static int __init cpu_psci_cpu_prepare(unsigned int cpu) static int cpu_psci_cpu_boot(unsigned int cpu) { - phys_addr_t pa_secondary_entry = __pa_symbol(function_nocfi(secondary_entry)); + phys_addr_t pa_secondary_entry = __pa_symbol(secondary_entry); int err = psci_ops.cpu_on(cpu_logical_map(cpu), pa_secondary_entry); if (err) pr_err("failed to boot CPU%d (%d)\n", cpu, err); diff --git a/arch/arm64/kernel/smp_spin_table.c b/arch/arm64/kernel/smp_spin_table.c index 7e1624ecab3c..49029eace3ad 100644 --- a/arch/arm64/kernel/smp_spin_table.c +++ b/arch/arm64/kernel/smp_spin_table.c @@ -66,7 +66,7 @@ static int smp_spin_table_cpu_init(unsigned int cpu) static int smp_spin_table_cpu_prepare(unsigned int cpu) { __le64 __iomem *release_addr; - phys_addr_t pa_holding_pen = __pa_symbol(function_nocfi(secondary_holding_pen)); + phys_addr_t pa_holding_pen = __pa_symbol(secondary_holding_pen); if (!cpu_release_addr[cpu]) return -ENODEV; diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c index 6554bf4b8c99..16a1daec8cd2 100644 --- a/drivers/firmware/psci/psci.c +++ b/drivers/firmware/psci/psci.c @@ -334,7 +334,7 @@ static int __init psci_features(u32 psci_func_id) static int psci_suspend_finisher(unsigned long state) { u32 power_state = state; - phys_addr_t pa_cpu_resume = __pa_symbol(function_nocfi(cpu_resume)); + phys_addr_t pa_cpu_resume = __pa_symbol(cpu_resume); return psci_ops.cpu_suspend(power_state, pa_cpu_resume); } @@ -359,7 +359,7 @@ int psci_cpu_suspend_enter(u32 state) static int psci_system_suspend(unsigned long unused) { - phys_addr_t pa_cpu_resume = __pa_symbol(function_nocfi(cpu_resume)); + phys_addr_t pa_cpu_resume = __pa_symbol(cpu_resume); return invoke_psci_fn(PSCI_FN_NATIVE(1_0, SYSTEM_SUSPEND), pa_cpu_resume, 0, 0); diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c index 9161ce7ed47a..79a17b1c4885 100644 --- a/drivers/misc/lkdtm/usercopy.c +++ b/drivers/misc/lkdtm/usercopy.c @@ -318,7 +318,7 @@ void lkdtm_USERCOPY_KERNEL(void) pr_info("attempting bad copy_to_user from kernel text: %px\n", vm_mmap); - if (copy_to_user((void __user *)user_addr, function_nocfi(vm_mmap), + if (copy_to_user((void __user *)user_addr, vm_mmap, unconst + PAGE_SIZE)) { pr_warn("copy_to_user failed, but lacked Oops\n"); goto free_user; diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 9303f5fe5d89..80ed9644d129 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -203,16 +203,6 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, __v; \ }) -/* - * With CONFIG_CFI_CLANG, the compiler replaces function addresses in - * instrumented C code with jump table addresses. Architectures that - * support CFI can define this macro to return the actual function address - * when needed. - */ -#ifndef function_nocfi -#define function_nocfi(x) (x) -#endif - #endif /* __KERNEL__ */ /* From patchwork Fri May 13 20:21:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849368 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16565C4332F for ; Fri, 13 May 2022 20:23:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384127AbiEMUW7 (ORCPT ); Fri, 13 May 2022 16:22:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384221AbiEMUWq (ORCPT ); Fri, 13 May 2022 16:22:46 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 225CC17569F for ; Fri, 13 May 2022 13:22:33 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id w21-20020a25df15000000b0064b401428bfso7256613ybg.22 for ; Fri, 13 May 2022 13:22:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=A+7QPiSqoa8uHCAaz7cWSuhzWOaNl1zZwhVwOmSdW3Q=; b=eoneec1qCPJ+mzeLTO/26o4Gge0cWT5SAiGzbalPj2kajo6F/0cY+hXNaJV6/r+1ew Y6uGiwZLXUyodzZ8UYO/n8YLOsl89RGDclgPhS6fxgoPf/o7am8+mqu4bw/b3L+/Yuyi Cc/OaxzJLjKECCzrQRpdRnOuumBxE4idnbmxYj0GGrcjayFmVVo2gRU+pSIAIGWkmF0a 3GrUoXzWAOrstvsKGj3Hh/ia4A/Gbuk8XwS8MbQH/z19h/yMUcGvuCm84jFLSCi6XCzG qcVtZMwaKqUWyqXG9PrxZtGErnPUmFAsNBu4fvRjKv6v93XufMYo0X2ugGmnuiRsSDsp gASQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=A+7QPiSqoa8uHCAaz7cWSuhzWOaNl1zZwhVwOmSdW3Q=; b=oQKgyZdxgYT2K15+DzOeBk3dzvimrSG3m6dmehTSFLnUmTZvC1SPFw+x1gkGEmzagL B+QyHfrA9bYDmnFU75NJAefbChHtkdVGFlbivNX8yKluAfRS7LIRWVPqw1ktjSaPYKl1 +2ZmiBHGgQebqsXj2dYO+c20ynlJI8vegUp+JitG95b2PNFl2bWU7qKgxs6+ux+61ap2 oPfECX6uvETc62LFcIACiKTm0ZVOo1Du5Mmk9szobmHavlN0k7+LzKo4Dczfs14G8Hei vBPMXONTTdzLncPgIj5m7cpsvhwAdPw0I0C6kXV0wYUFTKbwZmKK6L117aOsV0IPjWjn CO+g== X-Gm-Message-State: AOAM5320qi9xvjg1H6L8J11B7WdRlkaQso+5wc+gPoGXFpdbwNGHvqUe zNM23c4NAg3Obi2mw1zL+YNboLFQfyEN8b8Hcxo= X-Google-Smtp-Source: ABdhPJzvGknJQJvJIOdsshYzjyQxItMWAOO5KzitzyEuNvSreyd+VCQrAAW9GnGKTwHoKx86rGgma5rzRyc5taV0BnQ= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:3685:0:b0:2fb:947b:5247 with SMTP id d127-20020a813685000000b002fb947b5247mr7593917ywa.64.1652473352269; Fri, 13 May 2022 13:22:32 -0700 (PDT) Date: Fri, 13 May 2022 13:21:51 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-14-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2492; h=from:subject; bh=O+VMkemg5E90usG6SsfLEV+HTvQnGaBlMMBcrxqTesI=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kE9sw78o8+eJw34YnMmYuK157n4APskm6j4x8 RWFsHcaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7nURC/ wOdNWBO3UhCkvlEOcn4eL9iiDgGLHqd+ms7km80Bh8LZzW9sOnnlG3t3vRb52kdG5VEXtgkxioGv41 xDP0vHe/60Dqza8pTAK6oUDwZ9oravnzAdveNeysGT+iWwn6o+1PlLzaJmMM1WHiNJunt64I1Frt7l MG+kykOaX8IOtuUHQGbZHWos22oiPy9qAluaUwvZuPOkfOfDaZILICUJ+aOVo0YsM8pziu05P1lMyZ S6JU5H6j9BiCebv0Fc2EqSsSN5gNHjaRWhPBzA5au10tr+30q+wOqa1BHCK8mMAkmGTFUQZsKOfVyJ OcIxdboVGgRVBnDBRJCMZ8aytWoWx0G6HlaYhqS/WvOC1C4QDVu1DaIIC7FFX3v7KJB+D8zmwf7Tzo BbojzcBBfnmu6tJIxx1uUPt69XNi1OBt4xpbkBA8+eLJ4X7gmJouTVZo8KFUFQJeB6mF8MYQ1ttzhr h0OWEF+nFaDfGtzLvSL23nOGQJx8DP5aI9DLAbnTGhKs8= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 13/21] treewide: Drop WARN_ON_FUNCTION_MISMATCH From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org CONFIG_CFI_CLANG no longer breaks cross-module function address equality, which makes WARN_ON_FUNCTION_MISMATCH unnecessary. Remove the definition and switch back to WARN_ON_ONCE. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/asm-generic/bug.h | 16 ---------------- kernel/kthread.c | 3 +-- kernel/workqueue.c | 2 +- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h index ba1f860af38b..4050b191e1a9 100644 --- a/include/asm-generic/bug.h +++ b/include/asm-generic/bug.h @@ -220,22 +220,6 @@ extern __printf(1, 2) void __warn_printk(const char *fmt, ...); # define WARN_ON_SMP(x) ({0;}) #endif -/* - * WARN_ON_FUNCTION_MISMATCH() warns if a value doesn't match a - * function address, and can be useful for catching issues with - * callback functions, for example. - * - * With CONFIG_CFI_CLANG, the warning is disabled because the - * compiler replaces function addresses taken in C code with - * local jump table addresses, which breaks cross-module function - * address equality. - */ -#if defined(CONFIG_CFI_CLANG) && defined(CONFIG_MODULES) -# define WARN_ON_FUNCTION_MISMATCH(x, fn) ({ 0; }) -#else -# define WARN_ON_FUNCTION_MISMATCH(x, fn) WARN_ON_ONCE((x) != (fn)) -#endif - #endif /* __ASSEMBLY__ */ #endif diff --git a/kernel/kthread.c b/kernel/kthread.c index 50265f69a135..dfeb87876b4a 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -1050,8 +1050,7 @@ static void __kthread_queue_delayed_work(struct kthread_worker *worker, struct timer_list *timer = &dwork->timer; struct kthread_work *work = &dwork->work; - WARN_ON_FUNCTION_MISMATCH(timer->function, - kthread_delayed_work_timer_fn); + WARN_ON_ONCE(timer->function != kthread_delayed_work_timer_fn); /* * If @delay is 0, queue @dwork->work immediately. This is for diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 0d2514b4ff0d..18c1a1c09684 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1651,7 +1651,7 @@ static void __queue_delayed_work(int cpu, struct workqueue_struct *wq, struct work_struct *work = &dwork->work; WARN_ON_ONCE(!wq); - WARN_ON_FUNCTION_MISMATCH(timer->function, delayed_work_timer_fn); + WARN_ON_ONCE(timer->function != delayed_work_timer_fn); WARN_ON_ONCE(timer_pending(timer)); WARN_ON_ONCE(!list_empty(&work->entry)); From patchwork Fri May 13 20:21:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0B08C433F5 for ; Fri, 13 May 2022 20:23:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384233AbiEMUXA (ORCPT ); Fri, 13 May 2022 16:23:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384149AbiEMUWr (ORCPT ); Fri, 13 May 2022 16:22:47 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 209DD179427 for ; Fri, 13 May 2022 13:22:35 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2f16f3a7c34so80823127b3.17 for ; Fri, 13 May 2022 13:22:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ZCzpPwz0WdrY6BfkeL81XAsKV8wn1SlQoxjmwZ5/Gig=; b=HceXmTaEkp+ZKV12vL4SdGdkWcvgFkun09LtngiucUo4uOaqteWrC89nSX8n8KF4Mf zbFQUygsTyJ/9cwGEdvi8CB+UnSn1AFgPq0r43pT0ibJpLVodVsxquLgyGcsVsujaOSG H+4SDyFdBebZKV0i5cPpZFFV8XZbJ6ILCp6VFWVPxYYiTMv2PnZ7GkElEQEcxyCLaem2 gHZ1kSHq2SaN8UpO6x3mbvHgvKrmQwvQnZQNCh89RrLMZptVGCOTgCtXmsjtL4HQ01M2 wb+wm2+HBcRXx8kcsZslS2kTnasITkIwT25vPWYX5Bi9iZ7iAdVT+LYMv9R5Gw/JPljd d3Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ZCzpPwz0WdrY6BfkeL81XAsKV8wn1SlQoxjmwZ5/Gig=; b=cte4IEvCLdVuVOly9XGP0bmWOiT+cG4zx1qrLAfkAJT4StyL4jU0o2HtmEtnsFXab0 ep493ERP0SxcoI4rcs6YC024nU5Vz/qwOXrKWhePKZJjwoYVl7/mpnOkeqKu2qbXeBjb F3qv9VeSHGLqLARgV/r3+LNwbh3GjogicC+K37r1pVep7gepUmevfkcPATLk24gHC4SE rwXv7yEwh/rRtjOvB+pV4O3QOR6iDPUUQ+fDJy7C9aEcw9HAaAXE0KDRqNAZ7wmcyqzL fjN7kE02VlNtZTZGo7AOnRQWz9YjVfLF+ICPDBP6Cev5qUlFiGz7YTcD6lGLOHMoV9hN /UvA== X-Gm-Message-State: AOAM5338S32PMLXzh7uC8bXwZmYRbRWFomx5hZYsbLvnS5ySwXAL3Z6f lHt+pVvIW/hF0GZxBLPxhrq4n6biAr64SuVI4ao= X-Google-Smtp-Source: ABdhPJwjkOWXgmy/JxzpSMehnJkSuFF0D3wmLwLqRyg1T3zp4KGNDNlpSVncsIY2Ja7kEm5CrMJ4V6Sh37EDs4qk3Tk= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:1545:0:b0:2f7:b6d6:c486 with SMTP id 66-20020a811545000000b002f7b6d6c486mr7693703ywv.261.1652473354343; Fri, 13 May 2022 13:22:34 -0700 (PDT) Date: Fri, 13 May 2022 13:21:52 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-15-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2028; h=from:subject; bh=Btj3XbJhA+i2nr8WkfyzaSMc7F2qnUf9voEPafSbHsA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lBRhm69f1gMiDJ9ChWdlEwjDHcutOztiRSiWd fHu6Rt2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7khWC/ 9DJejYBF4x70seHry7Yoz1+q2B5Kox5SdltfPtwsecQsxFcy4h5MQApJMlXdNaqyRQBiMdZ+NZ6WZr FFeaM1NATYX1I2v40aekvK8Y3DrMLfLqHyeh6b/6Td2ThG0FVX9xox+sbvNNgdd4oB7QUKlQHTLGhJ KkhsGb1eHUM0BAJXuL8UFnaMmR5SKWnHGk5ddNXgO/M4Kgt70iZYY8QdjS2FNRE/fsBrBb2f4FSVso +V4Z9MavzM8TkF6i2a0maWtI1R9EJTWioq/ppno0q36dBGTx+KUHpGsc6Jb8QQ0i/kwc+MNzEacy7u b5gU0t6+N1QBu1zpBj/NwgNFSsfVWPPHVKnJrfZC0hXMWa9Dz4ShzwhdiNIYYhCo/7awGZfdfPk9j6 mbCe5BZBHOMd5zXf5zDRGH/eV1z2P+dxCeUSlndkKrwKYfjIBXAJOaMBrrwszg6NzP0QCiYZDluLKX DFBRz/Brl+FE12I0FWpbGPaAYnZN0/uoF7o/8C7lAGqpw= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 14/21] treewide: Drop __cficanonical From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org CONFIG_CFI_CLANG doesn't use a jump table anymore and therefore, won't change function references to point elsewhere. Remove the __cficanonical attribute and all uses of it. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/compiler_types.h | 4 ---- include/linux/init.h | 4 ++-- include/linux/pci.h | 4 ++-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 1c2c33ae1b37..bdd2526af46a 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -263,10 +263,6 @@ struct ftrace_likely_data { # define __nocfi #endif -#ifndef __cficanonical -# define __cficanonical -#endif - /* * Any place that could be marked with the "alloc_size" attribute is also * a place to be marked with the "malloc" attribute. Do this as part of the diff --git a/include/linux/init.h b/include/linux/init.h index baf0b29a7010..76058c9e0399 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -220,8 +220,8 @@ extern bool initcall_debug; __initcall_name(initstub, __iid, id) #define __define_initcall_stub(__stub, fn) \ - int __init __cficanonical __stub(void); \ - int __init __cficanonical __stub(void) \ + int __init __stub(void); \ + int __init __stub(void) \ { \ return fn(); \ } \ diff --git a/include/linux/pci.h b/include/linux/pci.h index 60adf42460ab..3cc50c4e3c64 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -2021,8 +2021,8 @@ enum pci_fixup_pass { #ifdef CONFIG_LTO_CLANG #define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ class_shift, hook, stub) \ - void __cficanonical stub(struct pci_dev *dev); \ - void __cficanonical stub(struct pci_dev *dev) \ + void stub(struct pci_dev *dev); \ + void stub(struct pci_dev *dev) \ { \ hook(dev); \ } \ From patchwork Fri May 13 20:21:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D7B7C4332F for ; Fri, 13 May 2022 20:23:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384249AbiEMUXA (ORCPT ); Fri, 13 May 2022 16:23:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384182AbiEMUWr (ORCPT ); Fri, 13 May 2022 16:22:47 -0400 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B2F51796F4 for ; Fri, 13 May 2022 13:22:37 -0700 (PDT) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2d11b6259adso81357147b3.19 for ; Fri, 13 May 2022 13:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=CUpp+eY1h6QavnLplUi4X+6IJ2Hw5l406MyPGXj9jyo=; b=NJZvNrKMHoHE07itMseh//QkW1oZVG1hCm5Y34ki8iVp32X/fIOIG4pQrp41GoNIh4 4/vt1vqzEx1K7q8Je1+0mPg3QA9/Qy4ZitgvgWB49MQowYMC/cH9uxBIK5vAGqnAJXir ekRUxDpRjm8KyFj/cpyFJMcXI+ruO3K/yT4m+65BqWW9aWkxjK1EdSTA53QBrbcyXoNS kYAR4exBZhq7ge6oYG/Z6cHSKt7QKR+Doiv7NpqSnEwN9RmcMp8+U5jwfKld3dm3Ueuc m1oIjVLfuTjqn3YAQkcR4uVX8iEvvpOKWA5v+AX8LB6GAGLFkF96bW8ARNw1LRoAUfEV xF8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=CUpp+eY1h6QavnLplUi4X+6IJ2Hw5l406MyPGXj9jyo=; b=4OutDsvwJNnHSLqhBycRbHYIUiAxbsskUTXslSY7bAluwC41QdICTQ5y00HNnHOBu0 dJncPQf2pUmMA8Vdo+DiuzDifoyTKxAQKp7szq53ncEaV4NwR8FPalLfV/GOrLyve+/4 XW0WZYJogFVrdj6WwwjCUUpOYlIkOZqaljxReTQQZ32DGUL1XtB4ogDkXspOtrkeg0Lh S+OBNKo57BBQci52gmphxRTM4f4RCuGeYjFd//Xkq9hNYGZVm74XVESESMp5cH0+riix AyOUraOX2QjEqJE6GEyhHLErRKXuuewZ0rqswWACH9lTTan/9ZY94NF/l24+J2dQ1Z2v X1YA== X-Gm-Message-State: AOAM530anyo1+S/6mlOBupcKGgT2pXUz3l9wxSHJ9rhEXLddqoGIdfeD GN9/dUh/apkYfxUT1AqkDeARFjnakOAOzw1Ragk= X-Google-Smtp-Source: ABdhPJz5wAuQU3zhvCRsK12hFWDISmsLfDtjrTPNI5RGXLBRze46095reNUl3lvy/7ZwI2ttc/rbo/qNH7jP9MYfta4= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:595:0:b0:648:dd02:7e51 with SMTP id 143-20020a250595000000b00648dd027e51mr6808309ybf.486.1652473356577; Fri, 13 May 2022 13:22:36 -0700 (PDT) Date: Fri, 13 May 2022 13:21:53 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-16-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1132; h=from:subject; bh=/4dgPteGbvoZ6Zm9ahP/RnJKty3E0+Ci/Lgu/Bn2E3A=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lEh9/nV290jJ4ehCHvPJOG78C323NH9UaWJCR 7UXQDEKJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7r1IC/ 95H/s3slv+1ghpDO8U01KIVSGedwc/9NJRp7/HlT/nHaySYRWxxRwR5AqeE42fgrLsMPiozLy0Gfxj rcr/Twts4H9ZFBUSI1zYQ2eKUgaBOvevjRwwMWpcW1O0FilrWNF8RIsot8ME7I9MbxjJrnOG+pHJfT NNyxQDi02C4LNomTPzVRftAmOwfSpPyodElQFeBS5iWwA3B0AiUhkh8E6mBsXlJDAtHQamg7yXPD5U EGcfAHyyTA/JVuvdvSJagxtTXU9AMwHPt4D9hltcduns8G8fsw8PbvIhCtYyN2+fBE5oNs5y8ZEGkY fy7lP7nBp/SfFw/JgNztUkvbE5Qk5zuC6DzVZwU6jIhMAYwyNs5FgeY1k7KCuSwHBPTrCyHxMjO35Z 65OmbzeZnKrCpwJNuLuoXnPZi6zFP7iUkZI0QJl8XSDLul8rQvLdrgPRrEnuJU2U4qxS2/n//iyqIy c0HZsESX2A63vEHvQWQsl/o6WsSYKsYPwxnyLskmJeO/c= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 15/21] objtool: Don't warn about __cfi_ preambles falling through From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org The __cfi_ preambles contain valid instructions, which embed KCFI type information in the following format: __cfi_function: int3 int3 mov , %eax int3 int3 function: ... While the preambles are STT_FUNC and contain valid instructions, they are not executed and always fall through. Skip the warning for them. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- tools/objtool/check.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index ca5b74603008..88f005ae6dcc 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3311,6 +3311,10 @@ static int validate_branch(struct objtool_file *file, struct symbol *func, next_insn = next_insn_to_validate(file, insn); if (func && insn->func && func != insn->func->pfunc) { + /* Ignore KCFI type preambles, which always fall through */ + if (!strncmp(func->name, "__cfi_", 6)) + return 0; + WARN("%s() falls through to next function %s()", func->name, insn->func->name); return 1; From patchwork Fri May 13 20:21:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AF23C433F5 for ; Fri, 13 May 2022 20:23:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384182AbiEMUXC (ORCPT ); Fri, 13 May 2022 16:23:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44794 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384231AbiEMUWr (ORCPT ); Fri, 13 May 2022 16:22:47 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BC7ED179C00 for ; Fri, 13 May 2022 13:22:39 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id r14-20020a25844e000000b00648bdf7491bso8264424ybm.1 for ; Fri, 13 May 2022 13:22:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3UaFU5xHj03sZsROlsGwfgYzXTeZAfKKB9B52UkHPts=; b=eCcXC8IEU4TE1wUZ9lhaNpCA7Z0h4DyMFY/4H5NAaxQsccUwtk8sjePd+x1NbczBs6 Ox0P0++T7xXz5z8piJI/aM8tT+OeVA8J6bK2UToqho+Fc+Jf0lOSPvXV6TI4oxl76/45 VD8MFSCK2J1gh7JhBYsOT8o7NGx4Dq5IWxRlcHwu1CzJOD2h09EjVCJnALkxcaud//td oKVpNJ15xxQ7Pw9VU1AfCY+U/VH0XOP1vOZXa4Tp/ktS5ehYSnGnGIW18Kvuu3tBr4ts LVkqDmg5dihnZSeWav46yeycpyXIgsAeDPyLDpaaOHDjpqxXJsukVeHoZb2bUIv6D4vd qCgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3UaFU5xHj03sZsROlsGwfgYzXTeZAfKKB9B52UkHPts=; b=ApcXOAhnQk1/S2k90yLUkv9Xvt1qRzQEltzCleUZlrNVC8XmPnsOcHCej7WaBdoJko pAuqBPRRyfe03QEUR/zDNkcCArrrflq0WdBZabLuxWQ+npIkiU/KyFDqli8VD+GR+qNa h+7zjVUtsqdL938kLhdAA7nwaG9MW8pqchMsUJGxvl+e7NWfMFO+PKIlAakrZxXOQjJx Th84ZezEBTIW/luZyTFhlvGvXtK/v1nXG2ENQADGjyS1HTc3+KmbqSZQGlPDlLPGWcc3 tKSiU5IG4e2+rZmmD61U28pEKhfKJvthRmv5WaXuMAJuaYpPz4qk2bnPN8Vy6n9RkDsL Q4mw== X-Gm-Message-State: AOAM53228JnfUYsv7WO/l0bRLQsJRtAKKQaWBVbJ+3Nmdmlb4TQ8ncR1 SyIZfo5Fz1Ecpd14hL7DIRCIejoeYXV+qoYHCL8= X-Google-Smtp-Source: ABdhPJy/Xry+6o5/aZvCnAuWwOtasUz4noL3K26Hbe2/oGf4osiyUIQJ54ZDIZxyv42DhCx7eptfqF9TiwS8lip9gso= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:7243:0:b0:649:1be0:5061 with SMTP id n64-20020a257243000000b006491be05061mr6561779ybc.597.1652473359022; Fri, 13 May 2022 13:22:39 -0700 (PDT) Date: Fri, 13 May 2022 13:21:54 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-17-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=641; h=from:subject; bh=BSMde0wfILoH9GAgh/AL2A0KfpejGhMH1EXBp0R87bA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lS6DgGrgcdlTr4VdqCp+hJ4gok3CvQfxUBLVW A6LaMPeJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7gXFDA CHg4xEbmMadZBDqHqq0UEmifRbgTU4jfyD/g+/XScylIqJWRNr8acWg1Ez0oZ0wjApncrd0VTGbZOG N/N8qRTqHOujf3tWPFlD/3WoW4YHoqB79n1ZD01+aEGVLL5f5SV879mjfR/bQOxEJ2E98v+sgkOGlC c+zxC3gNrduPHvIGuK5jSsQ+g5DW+VP51Lw6g+FQgNRZQjtROp9VfPIFXTyQe8MqbHvDkX/ZFXNAu8 aKQvmfyrQSv32nXwOhRyUvBsq7YMNpEw5tdud1hVmJNg/0dGh2eY/AGjMa5JVsnVN4QbBLvgGhGqT9 camb6c2XcHf9mWoHSlfEG4e81gGiWkWMbkASfkHOBZ6EX/Z5HgYtH9N20zS4fMUYg9Di0ChEBrGYGv YLM333v24SOGwcOKOyNghGoUDw+juh4Quum23MthHk6uV+Ukmf7hTzsvyE7wy1D37AZGJpzk42FpKe 72X8bL5jcVLHUzRFwpfIXccSO7+M1E/jMAgXYvXsGlWA4= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 16/21] x86/tools/relocs: Ignore __kcfi_typeid_ relocations From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Ignore __kcfi_typeid_ symbols. These are compiler-generated constants that contain CFI type identifiers. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/tools/relocs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index e2c5b296120d..2925074b9a58 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -56,6 +56,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { "^(xen_irq_disable_direct_reloc$|" "xen_save_fl_direct_reloc$|" "VDSO|" + "__kcfi_typeid_|" "__crc_)", /* From patchwork Fri May 13 20:21:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849372 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6401C433FE for ; Fri, 13 May 2022 20:23:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384240AbiEMUXD (ORCPT ); Fri, 13 May 2022 16:23:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384235AbiEMUWr (ORCPT ); Fri, 13 May 2022 16:22:47 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66A18179401 for ; Fri, 13 May 2022 13:22:41 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id r14-20020a25844e000000b00648bdf7491bso8264424ybm.1 for ; Fri, 13 May 2022 13:22:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=nUpPaqC0eYL5Nt1oJAx9xMuIXQVPdTCitfDNswclMOQ=; b=NGUyzaEgTOzOQLTvGRKxy+h20499lPJi5/bsMfRsZPY50ZEZqUY00bPfA5hyNxQu4L vN8+OSPtEHMBxroLCTwKi1OSx4Vzz3fhx04vGmzP5a0PBrWxie/lCPWbhCj/liIjolRo NqTebXuV+en7aRSF+p/b93gOcmPVRpVzC7/GH3X/tKBVpb8qIKWEQT/gKhb+CzKbbYo4 +kCZheZew6tKW+x89Ktx1lasOXVEVag1VVYCJlE2snyDQ7WQcJEZnsYNaVnJjuzTop5H Nl4yioYKQ958oMvcKEMiiZhY/HU3opeNEd5zKqAeoqbQ4OqqG+TCsRg8h1wnkzkZ9mcJ 9zzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=nUpPaqC0eYL5Nt1oJAx9xMuIXQVPdTCitfDNswclMOQ=; b=rb8uxBzFv788F6nIGRhbsWHGRETPmUWbZCTmDjklzw75+D9DmbepZIhH/emx24OTYc Y7PiExhzftFnTt5gsg6qYA3Uf2BUT1eCgnu2HP5bI9Pj29ko9A/5+KuP72VU7j1VnLxJ GmycQsQiIBnOV9j20DILtk9N78ur20p39aXC6kQQGT+MzgSKXdy7pbVoiag12hdFTg5Q 8EjnieyhCfY5YcxvlpcZiufbUW/sXQp2YuRAYlb9GnXBMFUAZ743Q3ODrGoR2htTua9d 3ynSjm1LkZAbAPHQAM9y94wZ9ExMlzSzvVVE9AccMJZzQcCnKzXBP3b7zOuV8otJ+ewR lfmQ== X-Gm-Message-State: AOAM532aJU2oY34nzMcZIlDv6cjUBI2aMeQ1s7OuOTnvDbN09ROw7n25 AeIWlOCTI1tRkTSmiQ4B20r+WU+BID6a3S63Y30= X-Google-Smtp-Source: ABdhPJym3cBdFsDpIM2tmSGXzSDbcw5wm3NKeWj4wDNkpC1RXx4qZwbZndlBzE2vMNk03H9K3mFgotzJMVnS9Ymc5Zo= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:526:b0:648:506b:1a0c with SMTP id y6-20020a056902052600b00648506b1a0cmr6623042ybs.254.1652473361076; Fri, 13 May 2022 13:22:41 -0700 (PDT) Date: Fri, 13 May 2022 13:21:55 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-18-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1843; h=from:subject; bh=Tzngjb8MoymH2ioVLVXdJdgOCZQILE66fWSMpHjt6pE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lsRq/H1xovX9N/KUFK0NOk3o/nIT8tQQsdWEf Ofbm6FyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7sS1C/ 9gij0HCI9i3xZiRVcPO0F8xuDwz3inbEGwbWsTKqlXSy5gWjfweTKMJXIgkYcouSrgbOjhl8nzwPxL 81nocm/AhRTr3/yte0jvexKghAR3TJlP4Qu3fjMwdAN97zxjt9+LTucDd54iBkvR9iDd23FMge6C7j YPIYFUshdjCb3rqxtJyoMrTauMj1hPnhMANlj4WDN13X+Ay16VtB9w0JPAwwAy6A/uB5M3QACY2XJR pjpKA3O+1HU1Ojf7QN7z4DR63l/wHh3+xSKudUS0njUm7mZc617Z6n10l2nuxvfVFQVyvlFBS0hDPK +kj+tWdbgwuqRgr4/HwxWx0s5ssxvIn4V12RFbkaNEPiI78ESoVO5vyvelqxDjzRlWKId+HB9a6i8D 92WpY30bsvj+a1djwv5hmFiTsICSpLsIXFCeMZa5lwzBY2u/7GEdUcwnwzqyYUfLIYiqjbhnvExzYD 95XvQRRTCdT2ULBXckH5XIp+S2pLb8o2bqHbgUcKAJwDs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 17/21] x86: Add types to indirectly called assembly functions From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/crypto/blowfish-x86_64-asm_64.S | 5 +++-- arch/x86/lib/memcpy_64.S | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 802d71582689..4a43e072d2d1 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -6,6 +6,7 @@ */ #include +#include .file "blowfish-x86_64-asm.S" .text @@ -141,7 +142,7 @@ SYM_FUNC_START(__blowfish_enc_blk) RET; SYM_FUNC_END(__blowfish_enc_blk) -SYM_FUNC_START(blowfish_dec_blk) +SYM_TYPED_FUNC_START(blowfish_dec_blk) /* input: * %rdi: ctx * %rsi: dst @@ -332,7 +333,7 @@ SYM_FUNC_START(__blowfish_enc_blk_4way) RET; SYM_FUNC_END(__blowfish_enc_blk_4way) -SYM_FUNC_START(blowfish_dec_blk_4way) +SYM_TYPED_FUNC_START(blowfish_dec_blk_4way) /* input: * %rdi: ctx * %rsi: dst diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S index d0d7b9bc6cad..e5d9b299577f 100644 --- a/arch/x86/lib/memcpy_64.S +++ b/arch/x86/lib/memcpy_64.S @@ -2,6 +2,7 @@ /* Copyright 2002 Andi Kleen */ #include +#include #include #include #include @@ -27,7 +28,7 @@ * Output: * rax original destination */ -SYM_FUNC_START(__memcpy) +__SYM_TYPED_FUNC_START(__memcpy, memcpy) ALTERNATIVE_2 "jmp memcpy_orig", "", X86_FEATURE_REP_GOOD, \ "jmp memcpy_erms", X86_FEATURE_ERMS From patchwork Fri May 13 20:21:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849374 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB8CCC433F5 for ; Fri, 13 May 2022 20:23:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384229AbiEMUXF (ORCPT ); Fri, 13 May 2022 16:23:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44842 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384190AbiEMUWs (ORCPT ); Fri, 13 May 2022 16:22:48 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BA2BE15D33D for ; Fri, 13 May 2022 13:22:43 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id w21-20020a25df15000000b0064b401428bfso7256613ybg.22 for ; Fri, 13 May 2022 13:22:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=PfUOUCtWYZGmp8CXclCTWw0GE2v5WPFVxnxla7QB7vw=; b=nCubo4qm3EWLu8ph4cU0J48klMHpfNRcdDDHvRk87yHuzwBoIBJ/AU7Zj01a7RdZIF t6ik+RXGU61svm9iFsdm0UO6eotpCIPJMowDcoGi43HtZioBN2GSc7Bb/24mH+Y1XxI/ H2UqwryguqTCBR6WTNv/1J0rrcU4SgUpj/DCVM+I43JCXI9PY0ZuqC6e3pyWT8kxLHXz aypLH1zJKclQCdpSo+hy/cCSzYH+emciZNSjzDJjmkCQGnRGZTqaCMDjwLCQp7F7hD8B lNK/pR0WZNB0QYRB2IObpdQwuIcXVOFy3fveUYDJmRy2HB/sObRtwd1nPyaJGlvjuvKx 1jew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=PfUOUCtWYZGmp8CXclCTWw0GE2v5WPFVxnxla7QB7vw=; b=gPV7UbX1/eRgp8k+ne+eXS4FCImoNKJQz6tZ8P69JRLkgG0KHSW4tPBpxozUweIL5m hqYj4St0GmcKiEQHpAGFpULRiWFL4GuMltKkZa/5mwZwZWdcA+olzv1gYx0gp1Uxj10R GncB1PfEpnTkPYpWtjzdGNk1M5aCH1Pu5HJSZ0uV3R/8+O3ebHrinjdlnwhq+8EqcQQ0 M9AT0svyje8xpbvogxWGfiJZhfPhDOJnrfVZoI0OC+Sh4aKnoXEnpJclRvnHg4Z6NwNo qg3ZNLztAH/3RX/XrdQdzTz/FE1k31mr4dxs5IZ6wUHk/1VMTeoKGKbHZtnequQRQSur HjiA== X-Gm-Message-State: AOAM531nUgLCA8qiSOVOlcL0qrTzQ9qhPEM9tQ2sbdFtgEVz7FPwgy2z MyjE38Y3ED/17lnjAbGiKDbGklGkZTB+d7ECf1A= X-Google-Smtp-Source: ABdhPJw+D7t6SSlbjDlENv5lafSoapQJ6Q274oZIPQGeVXoNM9Zg7HmZCxd74l5G/0JMvVqt1aRLChSV/AE8SNevvWU= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:8c03:0:b0:649:c7f8:1fc9 with SMTP id k3-20020a258c03000000b00649c7f81fc9mr6802241ybl.587.1652473363438; Fri, 13 May 2022 13:22:43 -0700 (PDT) Date: Fri, 13 May 2022 13:21:56 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-19-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=867; h=from:subject; bh=1zGkTRBFsYQeOh1nY0Ftktys2F76fLo0aIs4c+r3/F0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lqAwmlxBUGYGrHtGRBycX29CVlKsWO3WkULXp 4RXxZyyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7iRJC/ 40aO3dHx7HRqL5IBxJl4LEnss6Sben7NjXL1WF89h7qFltZ5dAJeU01SJQLXBbFrGMVwlJ6QXAdGEj 635LhB+9rvz3J3LtnqvUssb7EF73SxuPBnb6OMm+qYoJRX6x4QzHFUBMSpT7nQgeSRXxgqGzkDSRup vh3xGCK6gB9qpNMP6tfQC0arD6MlBlA6GdKe9mp1HvtqGMQB7swpv2WD9cOCfE9KLcH0y91ynQ6g4U UZPiaQZWKDZYiQPJldKSe7moKZrikR0U0Qo5Q553qfQPjeadJ5XvtghpEAkLCafukyveKh4N09VV1w S5uP5cVYPc1iWKtXKqmCRwCpMMwF7IuEhjpg+hVIGDfAoBFfQZc7B4mxMlOChIzO8+9ddE4OTx6XxB YRAfx/UF3uy7/M0r/sDjqemuUQ62BUUmbl2fY3WLz7xKDa+6xiPI1E+yb9szaxBwq3DbFWH1ubyPnI mSllpHUKTR62DNzA8dewcd7rUu26o+Zb8p+isVc2xVeb0= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 18/21] x86/purgatory: Disable CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Disable CONFIG_CFI_CLANG for the stand-alone purgatory.ro. Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- arch/x86/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index ae53d54d7959..b3fa947fa38b 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -55,6 +55,10 @@ ifdef CONFIG_RETPOLINE PURGATORY_CFLAGS_REMOVE += $(RETPOLINE_CFLAGS) endif +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) From patchwork Fri May 13 20:21:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849373 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30763C433EF for ; Fri, 13 May 2022 20:23:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384134AbiEMUXE (ORCPT ); Fri, 13 May 2022 16:23:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44558 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384244AbiEMUWs (ORCPT ); Fri, 13 May 2022 16:22:48 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 45B0D15E61D for ; Fri, 13 May 2022 13:22:46 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id g129-20020a25db87000000b0064b0d671050so8180379ybf.6 for ; Fri, 13 May 2022 13:22:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=sN1MQIdlcLov8VgTjyWeulzGcdWJ7BEX/VgFu9sqEms=; b=NDN+pnJemIaCSxm+K2o9kM8xoxP4AQp7FKNhm67B5YN9f5EDBtjQNKeP31f39bv4/X u7Sta5zaVqNE8LpDfbgbrzZSc89IJTRdfylKuFMkp86I7w1oQQ7UKjoL47AzIJGV2wY4 9LsNi1Ao6snjicLqufdQjigC9QuO4Lj+vJJw7hg8/6NkaOuIZDEnaS2id6So0DG0ta2C SvvhUKEOlmhey8NHV9HehLbFjkcnVEoZHby8OxicoYYxpFyzgd1HR0qIC2KTzvXjto4r dZJbPHQ/lkgGGEiIG2FhPu3ibzslDXp4HRuIKvuvNFZvOS/+/U8h2BmuRQ7EWpXo/BrE bNrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=sN1MQIdlcLov8VgTjyWeulzGcdWJ7BEX/VgFu9sqEms=; b=x6+exFbaWv3grQhGsYF8peRzqsJBrwoB1sbRAl0PzC5Y8TX/caPlbZZZqp/Eg4iDo8 9mLclj/Md1lcCR3E3UZfRKEb4uzKPV7fK0LE0kEq01n4nAzINJirj365WZUOnwezvrnS EJzoQsgHYa5hJ0LCIj+TLd29jtgwZsNQytb+Bo8ObqXt9VgC/A3Hh1YIDXH9uOozIzgC qW5PAo51p/OOlbvpYkjhcLk243G3Vl5hEzVbLvn9tB7oWyBKVD4T1EDqDYjmrZoHPKH5 hu8y5/ifRg3vE4viIsX7DpG525ISbJVFWpqCXOzEX3qI+1ImPPAN65//x7Z8lGiWWG0c XwRw== X-Gm-Message-State: AOAM531koI8CoxymmExyrhI3RuFSHsQ1CiS87O1Kwc3dKAxtyTuvEWXm R/3hN8N22aQOKdnaHuaBR8h9nS+bC/EVMpM0wuA= X-Google-Smtp-Source: ABdhPJx5nJW+fLyEvpdIEtsWTO7Bccf8P7rQGyFfkNsIumtMA98HgpHClV78e0G6XQroqhr1CVABaVT70arCD7DKWJc= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:3c4:b0:64b:9947:ae0c with SMTP id g4-20020a05690203c400b0064b9947ae0cmr4277666ybs.139.1652473365524; Fri, 13 May 2022 13:22:45 -0700 (PDT) Date: Fri, 13 May 2022 13:21:57 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-20-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1427; h=from:subject; bh=57qcu+U/ESwPOD6Y+SONkBgb7Co02QyfDr74Uk03b6A=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3l0ipJhNE6eoVPfJVHE9QVfJa5ZOmTd70bEYHX Y/YEamOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7uSFC/ 0ZKCyQe27MbqBSzxoH/uHRZkF/mRGq3PzbQqycBC63gV53AhsNrxa68cqQI/p9ZTMUlHpbuqgxceYo GjOUCTNfeFJQjNAvcAtAQ4FVHmv7MHC5RaI6Zkv+hnIWlXizBxMSPe2QPGCU44v2xkUx2bDxbItGGX HU4Yj5bSd0gZIL0BsXOTeqEWlBel1tof7WIru7x5Cc63rAUVarAFiecr4J5owvzEya+9gnBPxYDcra ay5jeQ/kViL1zXdWuWv/c8lO2bshaKGI+7byXNTzIm1NyKM1Bc34y+t7X9RVLcTWX6+AalxYela27+ Cs7ndV9QgHxu5DDVyrwFBg79BVA2y34witGsut8PgrYolzywRZxaAJKu9U5O3U8UX9U83Kk8iiPCg7 lnvfvJ+JEZUT2MG1p2X4EhWueUL2cbGs3eL+XCeAouQAA4iV2dYhb+hVPp2BwiDIf9yLF5O+QaFQHu MWoGpc8TGw8nfWrniueaU8rSDQl15j0/F9fJPb4Z8u43c= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 19/21] x86/vdso: Disable CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org CC_FLAGS_LTO no longer includes CC_FLAGS_CFI, so filter these flags out as well. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/entry/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 693f8b9031fb..abf41ef0f89e 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -91,7 +91,7 @@ ifneq ($(RETPOLINE_VDSO_CFLAGS),) endif endif -$(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -151,6 +151,7 @@ KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_CFI),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += -fno-stack-protector KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) From patchwork Fri May 13 20:21:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849377 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DC69C433F5 for ; Fri, 13 May 2022 20:23:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384160AbiEMUXN (ORCPT ); Fri, 13 May 2022 16:23:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44692 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384194AbiEMUWt (ORCPT ); Fri, 13 May 2022 16:22:49 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F93115E639 for ; Fri, 13 May 2022 13:22:48 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id t42-20020a25aaad000000b00649d5b19ee3so8225185ybi.4 for ; Fri, 13 May 2022 13:22:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc:content-transfer-encoding; bh=JmUcB71UJsapD3GVrO4eUWV0XUj+8/03004nVnvcXak=; b=q+waAbIPDqPXiH8Wgpa93Fc43zirFgzfaoRzu0Q5jNfW74oP0t5HWD2wC1p1VHbruB 7qYzcZ894qexmN06FGKvFmNxzmoZjlpErpk9CisCKJylmj/NZCW/7c+4QXNZUzkOyqY5 ZmrN+OotCHK0Zxe6n6widKeoxY6e4P6cB5hh8ACBmzF3WPinJVT7094cUhFIg4g9rOgH HrYQk4QQjb3Yg8txeGH/fxa1z+bPXdFTIoOUn6STFBkAo5+racs7j7HLOp+WR7/u5i9Z fbE+JWGAc+uThCpOJoTMigL5puZSpV0KB0FiT9EKn/mSiY0cT9VjwEJD/StPJlOU0Cev 8cFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc:content-transfer-encoding; bh=JmUcB71UJsapD3GVrO4eUWV0XUj+8/03004nVnvcXak=; b=S9yxnnE4uHW/eACltT5vQY+gB2u62UrvGuuRlvmBUEEGUvHTi7NhpCHV9EKiJ8l1M8 7jgN01rItpDnu0TLIqlCMMO9FJfj1Rq838YAlpxI0KkLuw+pbmwx2sCfhoIzsFeIsSAI KnfSFjm+XKAlRADT9jZT1nwOQ83oZmEyng33g0+cyrWyJ7/EBxwPzt39P1RnjcjmymnS KJF4/fMcx9TLf2wXOsey+bLsAFemi1qcEN4/Nmoc3CfxLfolYFtKfHnNopzo1Dwu+/xN Wpfy4Xn3nO4H9N7COJQMKQ2+53u2FBMf2Uf47wUKLnlmJHm8f4GpuQrDXAjHj4Kg8mNx yJTg== X-Gm-Message-State: AOAM531SYGx3hMYpUQEBCm6vOPpJ/n6zqLHl/IyZA1UR/HZbl7LIqXvy VK9kVtDkhs1EF6PXbdRXBM7kb8/bIbkMSzcYS4A= X-Google-Smtp-Source: ABdhPJxGXIqwfLWWVdQxKuBrR4ghlUD/U84TY8XUBMGdfyRVGJlvO7KK85ebE9nSek/CneTaJ2zwEZeCATeLZcT7B6g= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:ca0b:0:b0:648:3e2d:3f1e with SMTP id a11-20020a25ca0b000000b006483e2d3f1emr6403961ybg.362.1652473367748; Fri, 13 May 2022 13:22:47 -0700 (PDT) Date: Fri, 13 May 2022 13:21:58 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-21-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=4439; h=from:subject; bh=bn6mttx/+N79EqzqH4lUGVrrHJpkhXhGEyYfvAshG7g=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3miAgPARrfh1jZo/AMj9afOxuevNvNz1zEXoxO T5E2BAmJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695gAKCRBMtfaEi7xW7uTzC/ 9b9JUjgkRS+vIpbCBv2wAQzLNRFHZegpFnvMQoIRaCvqoY5boY6o0Xuz4QszhTRn1+ascJMVcRMW6Z oHJDJPwlebdNS6OMzh83h9gqPCPvFqtHxuUILPy4WV3SidB7tv86rJaDoTIajuK3Ea40avqwWsmfOF aRuH7ecXZnSmH7uiY0mhXR/DbiXrBK5xh4ZTiuCx307rT3EhXyn6Ct4FnxDH9pCtH73EbaXflqQkBa ryRG4iDZf5TcRVeSDnJr+U81TkzvdCCXZmcWq4wo7r3BL3GeMZOZurN5sSNndagsAYijRCnfD5cj5o e4gPm+t6uteLjf2G920Xk43zl0MKhtuWtH2aeRse7fvHufNm5LLJjPTbMjQcA9/IvOaIMWixIS/bpw s2jg8SjAkgt4uypGp881cRfUjnY6/ujb0NCeb7C8YoA+20X4sdEJgSLx5vdf1D6AhEjOF5QG/7NyUa KNnOpBF6vXJPl0DlF3Ic+IY/CA2aDA/bukfnAaBt3CIeg= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 20/21] x86: Add support for CONFIG_CFI_CLANG From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble __cfi_function: int3 int3 mov , %eax int3 int3 function: ... ; indirect call check cmpl    , -6(%r11) je .Ltmp1 ud2 .Ltmp1: call __x86_indirect_thunk_r11 Define the __CFI_TYPE helper macro for manual type annotations in assembly code, add error handling for the CFI ud2 traps, and allow CONFIG_CFI_CLANG to be selected on x86_64. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Kees Cook --- arch/x86/Kconfig | 2 ++ arch/x86/include/asm/linkage.h | 12 +++++++ arch/x86/kernel/traps.c | 60 +++++++++++++++++++++++++++++++++- 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4bed3abf444d..2e73d0792d48 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -108,6 +108,8 @@ config X86 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 + select ARCH_SUPPORTS_CFI_CLANG if X86_64 + select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG select ARCH_SUPPORTS_LTO_CLANG select ARCH_SUPPORTS_LTO_CLANG_THIN select ARCH_USE_BUILTIN_BSWAP diff --git a/arch/x86/include/asm/linkage.h b/arch/x86/include/asm/linkage.h index 85865f1645bd..0ee4a0af3974 100644 --- a/arch/x86/include/asm/linkage.h +++ b/arch/x86/include/asm/linkage.h @@ -25,6 +25,18 @@ #define RET ret #endif +#ifdef CONFIG_CFI_CLANG +#define __CFI_TYPE(name) \ + .fill 7, 1, 0xCC ASM_NL \ + SYM_START(__cfi_##name, SYM_L_LOCAL, SYM_A_NONE) \ + int3 ASM_NL \ + int3 ASM_NL \ + mov __kcfi_typeid_##name, %eax ASM_NL \ + int3 ASM_NL \ + int3 ASM_NL \ + SYM_FUNC_END(__cfi_##name) +#endif + #else /* __ASSEMBLY__ */ #ifdef CONFIG_SLS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 1563fb995005..320e257eb4be 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -295,6 +296,62 @@ static inline void handle_invalid_op(struct pt_regs *regs) ILL_ILLOPN, error_get_trap_addr(regs)); } +#ifdef CONFIG_CFI_CLANG +static void decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + unsigned long *type) +{ + char buffer[MAX_INSN_SIZE]; + struct insn insn; + int offset; + + *target = *type = 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + *   cmpl    , -6(%reg) ; 7 bytes + * je .Ltmp1 ; 2 bytes + * ud2 ; <- addr + * .Ltmp1: + * + * Both the type and the target address can be decoded from the + * cmpl instruction. + */ + if (copy_from_kernel_nofault(buffer, (void *)regs->ip - 9, MAX_INSN_SIZE)) + return; + if (insn_decode_kernel(&insn, buffer)) + return; + if (insn.opcode.value != 0x81 || X86_MODRM_REG(insn.modrm.value) != 7) + return; + + *type = insn.immediate.value; + + offset = insn_get_modrm_rm_off(&insn, regs); + if (offset < 0) + return; + + *target = *(unsigned long *)((void *)regs + offset); +} + +static enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + if (is_cfi_trap(regs->ip)) { + unsigned long target, type; + + decode_cfi_insn(regs, &target, &type); + return report_cfi_failure(regs, regs->ip, target, type); + } + + return BUG_TRAP_TYPE_NONE; +} +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + static noinstr bool handle_bug(struct pt_regs *regs) { bool handled = false; @@ -312,7 +369,8 @@ static noinstr bool handle_bug(struct pt_regs *regs) */ if (regs->flags & X86_EFLAGS_IF) raw_local_irq_enable(); - if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN) { + if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) { regs->ip += LEN_UD2; handled = true; } From patchwork Fri May 13 20:21:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849378 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9141C43217 for ; Fri, 13 May 2022 20:23:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384151AbiEMUXO (ORCPT ); Fri, 13 May 2022 16:23:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44572 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384162AbiEMUWv (ORCPT ); Fri, 13 May 2022 16:22:51 -0400 Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3706D158F8C for ; Fri, 13 May 2022 13:22:50 -0700 (PDT) Received: by mail-yb1-xb49.google.com with SMTP id g129-20020a25db87000000b0064b0d671050so8180379ybf.6 for ; Fri, 13 May 2022 13:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=dlbVbF+zSH65SmcGkXw1HXEqEtfYUZQQn63+I2niGUI=; b=suo26qtPRItoyTwDfbbz3LASboBjKdoSMFI8aXUKdlLp7CvixfOiS0uW8H0gGPFal2 ufgd4A/bFbLLb35MHsIFdaYntoAIZwz2uyf3z8bMRt81n9k1SU3nJTLVFvOQgb2SG8Fu bxKBgJRrvLFgiFjcPBc5Ql/tiiDyCHMFHdMWHyl55ksvDj3IxU5xl8BS15jw7IGglpoD rCWQ6dehGYNUVVdSLJleQQBFDeVcxeS2wdMj89py0SHeVj1/phR+9VxOKeAhx/R3o0y3 dxmzZBsr6Kb5ReKmsDe4eAPOCfkU7q2HMZmt2/P07pSpGYOWb8T5SJmlzQByOBASF86u WdkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=dlbVbF+zSH65SmcGkXw1HXEqEtfYUZQQn63+I2niGUI=; b=2plpicpZwgYJHKXdHh4rCx6rgH0ZO1j/fYJESjBABImmNGj5/9bTpN8YIEBJfOLfZb 7B4lFtdA8KzHZow5U9M+CbgsejF2Mi/HnxKeLGZgRjozFCbmu5yLv9ZWLtRv/9yZCfTB 9ji/cLssaoHT5yISlDoQrr3VmscEI7MPqk6O02pnDn+XHQcTibotkT6DxLF4z9cuAoQe kYdpOg4oVS8xKxZq5GktsPq66HFkSWlenVMrh7r2IxIumMbCJAdzIkqa8Ycx75tfNgnz CMOqORZTbsnFe9jy4uOZZq+pgz5hmC/VNoqVIwb5Vsqsx4cVXTi/Zisx9OGuVzpVg1Ze 45sA== X-Gm-Message-State: AOAM533Zr0xL5uChDOJ5Tff+ZOurtNmds50ucY+zjlefREuBSWg6Vl0G U+/O+icmRXf6qnMq3Q0RqfSoZGQYTht9c8xOCWM= X-Google-Smtp-Source: ABdhPJzFM48oKh50rHebCrOHf34tcszegLHZxSEku5WBt1TgwOcHyEAQ0+hAqjBZ97NekznHKYIzAU+Im42Yn+P0SW0= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:3441:0:b0:64b:dc55:bdd2 with SMTP id b62-20020a253441000000b0064bdc55bdd2mr2715370yba.75.1652473369915; Fri, 13 May 2022 13:22:49 -0700 (PDT) Date: Fri, 13 May 2022 13:21:59 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-22-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=873; h=from:subject; bh=EnKTZWbwTuwhGtVwGe8P9VjRM8gy1nwr12ORzB61S+o=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3mfZ8/2S8lWN4wX+IbgzR7T53VLtyDzI5tt2rz WJL+EaaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695gAKCRBMtfaEi7xW7pVmC/ 9a3zu00Ju5TXxz0xiUJonHs8P0BGs4hr5NmWM2GMbyFjujv8hZeNGa4mbYKHKM5PCQQ5gvZgix8xN7 pycP7Dh2F7rK9HP2Fk6aH55ONw1ChCEHEzVNMB01KLR5+6/b4c4y7TCE3ZD3mF3h76hXjR8das2Zy8 /l8yvdEZQEHquOWm1zBiS8yJvQi3QiroJFJv29MfZwGqv77y80QGHlf3OYSNsl1cli2prx6ZgDNeja U700rcBs2hsB/3Idgu5rWH2o1LwNQhhLXRSSPCJ+RDTgVj3o3z2qnQbJNcqWpzelCvO9OedQQVoUBc ijxVLEzzl1xpeBdNk1MBk5Yt1djJtfSIXAccu2h/e8gme3qYn4dkUdt/4mtjccvvFGzy5KZnCTFIAk UTsfhTj2V9f+6fyGCQ3hu/sQOzwh7XJUzd+IyJINOyFAw+0gRm/XHYEstiM2STE6izuoI7QWPXRpM3 9+1GAAvAXf8upx6jl7Yk6dH45w3SkswkAp7IP4wLfr7Y4= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 21/21] init: Drop __nocfi from __init From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org It's no longer necessary to disable CFI checking for all __init functions. Drop the __nocfi attribute. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/init.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/init.h b/include/linux/init.h index 76058c9e0399..a0a90cd73ebe 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -47,7 +47,7 @@ /* These are for everybody (although not all archs will actually discard it in modules) */ -#define __init __section(".init.text") __cold __latent_entropy __noinitretpoline __nocfi +#define __init __section(".init.text") __cold __latent_entropy __noinitretpoline #define __initdata __section(".init.data") #define __initconst __section(".init.rodata") #define __exitdata __section(".exit.data")