From patchwork Fri May 13 20:21:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849379 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40FAFC433FE for ; Fri, 13 May 2022 20:23:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=0Q4m8F/7gRJGPtD0b41EKVbisLLsruuLnUWYeBGVx2A=; b=fkfSSNQ0psqf8D8WhCCVbg1fc8 YfWgdH9odswD+42BJOPW8kfQZiLLfC/zcS1s4wVOK5L0Akd3Hk7gsdXKW7ZnZoGSdC08XcU4JriiC 2p15Lgsyq9mUIy06Efn+M8kL5JXOMT2zIb59EX/gNssWASARgAh4j/g525gGXZgeMi9iHu6AoaiJ+ jPK4U7u3Qy332uB3LBs7EjXs4x6MNjBAUuydjocLTj35UnuhFjBgYJFYZvSEz+1nATGlkqGMvJCr9 Hwh6PPreIWRQPbTodxYUNmd426cCaHmygFh/zHiBE6kzjbj/ng3GdqwQvhPzsCRkCUnk3nwH02D9L joVZ3GxQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnd-00HRBF-Sq; Fri, 13 May 2022 20:22:10 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbna-00HR8H-Qh for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:08 +0000 Received: by mail-yb1-xb49.google.com with SMTP id 9-20020a250909000000b006484b89c979so8123943ybj.21 for ; Fri, 13 May 2022 13:22:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7dzNFqFFreuuGTeKc8mtJ6zzQ7MnT/UZgCYnwegkikw=; b=n4tHKOJgDtPcp400cFfhloKlxJotstNLkDrF4z8JP1rzR6HPjAR9HOs6jJBLmYOB5l 4+Y2KlsHR5sfl8hlG5Y2YO+uXY1XI0e2TXINNjhFpaz3QIuWawMkTRTCBrjaopQyaxLa cBhG2HDKSrXaUfoLLBgPjgOcp482uo/oyH92PRBXhbRR9yF3onu8TOJ/ZGaqiFzX2+MA ZJ5mlRUuYytvGHLeEX/wYO5xCTnb4kuxxKZm18if4rlYDNnia3kdXzS5XA/U0nmH95AC ve41FgmB9bTufogbJdpviDZ/EZU3vVH7ccMM08Dtf8J1ylIz0SSX0V+uQLGdW5GTIavt KFMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7dzNFqFFreuuGTeKc8mtJ6zzQ7MnT/UZgCYnwegkikw=; b=zJg0+hPyw3qZblwUH/oEIaRybbKocxJhC04jRJGKNAm0FvoC2RqXkrOmTlMi//h0G9 1WCKfdLrPqCWZ4lhNOELsDfrLKLxJHFtXf8RWfj2q0lla925YyViIQOw5YjP5nDZC5T8 +LtIwvNESMbOiJWDftJqvhv/o6NCWF349+aFgsELDWnhPHjBEWbXpl247vz71Rm0f5As dqzDXk6aDWXvkXQ2aL3QtyGn+H8OADP1X1siylXiF0WFep4zprNFjReAX0++FFBz7vD5 W+p8LmzzjS9DaJTx6fvs42cRGaCUMGlYGd3ILejj8OXAAWpOw60UFY07klY1Z3i7+kH3 6mNA== X-Gm-Message-State: AOAM530lYhvpBGO6jEpLG3UQ4zUgAET9GHIGkGRfRjsNj7A9W7g0wdno iOPym9jTccjz6hb9zlCdoomGFpteCglwyRT+S3I= X-Google-Smtp-Source: ABdhPJx1JJ0XmShhi74TIbh32BtvTGVhISwacttcRGpIVP/D3e+Li9khIRUZk3Job+crje8gCf5m3Gtudj8ga74RriM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:704:b0:649:cadc:bcf0 with SMTP id k4-20020a056902070400b00649cadcbcf0mr6772144ybt.537.1652473323920; Fri, 13 May 2022 13:22:03 -0700 (PDT) Date: Fri, 13 May 2022 13:21:39 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-2-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=880; h=from:subject; bh=EZLomphfIH08U3z4yVCd/QNb6Zb3C1icGxpk/OdeOrs=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3ix9PIgN+KybiMjc7a7S4+3nkZ58mRwAo49nTd DGA2iOSJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7vTLC/ 9hgHRRO5928cbJy0Lj4dyh/HzCmTIsX5aRyNv3FaExai4tXtGIkEc9t07OQsdSHwe+vOQ4GaN0K0Yo Ez6WpASKIqAWw1CeqAT9mb8YffUPQZ15oosx922RKgOBLn7W0GuI+uzyNSW4zK4l0XtGaSzZaCx+bO VwwGaaThKY0gplbHU9YXLsLgqQFHuUD4yvfaAmhmWNeltzIlMqEj5P7eTYsqRATnkmvNGQL5jBJkGw 8MYNAlP6T/iaCDs7BeP0sPlgm3fIItcqzRKbtCg8953xYBCXp7UcapXhQYFZ+1fZ6g0txkD3HYt7bv /gdeVagNoIHK12tbnXliT67mMG/k2TufwaqBB4HbMNE6B51ElwuEdXvLY/cQftfGrkMKDn3/0c4UPI D5vLLZP1Z9I1is5YqP9C/K2jOqD2gPEXFjVPRK21z5UWzZe53fEZM39HScCeOsPT5AHuN9wQXQhzzD LW8o4It0Oany72uLq2n4E1wVX7ylkcng+6S6YFDEngVsM= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 01/21] efi/libstub: Filter out CC_FLAGS_CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132206_911550_CA86BFB2 X-CRM114-Status: GOOD ( 10.34 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Explicitly filter out CC_FLAGS_CFI in preparation for the flags being removed from CC_FLAGS_LTO. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- drivers/firmware/efi/libstub/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index d0537573501e..234fb2910622 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -39,6 +39,8 @@ KBUILD_CFLAGS := $(cflags-y) -Os -DDISABLE_BRANCH_PROFILING \ # remove SCS flags from all objects in this directory KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) +# disable CFI +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_CFI), $(KBUILD_CFLAGS)) # disable LTO KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO), $(KBUILD_CFLAGS)) From patchwork Fri May 13 20:21:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 19B0DC433F5 for ; Fri, 13 May 2022 20:23:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=1nXQhsVFoDuyFmGjY74bHDOsZAS/NNwjfps5/mZqDw8=; b=Gt89YQgRD+CE/oDVOPKL9awX41 09O8geCRQUgBzEtXdVQvVxqFMVvyVEXAQB+DILONQHZfrzgwivT3yMp+b3QRB75nowy0CS9yrbkWJ ScIlGEJZASZvLtaMEWsFAC+8+9iVu7JlalChn4odKpnu+ISIgvOasRAzk2pzd9g/SaQYoQCjjsNuf 8mpwqX+9MH8kDOqa3W2h1Ae6ioGmlA0C6JkSIcsJMAnNNRDHISzCK1Q9UocvqRZcI1gQ1/wZ/NL28 sIdjAYtH9h6VJl9E7l/KeVhWUUbxWdZXsT56QdzD8dGujFE05AkiH7ALvEaRKqTNohGwldjexC3k2 WvqNOMFg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbo8-00HRTU-G2; Fri, 13 May 2022 20:22:40 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnf-00HR9W-0O for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:12 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2d11b6259adso81348587b3.19 for ; Fri, 13 May 2022 13:22:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=dq5ya0HLbqhoGaxybMwD+u455UO61ysiO/Cn6SCUV4E=; b=QhvLqyQ7SGkhcJcmlPcAMvH4X9HlQFOiCjtBh/sxV7YFuCJ87i5PkY99k8mpn88Z7L bAJHA6Yi+ZPZn6RvkqV/eFGCG1px4tIYEl7/NiOpU+6qbrDMEZhC+SRZjcWXz+crVMyB k89fvJN/FDgzHnNowBikxn+RDEi5rz5cjkFzu4OdcmLuH5qG5wD0z0VtWR17tHJLAXz6 D/UCknaW80Q18TX1vss3qORW2jhII4B6rQkGv+V6pGg9zIzJdJU8oSKhfhM1q13nyTu0 RtKAlKqIMYJgUOayt2WSeBxXLwmjgEC/4qZ7cyJ+5su7ftJjYIt4dwxMI94GP5ohXkvi VOKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=dq5ya0HLbqhoGaxybMwD+u455UO61ysiO/Cn6SCUV4E=; b=OI1bkOjP8aWtn0f9crPu9dYDttMgLWBsAdMFW9U3dl2qa9Y+ZIYvV5OcduoMhnrUj7 qBklEs8PlLJtzuHOinA64M91gT0SQjiT5TizFgE6FiZvwrVczsYWS2gbjsQTrnMeeI6b UaXRuJoA3T3zMqJtneg3+AySB0EANI0usAgWr5XM0mTEm5C+7DbMYZBva9hUQ53KPr2u uoeGpaRvlMnZavYrdKmBYfJdivPnnpZQZxdm9Pv8Fs52vQqymFrF++i8S0TSNUxzEdqK Nz7Lh06JfIpi7+13KXHeJwUm+HpvYfOATENwRSXKNRVYQwtaI1z0Ym5Oa+V0XbKO5qNP QbSg== X-Gm-Message-State: AOAM533LuTRIFyEd/7E1eyAtJSbeq0x5KzvKz7QQwji0Q3YI1pCp8xxk Sai/cj1M7fpQmPFz9b/nryIeFa5ArHWgDVeEYDA= X-Google-Smtp-Source: ABdhPJx6nPe/UG4ioi9xxrUNrDLMncxESewxC/vESjwPAZ8T0UiRXU3Rn9QJIYSuvrV9TPZrXKmlIeVohGiRmaBJe18= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:d1d7:0:b0:64b:6193:cd6d with SMTP id i206-20020a25d1d7000000b0064b6193cd6dmr6849614ybg.149.1652473326244; Fri, 13 May 2022 13:22:06 -0700 (PDT) Date: Fri, 13 May 2022 13:21:40 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-3-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=988; h=from:subject; bh=RNVQHrlEA9fX91aGJUv17nzO52aQ646VsAxq7TYCVmE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3isUdSjjLVv9wzgpsbojWEfNbcYqclULDOWDcw kQXpx/yJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7p9EC/ 9JO2MwCu1MjbT8Exc52X4QzT9yYK9ojOtmr6WsnYMtpgxHa2q1EE6j+R5DjIqzA+m2ZWPHkY8SrMeG ZrpJnTHJPvFOmOV9L+KDF1UT+Vgo2YVrHJuQqxkraewUIudUDq4Bab1FpnWkPZ4QtwJ9xuzKjcnA12 rUIsUKiEhUi1G12cNkjH+aGc4Ny0YP4T2rz89dMrdARLVOHhRPupWfkUNfNVLrIlXbnof/ZCCjhJz1 /gosCtk/66Q2tgY9KlHpacjuBslmTAN6blKpml6eqY1jRO1Hqa6ScjNXsr7+p5muSKkIRmxw1nPydt uEjXwjPlU5Ruc4YYTkRQ1SHEvAY/KmfK1bxhTW2zqyS909mhqMUEKaAw+n3DCzcCfosyD9GzAspMLK SZA/KsxdlXzjUxfsDSQMVqyc7AOnO30FS+TtKeAMlZU6kbhpl6I1yJyRW4cejjllmWB/ynZIDhDZTJ mZiNpwrFr0PQBQTYS1f63TSat1c1BfyDD5IZxeq1F4sM0= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 02/21] arm64/vdso: Filter out CC_FLAGS_CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132211_104473_A313E66E X-CRM114-Status: GOOD ( 12.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Explicitly filter out CC_FLAGS_CFI in preparation for the flags being removed from CC_FLAGS_LTO. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/kernel/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile index 172452f79e46..6c26e0a76a06 100644 --- a/arch/arm64/kernel/vdso/Makefile +++ b/arch/arm64/kernel/vdso/Makefile @@ -33,7 +33,8 @@ ccflags-y += -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO # the CFLAGS of vgettimeofday.c to make possible to build the # kernel with CONFIG_WERROR enabled. CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) \ - $(CC_FLAGS_LTO) -Wmissing-prototypes -Wmissing-declarations + $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) \ + -Wmissing-prototypes -Wmissing-declarations KASAN_SANITIZE := n KCSAN_SANITIZE := n UBSAN_SANITIZE := n From patchwork Fri May 13 20:21:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849382 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7CBC7C433EF for ; Fri, 13 May 2022 20:24:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=wFbtRPbXLoo83wNGxMQkHLrtrHIYLtEYtVXUPtGAv6w=; b=zfQCn4ynPIx31mMTWN0oQVQDiQ ONeu6/v/rt9t/NKxpT+Nw/psMOalmvqAY/tQaUiLRLc66C9Pupkv7RTrVkIL8O8ZGZBjrWbWaS5ty GE6W+jnOTfuAXbqFF+WlVN/IlF23A44ZqPxEsAOcLsvSnBlsmnV55T7zhV/zNrnbv2a1eU/9pMNGn 0lpcvHvTgFkjs89g/QfNOeVq6247ul6Dlcj+RI4scz419HawLczBT8O38xDCmxXqGV10S18hosCVR eJwRnTjkGgqqEpoITuUkeKEGLKkfx/DAaOACXWpgX2QRjs3HtQzLwlbPpolMefAcU1Zbg/eejinul r/T0q9Yg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboS-00HRdX-Lb; Fri, 13 May 2022 20:23:01 +0000 Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnh-00HRAv-8P for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:14 +0000 Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2f8be9326fcso81323347b3.18 for ; Fri, 13 May 2022 13:22:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=IxHEer1R7aVI+23m0/FmYa+I+TASlrgBBKCjzC35/is=; b=OxMA8KuHb8XyzEjNcQew0ArZPh+FVcPLuUudPe8Jic4JWJ2qN0iVlwiAZZSV9Gtzwv 7HrYwsvduCROdph8yijbuUGSiOimDaejwPHZbVJ1M734lxldw057vMrtMmT4JDtTWicN LFtVcyF/iv6fifWYUO8WReZUA0eigVeQwl1sgTgmQEQ2c5FaP2Mr+ePC13K4wuaZayO1 d8+lzT59gwHtCXP+id4mRPGTa9D7RNmpX55+YjUZbLnUUDJp3++JVBGJgL1r3FL1rFgD 9c/LZv5mImy0vO1Qkn8xvEDuDTkaHE5SP9oiguHQSFWAB0RU+W3gKv3DkAA64d0G0jNq TI0g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=IxHEer1R7aVI+23m0/FmYa+I+TASlrgBBKCjzC35/is=; b=GsQjFGYznr2lKCKaKHJ1XT4hb5oHdjhcdPmIntgvnFFwqqrUb6/JkfQ3dDTIyQrvbN DhZxXb7JW8pZSWaTfRYZBbTKb2iDfhalsCPdJ+iZPOntXnPKLt3Qb3Mq5WtpBxdhdaXo oH91o767RIVjZ3OPVfnL2TUDrkdTfLfL0y4KjUdEqipErQkmI3kG7IuMq/MuRq3lbXbx qRPOuHHbdxdxORwl0LDtxyGRvyUZxz0yFnFMGdWQXtNLtObUPGyLJ2dvkmzMeRHXK9NL WEUeGd460IK5R5l7/Sp88ql+damLo37VEkzEGm/929l6YIE3IqM/zXmJ18qm2BjN5cUP rsYA== X-Gm-Message-State: AOAM532gamTA/GL7ipk03bsdsgQe173fZ7EZtZXFDeWZ7/xsfFQxllHT rLq5OUnTTig3RHZ2N0Ny7Fknn5XWNpY+bRo202I= X-Google-Smtp-Source: ABdhPJzUS09TySpKZNXM6m4ea8HNMDMOfILnzeEqlsd04WIi/iMakGhB41x1yNg+3tqOE5zhpyksH9HH+6A5s0pmUMM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:5607:0:b0:2db:c245:5ff4 with SMTP id k7-20020a815607000000b002dbc2455ff4mr7860740ywb.244.1652473328452; Fri, 13 May 2022 13:22:08 -0700 (PDT) Date: Fri, 13 May 2022 13:21:41 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-4-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=669; h=from:subject; bh=nqUrm2wetpzQHlcH5NE19NaoXqu5E22beF1fMMwNKYU=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3iMv7g14dMbgfDCXDLb8bbUgmfd0gW8V9AeL1O zzXtTTuJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694gAKCRBMtfaEi7xW7iEdDA CI6z4FnJ7PlqvcN6HOYf/c+XXnT7MWbgCS2HoVv2P8QoFQ7TpgbvN9zIdJ2RqY6xEuuz3emRk6Ah6L m3BDCj8zH2JvuDhGU8CvazPYASgz94v/HBmS7NVikbjwkqCaqgwWglXdD2apJxu5anZhqnCpft8QPP bsIYUu1URvNbcxZKEGTmZ+CfaHo8s7SG6cXjrxevYWrVVsTwtujQ9JyLn0OoTcm/Fz7e+vQTkJ8h83 tVq2x9/I247t3sHmmcB9KPidgRSvcn1f9jJq0P1G7rSEDpVyZu2g0xj0mridXoViXt4rnsB3q1jmCE BVikAZnVI/yfasdkpS9g3uH/FygOBkKSfIT27/K+DLNc7XcLJJfDlhBepjYoQ2RwC0/vfOhr+7iq8Z S6gs/HjMHr5L+Y77qMjwRSwMNE2rdV+mTed4i9qBwlRWYaCWx3uwygO/JhgxJmegZ36M5eaQI+mxtd OYZMFi5iejcuHT5TOPjKY0v8Ia7ODn5SOlEwOFOqDPNMs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 03/21] kallsyms: Ignore __kcfi_typeid_ From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132213_343176_B0346BCA X-CRM114-Status: UNSURE ( 9.86 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The compiler generates CFI type identifier symbols for annotating assembly functions at link time. Ignore them in kallsyms. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- scripts/kallsyms.c | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c index 8caabddf817c..eebd02e4b832 100644 --- a/scripts/kallsyms.c +++ b/scripts/kallsyms.c @@ -118,6 +118,7 @@ static bool is_ignored_symbol(const char *name, char type) "__ThumbV7PILongThunk_", "__LA25Thunk_", /* mips lld */ "__microLA25Thunk_", + "__kcfi_typeid_", /* CFI type identifiers */ NULL }; From patchwork Fri May 13 20:21:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849383 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EED4DC433EF for ; Fri, 13 May 2022 20:24:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=B0XOH9GzcR9YFRiFdxHa9XGDGXTsMaTBID0HnLMYONM=; b=qYm5VgO634mBVzjGpZHgN+rUXc zq923hCP7gZruJjoexCK2cKZoZsAttVjs/FUhoZ31sLfo1OGwxOIZQk2Vf4xiW/mgM9IkceP6e4Uk vEjSXX5wQXzqF5evdKRZKP26qo0gKkooZF3IUk6eOiSHXy2+mjO55finL5choZ02RyEFPSwvs41Hk hbaCzKB0s1TvHR4N/Q1kgVIkaraSd9rs32PqFXh+hviE6ulWgu6BcpX9VlV3r9KGetngcsaJTsLSx 1j3B1z4SPeha26UvMYDOWoUzGRIhOCnhcAsg7f45sM1iS6zqaSLJA9bznRb8dJVWulrcBW0SqKJUz vrhqC4dw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbot-00HRq1-Nr; Fri, 13 May 2022 20:23:27 +0000 Received: from mail-yw1-x114a.google.com ([2607:f8b0:4864:20::114a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnh-00HRD2-5N for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:15 +0000 Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-2eb7d137101so81624607b3.12 for ; Fri, 13 May 2022 13:22:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3rbENypqCeAz/IgIID+ZPW4C5aWsshvKkILt+5AAV00=; b=bVJWBrl7cDicHt9Gi4+ohHVYJBoB8rZ6BgZAKwfP8uX9YjIQHwpZCAfW+vlcRrMVfV hOn7N8mJzNb5q3DcduzmGvI2YDGVO8Hde136EbMK6VJ7u/UY9cMxBKn/onItf9wZ0/2b uvjjh13z0t2JbcU7Y8Q3vDqdV7iGmwPSjcXGu4dcjyzQelfU+QNc5m18/VdQbiNZkjrR CAYwtqHWmbmlRTWy/1yvZH0/wRpuEtS3VCcisXs2vEgZpgHywKQshxqtwhQEZarYKtDd Au983eBbGCjr7uwjoSBmhj1xenO5980v0wb+hupg9JROuhQV1yrQ1ZzQ7YIWWHobJk99 JbsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3rbENypqCeAz/IgIID+ZPW4C5aWsshvKkILt+5AAV00=; b=iss1+c9q8v2Hs/QPeyq6szhy74nz6w42T3XVGajn+Lj/h7OYKuZigNy4hPYsXs2jRc ayP+TKQrJSmYVIzwlgsFqQrs6Ga7gT8/qCGvCdl688/IpsbsjWFd9WiYp1anxSpLLyv4 uA3D36PVeyS8zZJpD3TvLI3sVui+HEAf6VOi0LttTGBn9Y7ouw6wIqNblQ3eVquQV65F GC/VS1gqoFfFSzOTJT1sU90Ia3PD0oGfs2Fhxe6dFTnAeyXhdIIgguSZVMbtaP447dhz ks1nXv3gVKomsKmzQNsi7tLhDqB2VRBaMoX883eOlwtjMDtN1atgP/jY9cCXQep4NePk ZDvg== X-Gm-Message-State: AOAM532qcomFaSzRzPgJqNEYgPYGpPnWenYHRIqVqDbVTnnzW81ZdsSk 6QSjmT08kp5ExtQ+9W+ADoLnGdIcnw7Py9WnPi8= X-Google-Smtp-Source: ABdhPJzOneMOR1qH6SrOCLKX1t/PSF8tSleCLOirNGH0OtvMabHyIeeG3/ryzlTKbyWHzdCYSvBSGT8CbXKeaVZfa28= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:140e:0:b0:2fe:c3a3:5b19 with SMTP id 14-20020a81140e000000b002fec3a35b19mr3011936ywu.392.1652473330890; Fri, 13 May 2022 13:22:10 -0700 (PDT) Date: Fri, 13 May 2022 13:21:42 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=10304; h=from:subject; bh=ESJ8fWLOKLg6swwonEQ3eCuG0rWXn+X2k0PhZ4hQjD0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3jvI8tsv16brUmow32xC6syargdN+HlcSO8QJh nXSXDGaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7mTRC/ 0dB/Xj5GX4TvXus6/NQ2HnP7prDwgL22vz4nVgvgs7zn6shfiXrh9zDpZOowpe7ko60ZDceOJA8n3V 5LCpX1b6kO8ppbqY81KthIKrk/6yxEVQlGXjx95ZiKzm9J8qUHUQZgLF9fQceVbv9OmQthnrYusFRu +ETQNrWVh+vzhJ8KuboqY8VGX/GYyfBaR8K3IOgAUZzhOhYiDvYir6seKP7fry4A5qksTsLRLZsEy7 WPSWod6n/4e73ndNNMP+Iom/09XrhmwFp0jmWudgUyxFxNr9rSTTSemOHOSHLJ+xmFUVGOULQn/+Sj 2a7scRtBfM6cOiYhFQ5wMyBGsse/JZnELRlwe3aCSpJREob6rZYF+0jT2nYnfjvM/okC2iWLRCVUnK 3csLlqgxKK8PMLDuBk60EF3zyZThdTE1Wgcz8b2tLtfkxbFYc5wC5AhmMyG4Ls74BzFAfExt2qGABE wEvsTOM6jwj/N9rvbVbtdmRPqGQD79oOokeQY/la3Hsus= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 04/21] cfi: Remove CONFIG_CFI_CLANG_SHADOW From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132213_270297_A51DF0CD X-CRM114-Status: GOOD ( 27.48 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org In preparation to switching to -fsanitize=kcfi, remove support for the CFI module shadow that will no longer be needed. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/Kconfig | 10 -- include/linux/cfi.h | 12 --- kernel/cfi.c | 237 +------------------------------------------- kernel/module.c | 15 --- 4 files changed, 1 insertion(+), 273 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 31c4fdc4a4ba..625db6376726 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -739,16 +739,6 @@ config CFI_CLANG https://clang.llvm.org/docs/ControlFlowIntegrity.html -config CFI_CLANG_SHADOW - bool "Use CFI shadow to speed up cross-module checks" - default y - depends on CFI_CLANG && MODULES - help - If you select this option, the kernel builds a fast look-up table of - CFI check functions in loaded modules to reduce performance overhead. - - If unsure, say Y. - config CFI_PERMISSIVE bool "Use CFI in permissive mode" depends on CFI_CLANG diff --git a/include/linux/cfi.h b/include/linux/cfi.h index c6dfc1ed0626..4ab51c067007 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -20,18 +20,6 @@ extern void __cfi_check(uint64_t id, void *ptr, void *diag); #define __CFI_ADDRESSABLE(fn, __attr) \ const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn -#ifdef CONFIG_CFI_CLANG_SHADOW - -extern void cfi_module_add(struct module *mod, unsigned long base_addr); -extern void cfi_module_remove(struct module *mod, unsigned long base_addr); - -#else - -static inline void cfi_module_add(struct module *mod, unsigned long base_addr) {} -static inline void cfi_module_remove(struct module *mod, unsigned long base_addr) {} - -#endif /* CONFIG_CFI_CLANG_SHADOW */ - #else /* !CONFIG_CFI_CLANG */ #ifdef CONFIG_X86_KERNEL_IBT diff --git a/kernel/cfi.c b/kernel/cfi.c index 9594cfd1cf2c..2cc0d01ea980 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -32,237 +32,6 @@ static inline void handle_cfi_failure(void *ptr) } #ifdef CONFIG_MODULES -#ifdef CONFIG_CFI_CLANG_SHADOW -/* - * Index type. A 16-bit index can address at most (2^16)-2 pages (taking - * into account SHADOW_INVALID), i.e. ~256M with 4k pages. - */ -typedef u16 shadow_t; -#define SHADOW_INVALID ((shadow_t)~0UL) - -struct cfi_shadow { - /* Page index for the beginning of the shadow */ - unsigned long base; - /* An array of __cfi_check locations (as indices to the shadow) */ - shadow_t shadow[1]; -} __packed; - -/* - * The shadow covers ~128M from the beginning of the module region. If - * the region is larger, we fall back to __module_address for the rest. - */ -#define __SHADOW_RANGE (_UL(SZ_128M) >> PAGE_SHIFT) - -/* The in-memory size of struct cfi_shadow, always at least one page */ -#define __SHADOW_PAGES ((__SHADOW_RANGE * sizeof(shadow_t)) >> PAGE_SHIFT) -#define SHADOW_PAGES max(1UL, __SHADOW_PAGES) -#define SHADOW_SIZE (SHADOW_PAGES << PAGE_SHIFT) - -/* The actual size of the shadow array, minus metadata */ -#define SHADOW_ARR_SIZE (SHADOW_SIZE - offsetof(struct cfi_shadow, shadow)) -#define SHADOW_ARR_SLOTS (SHADOW_ARR_SIZE / sizeof(shadow_t)) - -static DEFINE_MUTEX(shadow_update_lock); -static struct cfi_shadow __rcu *cfi_shadow __read_mostly; - -/* Returns the index in the shadow for the given address */ -static inline int ptr_to_shadow(const struct cfi_shadow *s, unsigned long ptr) -{ - unsigned long index; - unsigned long page = ptr >> PAGE_SHIFT; - - if (unlikely(page < s->base)) - return -1; /* Outside of module area */ - - index = page - s->base; - - if (index >= SHADOW_ARR_SLOTS) - return -1; /* Cannot be addressed with shadow */ - - return (int)index; -} - -/* Returns the page address for an index in the shadow */ -static inline unsigned long shadow_to_ptr(const struct cfi_shadow *s, - int index) -{ - if (unlikely(index < 0 || index >= SHADOW_ARR_SLOTS)) - return 0; - - return (s->base + index) << PAGE_SHIFT; -} - -/* Returns the __cfi_check function address for the given shadow location */ -static inline unsigned long shadow_to_check_fn(const struct cfi_shadow *s, - int index) -{ - if (unlikely(index < 0 || index >= SHADOW_ARR_SLOTS)) - return 0; - - if (unlikely(s->shadow[index] == SHADOW_INVALID)) - return 0; - - /* __cfi_check is always page aligned */ - return (s->base + s->shadow[index]) << PAGE_SHIFT; -} - -static void prepare_next_shadow(const struct cfi_shadow __rcu *prev, - struct cfi_shadow *next) -{ - int i, index, check; - - /* Mark everything invalid */ - memset(next->shadow, 0xFF, SHADOW_ARR_SIZE); - - if (!prev) - return; /* No previous shadow */ - - /* If the base address didn't change, an update is not needed */ - if (prev->base == next->base) { - memcpy(next->shadow, prev->shadow, SHADOW_ARR_SIZE); - return; - } - - /* Convert the previous shadow to the new address range */ - for (i = 0; i < SHADOW_ARR_SLOTS; ++i) { - if (prev->shadow[i] == SHADOW_INVALID) - continue; - - index = ptr_to_shadow(next, shadow_to_ptr(prev, i)); - if (index < 0) - continue; - - check = ptr_to_shadow(next, - shadow_to_check_fn(prev, prev->shadow[i])); - if (check < 0) - continue; - - next->shadow[index] = (shadow_t)check; - } -} - -static void add_module_to_shadow(struct cfi_shadow *s, struct module *mod, - unsigned long min_addr, unsigned long max_addr) -{ - int check_index; - unsigned long check = (unsigned long)mod->cfi_check; - unsigned long ptr; - - if (unlikely(!PAGE_ALIGNED(check))) { - pr_warn("cfi: not using shadow for module %s\n", mod->name); - return; - } - - check_index = ptr_to_shadow(s, check); - if (check_index < 0) - return; /* Module not addressable with shadow */ - - /* For each page, store the check function index in the shadow */ - for (ptr = min_addr; ptr <= max_addr; ptr += PAGE_SIZE) { - int index = ptr_to_shadow(s, ptr); - - if (index >= 0) { - /* Each page must only contain one module */ - WARN_ON_ONCE(s->shadow[index] != SHADOW_INVALID); - s->shadow[index] = (shadow_t)check_index; - } - } -} - -static void remove_module_from_shadow(struct cfi_shadow *s, struct module *mod, - unsigned long min_addr, unsigned long max_addr) -{ - unsigned long ptr; - - for (ptr = min_addr; ptr <= max_addr; ptr += PAGE_SIZE) { - int index = ptr_to_shadow(s, ptr); - - if (index >= 0) - s->shadow[index] = SHADOW_INVALID; - } -} - -typedef void (*update_shadow_fn)(struct cfi_shadow *, struct module *, - unsigned long min_addr, unsigned long max_addr); - -static void update_shadow(struct module *mod, unsigned long base_addr, - update_shadow_fn fn) -{ - struct cfi_shadow *prev; - struct cfi_shadow *next; - unsigned long min_addr, max_addr; - - next = vmalloc(SHADOW_SIZE); - - mutex_lock(&shadow_update_lock); - prev = rcu_dereference_protected(cfi_shadow, - mutex_is_locked(&shadow_update_lock)); - - if (next) { - next->base = base_addr >> PAGE_SHIFT; - prepare_next_shadow(prev, next); - - min_addr = (unsigned long)mod->core_layout.base; - max_addr = min_addr + mod->core_layout.text_size; - fn(next, mod, min_addr & PAGE_MASK, max_addr & PAGE_MASK); - - set_memory_ro((unsigned long)next, SHADOW_PAGES); - } - - rcu_assign_pointer(cfi_shadow, next); - mutex_unlock(&shadow_update_lock); - synchronize_rcu(); - - if (prev) { - set_memory_rw((unsigned long)prev, SHADOW_PAGES); - vfree(prev); - } -} - -void cfi_module_add(struct module *mod, unsigned long base_addr) -{ - update_shadow(mod, base_addr, add_module_to_shadow); -} - -void cfi_module_remove(struct module *mod, unsigned long base_addr) -{ - update_shadow(mod, base_addr, remove_module_from_shadow); -} - -static inline cfi_check_fn ptr_to_check_fn(const struct cfi_shadow __rcu *s, - unsigned long ptr) -{ - int index; - - if (unlikely(!s)) - return NULL; /* No shadow available */ - - index = ptr_to_shadow(s, ptr); - if (index < 0) - return NULL; /* Cannot be addressed with shadow */ - - return (cfi_check_fn)shadow_to_check_fn(s, index); -} - -static inline cfi_check_fn find_shadow_check_fn(unsigned long ptr) -{ - cfi_check_fn fn; - - rcu_read_lock_sched_notrace(); - fn = ptr_to_check_fn(rcu_dereference_sched(cfi_shadow), ptr); - rcu_read_unlock_sched_notrace(); - - return fn; -} - -#else /* !CONFIG_CFI_CLANG_SHADOW */ - -static inline cfi_check_fn find_shadow_check_fn(unsigned long ptr) -{ - return NULL; -} - -#endif /* CONFIG_CFI_CLANG_SHADOW */ static inline cfi_check_fn find_module_check_fn(unsigned long ptr) { @@ -291,11 +60,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr) * up if necessary. */ RCU_NONIDLE({ - if (IS_ENABLED(CONFIG_CFI_CLANG_SHADOW)) - fn = find_shadow_check_fn(ptr); - - if (!fn) - fn = find_module_check_fn(ptr); + fn = find_module_check_fn(ptr); }); return fn; diff --git a/kernel/module.c b/kernel/module.c index 6cea788fd965..296fe02323e9 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2151,8 +2151,6 @@ void __weak module_arch_freeing_init(struct module *mod) { } -static void cfi_cleanup(struct module *mod); - /* Free a module, remove from lists, etc. */ static void free_module(struct module *mod) { @@ -2194,9 +2192,6 @@ static void free_module(struct module *mod) synchronize_rcu(); mutex_unlock(&module_mutex); - /* Clean up CFI for the module. */ - cfi_cleanup(mod); - /* This may be empty, but that's OK */ module_arch_freeing_init(mod); module_memfree(mod->init_layout.base); @@ -4141,7 +4136,6 @@ static int load_module(struct load_info *info, const char __user *uargs, synchronize_rcu(); kfree(mod->args); free_arch_cleanup: - cfi_cleanup(mod); module_arch_cleanup(mod); free_modinfo: free_modinfo(mod); @@ -4530,15 +4524,6 @@ static void cfi_init(struct module *mod) if (exit) mod->exit = *exit; #endif - - cfi_module_add(mod, module_addr_min); -#endif -} - -static void cfi_cleanup(struct module *mod) -{ -#ifdef CONFIG_CFI_CLANG - cfi_module_remove(mod, module_addr_min); #endif } From patchwork Fri May 13 20:21:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D626BC433EF for ; Fri, 13 May 2022 20:25:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=MTnI28VA9hroXugoWY/LAd63FTqGceRk+lQQjH+RRBk=; b=eWvwjC9xIGWiRfXfDmdh0maIVO uyV3scF5hrPQX3qxCY7uRl8h8eKGp9g64K+oA9iNWv7+tYCV6JgEb0+QsX/YdbyfUvlhpGhoVzpWj T+S7W1V7u5HB8Ff+qd51uVg2Ov68f0zQwv18tjxORyS4yT1SYM/crz4VD9gYHIzWiJuwphWGTcITu l+f+PzHQcgZSp3PVJtQgHXFPrTravjOs2XRMd+a+hkeeDTIuTUFAp/yISk5eScdqvGDQMWeKWrc6C sAU/JUBx4ivGIG6Wtk3WcYe8ByvNvh854DyQGy5mLUPjOCMOq1WXmMGKRFY+wh0Qf/BZPxCq7m0e7 ugU0WHuA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbpb-00HSBi-Jh; Fri, 13 May 2022 20:24:12 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbni-00HREn-LF for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:16 +0000 Received: by mail-yb1-xb49.google.com with SMTP id g26-20020a25b11a000000b0064984a4ffb7so8208333ybj.7 for ; Fri, 13 May 2022 13:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=WU3889iAo2cV03hsiSf5x6zZ/LJ50Xw+92L/EGbhqXo=; b=pZmQDolJvtI0oNoMjFNSs3O4PlnuoIjxWCSUTvNrtCNsWJ/IOfR8nWwmexM+XOZ6VX OBRVl1lCMhpAir8Qb7vKRhjqFO/0FzS9EVJ3+fXOBepXFdP/5tbt6Qv8F2FqZSU9iKzE atW4/BeR2eJaG9x3o1pDimccoqSy9pLSqz1jExrKsvRGU9cfglLErk9kp4JuLSKg0iXS p7fMRI12tbpyBZuSMGUPY12uCE6PP8eUbAqRAoWl+/m1mgK57/DCD4cUyoxzFnUaZNSf aHJ6m/fhSPutclhWYUwr7oDegK72KoFH6Dh5q/VvXM8pxI4DquPJOfYPsJN9ew1qZ1WE ADnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=WU3889iAo2cV03hsiSf5x6zZ/LJ50Xw+92L/EGbhqXo=; b=3Yxjzl8NBPS3DFwkBru1O3sNrxuIlt6WtRsaFO3tSWsQbdaGPAlWFv/D+oVcSg8gky PexIOi8c1dtBgtkSenyfzL/noN5OUk3gRidMRFYehOw5Aur4H/+HyXerGlYVZCHNcSAY cnVszEwn0AS3pLz4YcYD9fjDs8m1vxlZEImAJBOwm4MRj3+EbYwRlnlyc7DaeBp8Nl9i Wf272mQ2ekIQ9ooJzexhoue89DnnJXX0kP9Za19FzzQyG6NuMMAphxdi85YI2pBxnUYb RMIARp13jFcilCFKmQs9wEsTPoI6qpVccYd28c6UzsKYFELOyHrxMG6CJOmzdO8nAF3i Mzkw== X-Gm-Message-State: AOAM531h+4R1E+iiH07MkshCri3hiyX5wLz7dEy64GT3T2XGMGcnjX8G 2O0sXrwg86LEG5beuqRusixrCRPBQJjkk7clV9M= X-Google-Smtp-Source: ABdhPJwxuELEVPnOQKDtqsVDrkvVAVIRZ1hdHAD2MT+Q+cgbmxzoKXzbrC/MSqHsHIXSfCC9M9j87P/P+HCKcQRnswM= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:83d1:0:b0:648:725c:6a05 with SMTP id v17-20020a2583d1000000b00648725c6a05mr6581691ybm.218.1652473333130; Fri, 13 May 2022 13:22:13 -0700 (PDT) Date: Fri, 13 May 2022 13:21:43 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-6-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=3214; h=from:subject; bh=NEJlZMdKjd8Zr3EJq4f2U/eOaR2VOw8ZJNPjD2WS5Pg=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3jsP84AqoF0iPnb8FMjL+St7Zjb6XNSfFd8CUa 8toyEnOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7tzdC/ 9mHIFZ0j3RnJTawg3pYHmudgAx+YsmdirdE8TFxUnZEf8oHYhTkUlg7HOO3hmf5f63KPJpAii3HWfP x9V4qiLz1iAjZ0nt29HurNVlJJwPrPHCAzqmcDL1HncXMzkbJCseEu7h4oldZ0nXQ7G3T9XRplwELO IavmbB2Eijy2MIkwJHs2c3dCXg0Cara5MVl2GeFuFSmIZT4Jfdu6GT1fM4vEYPmHgtRZg4pcRK945G ub5OI9K19suVmpGxkPlg11HeNJe+o1hoAN0OzNEWwfEVNOULVaVwV8SCEq/g+cRVB3Jm4A7GIlI1Ai jgefyruG8c3xYc+hsnDXmBQE99RIclVfn5GRqT/+Z79fNQc5HgKRvjxaAYVxs4BN+XC8VSPP6q0WCL csImxtt33P9GdjW7kYGIYq2IF+1wiH5U4iUzV8w7ibhTmTsyza3JW86J49V7i7sEKr99x0QPmP0u2e AbGrPE5JTOJt2ddxl3S8VQALAnKF+pj9AN9XiaFcxAkWU= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 05/21] cfi: Drop __CFI_ADDRESSABLE From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132214_755842_50AAF18D X-CRM114-Status: GOOD ( 15.34 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The __CFI_ADDRESSABLE macro is used for init_module and cleanup_module to ensure we have the address of the CFI jump table, and with CONFIG_X86_KERNEL_IBT to ensure LTO won't optimize away the symbols. As __CFI_ADDRESSABLE is no longer necessary with -fsanitize=kcfi, add a more flexible version of the __ADDRESSABLE macro and always ensure these symbols won't be dropped. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/cfi.h | 20 -------------------- include/linux/compiler.h | 6 ++++-- include/linux/module.h | 4 ++-- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 4ab51c067007..2cdbc0fbd0ab 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -13,26 +13,6 @@ typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag); /* Compiler-generated function in each module, and the kernel */ extern void __cfi_check(uint64_t id, void *ptr, void *diag); -/* - * Force the compiler to generate a CFI jump table entry for a function - * and store the jump table address to __cfi_jt_. - */ -#define __CFI_ADDRESSABLE(fn, __attr) \ - const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn - -#else /* !CONFIG_CFI_CLANG */ - -#ifdef CONFIG_X86_KERNEL_IBT - -#define __CFI_ADDRESSABLE(fn, __attr) \ - const void *__cfi_jt_ ## fn __visible __attr = (void *)&fn - -#endif /* CONFIG_X86_KERNEL_IBT */ - #endif /* CONFIG_CFI_CLANG */ -#ifndef __CFI_ADDRESSABLE -#define __CFI_ADDRESSABLE(fn, __attr) -#endif - #endif /* _LINUX_CFI_H */ diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 219aa5ddbc73..9303f5fe5d89 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -221,9 +221,11 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, * otherwise, or eliminated entirely due to lack of references that are * visible to the compiler. */ -#define __ADDRESSABLE(sym) \ - static void * __section(".discard.addressable") __used \ +#define ___ADDRESSABLE(sym, __attrs) \ + static void * __used __attrs \ __UNIQUE_ID(__PASTE(__addressable_,sym)) = (void *)&sym; +#define __ADDRESSABLE(sym) \ + ___ADDRESSABLE(sym, __section(".discard.addressable")) /** * offset_to_ptr - convert a relative memory offset to an absolute pointer diff --git a/include/linux/module.h b/include/linux/module.h index 1e135fd5c076..87857275c047 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -132,7 +132,7 @@ extern void cleanup_module(void); { return initfn; } \ int init_module(void) __copy(initfn) \ __attribute__((alias(#initfn))); \ - __CFI_ADDRESSABLE(init_module, __initdata); + ___ADDRESSABLE(init_module, __initdata); /* This is only required if you want to be unloadable. */ #define module_exit(exitfn) \ @@ -140,7 +140,7 @@ extern void cleanup_module(void); { return exitfn; } \ void cleanup_module(void) __copy(exitfn) \ __attribute__((alias(#exitfn))); \ - __CFI_ADDRESSABLE(cleanup_module, __exitdata); + ___ADDRESSABLE(cleanup_module, __exitdata); #endif From patchwork Fri May 13 20:21:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849461 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A0960C433EF for ; Fri, 13 May 2022 20:34:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=WePuAzajMi4Yuycd7O3TNpMHHMEyMxPzvZHBU6Qq0CY=; b=UJDL62GzI3xoe2rO6ueujxinqm QP1uflLgmwgEDxjTwuJ1uu6ogtEG73E4Nbhav23M1fhXdaY1e40tOEzmEbO5sdkv497uyJO87erI7 FfsYQWHweRQcLH3Ou11RxgTN1RRvArCcA22gEZUOgHNZi3QgMyWm3Bi/YHqv/t3W0B7Ecgt+SJT+7 UC5G+sLw6q1oM80HIj57r34t9R3xuCA5w5WUSIU/SUGxsWqVlJTF7GTbKImcdxQIO31OkI5iiHvia Aqqq4eCXDdg89x4Eo+r0f/KppCgMb1Vck4ynUsuPRJBscq1ZM7Q1Cj0PEZV9+6gf3TjssS7haNtZS CKyqrqZg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbxb-00HWbI-0a; Fri, 13 May 2022 20:32:28 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboT-00HRdF-2r for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:Content-Type :Cc:To:From:Subject:References:Mime-Version:Message-Id:In-Reply-To:Date: Sender:Reply-To:Content-ID:Content-Description; bh=pCLU/hXWpDFHII+5GFPvqWhTC0IvLx0cTjkTj7lZmbc=; b=lzu6GiXG+VZIhoN/37Qz8TI4PO D6Xzb9UY36FLusHPm3Eryuafe++OPdUbTN9vCsznzo1VZ5y7y3NATGct7/lyH1Kyd1vc8q5GXvWS4 sQM5MTiI16Ez9n8CuYOzkS02q+r0DRY8mMZJkeaBo0TrVFC4MUkT0QiVFehWOWgEXYbb0lvt2Nk+f Pjl6qZoJlaRL/nMuiEf0exYsyELG51/Eg/1tifvEnpcg+ki/rPU2otMCjQ9UNdh2RXSvhSdNEdoRu dVAa4XogZwHaPJjGpcNZw5nwq6lZxrXbjlgLcenuWt/I3e9LiH10/U4yekNc7llbjBnLWpjCOcJZH 3qMqD83w==; Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbns-0006El-0b for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:37 +0000 Received: by mail-yb1-xb49.google.com with SMTP id j2-20020a2597c2000000b0064b3e54191aso7407930ybo.20 for ; Fri, 13 May 2022 13:22:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc:content-transfer-encoding; bh=pCLU/hXWpDFHII+5GFPvqWhTC0IvLx0cTjkTj7lZmbc=; b=Mjo3Zg4GXcSEYygFB3gUeYErey3L9NNmSyjOIi18QzNpHfJy9bulp3ty3kddEgJ9J4 OPopww/RNZMAY9EqNOt8UF/ur5jA4xe6Vl4e4J9AaOMr5Cvr53O0MDj9V6zOuahgukPh whNbmEtNYcTwmi5ExvRm3P7wuEcc3XI3iMrUTv/+vhWbGaJN7D8iBsSS8Yiv4aD4qdX2 RR4Phvjc5oomZsk9nHp90Pe1Hzk3aTdyy6u1oGKYCyAyoFiiPohavnqrLuMge9o3occh IY17V2npSM/kSAcnAxOw8PLdxW+pSd5E2wi75qbJAw0bn5FUPhJZUWJItdmmZ+cDRi4X jEhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc:content-transfer-encoding; bh=pCLU/hXWpDFHII+5GFPvqWhTC0IvLx0cTjkTj7lZmbc=; b=xbBQCm9JJWb5mHwUPEsqBCNcZtGmJ1dYceDAseGZN6w6QNDximPno5JSlyC4AiC1ir N65oz1T5bnViRQz9NS+woOV6fGBitlZWHUP937iOx9LLwl5nLHb2gcCWWKGavMZggO5c wLH0uyQE1FhZbwCLZeNp94dNt6DfLLURr56Pr3cDVQe+gpXnn7DldwJgiF1UvM7SGZmk bs8mPpkfgPaLc0nENgg1BJ6t8dk78RIhppHoAgv/LYdwWK8VDG9lGdl4yw88EdLAmvOo K7Pl1cuI1skt/rB/6uqjh/pV40qlwXmhyDnIbPme3HmI8hnWtTiK90/uXOxpuMXyAW/6 xUCQ== X-Gm-Message-State: AOAM531l6HnLhh+Sl2IUD2D0FlVh/tgbeLncLJMzCbEh6e67D7LFlMYS sES/sU3fUb6o9KbD4zmPORE/WhU8Q0cLZoAdMXc= X-Google-Smtp-Source: ABdhPJy565vLDtoozxUDDhWLLpuoP38XA6FVRX2KCRBMjTPvFI8LzIegV3p504NDk/E/gB0tUPauPneqNQ2rk7e5uq8= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a0d:d0c1:0:b0:2dc:5950:c72f with SMTP id s184-20020a0dd0c1000000b002dc5950c72fmr7381095ywd.185.1652473335511; Fri, 13 May 2022 13:22:15 -0700 (PDT) Date: Fri, 13 May 2022 13:21:44 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-7-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=15262; h=from:subject; bh=o6CdCuNcxPwKwpmkpv7p1X90CAdPdvaaWPEtZqzJ3XE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j6rhd7VRsqD7zucXreXJ7ZaNf6DPaYMcLutG9 7vnfmlOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7r0QC/ 97uOH7x5RKTU/aAHQLlxOmNegxtd2PtEXwOXGVEKW203D4f6n5MqdBdM2Jj6NLSMS2zVXhO1Ix6JpJ wTeaiv5+oMu5GTzWiYkYpDvT7RugGEiOdwW3lWmrX+/8B0G1XbIZyDkLykymeurzjZcG9L5tDgR8M/ jVIirG2M0l5jtzmMmkfqjH/KYcOHCxTwRs2HE0wpmb0SX2Ctpdymw8SuT+vzzGM2KsqQHYJK7Hzob7 bA+KuvgvhQgsgA3pvWOEa/nIQ1wAQTaRTsjs8UeV/Uokf6fNitmtiHztvm3oFpMvySBJQLK6fMjD6j aB+WZH+h5FgVTvUVQNkQHy+SZvgJZ1Wn5DgpfZ8Q0GpJbVLszH9dC2dp8j+GR7td5Z61OEJOxELkJl 4R1qr8PF8PdrxXEvDYZkcQig4q/1lsv834hPEbiZMk0Su5+XsWidHS8xX8cCa52ewu1zuR82hnQK2F us/l/jDOQgh5ZvSyIcOZ6nuHO4c6PRKyUK8gB/+FtSfgA= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 06/21] cfi: Switch to -fsanitize=kcfi From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212230_826211_633A4789 X-CRM114-Status: GOOD ( 24.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Switch from Clang's original forward-edge control-flow integrity implementation to -fsanitize=kcfi, which is better suited for the kernel, as it doesn't require LTO, doesn't use a jump table that requires altering function references, and won't break cross-module function address equality. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Kees Cook --- Makefile | 13 +-- arch/Kconfig | 11 ++- include/asm-generic/vmlinux.lds.h | 37 ++++----- include/linux/cfi.h | 35 +++++++-- include/linux/compiler-clang.h | 6 +- include/linux/module.h | 6 +- kernel/cfi.c | 126 ++++++++++++++---------------- kernel/module.c | 34 +------- scripts/module.lds.S | 23 +----- 9 files changed, 128 insertions(+), 163 deletions(-) diff --git a/Makefile b/Makefile index 2284d1ca2503..8439551954f1 100644 --- a/Makefile +++ b/Makefile @@ -915,18 +915,7 @@ export CC_FLAGS_LTO endif ifdef CONFIG_CFI_CLANG -CC_FLAGS_CFI := -fsanitize=cfi \ - -fsanitize-cfi-cross-dso \ - -fno-sanitize-cfi-canonical-jump-tables \ - -fno-sanitize-trap=cfi \ - -fno-sanitize-blacklist - -ifdef CONFIG_CFI_PERMISSIVE -CC_FLAGS_CFI += -fsanitize-recover=cfi -endif - -# If LTO flags are filtered out, we must also filter out CFI. -CC_FLAGS_LTO += $(CC_FLAGS_CFI) +CC_FLAGS_CFI := -fsanitize=kcfi KBUILD_CFLAGS += $(CC_FLAGS_CFI) export CC_FLAGS_CFI endif diff --git a/arch/Kconfig b/arch/Kconfig index 625db6376726..f179170cb422 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -720,14 +720,13 @@ config ARCH_SUPPORTS_CFI_CLANG An architecture should select this option if it can support Clang's Control-Flow Integrity (CFI) checking. +config ARCH_USES_CFI_TRAPS + bool + config CFI_CLANG bool "Use Clang's Control Flow Integrity (CFI)" - depends on LTO_CLANG && ARCH_SUPPORTS_CFI_CLANG - # Clang >= 12: - # - https://bugs.llvm.org/show_bug.cgi?id=46258 - # - https://bugs.llvm.org/show_bug.cgi?id=47479 - depends on CLANG_VERSION >= 120000 - select KALLSYMS + depends on ARCH_SUPPORTS_CFI_CLANG + depends on $(cc-option,-fsanitize=kcfi) help This option enables Clang’s forward-edge Control Flow Integrity (CFI) checking, where the compiler injects a runtime check to each diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 69138e9db787..fcb3c7146a43 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -421,6 +421,22 @@ __end_ro_after_init = .; #endif +/* + * .kcfi_traps contains a list KCFI trap locations. + */ +#ifndef KCFI_TRAPS +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +#define KCFI_TRAPS \ + __kcfi_traps : AT(ADDR(__kcfi_traps) - LOAD_OFFSET) { \ + __start___kcfi_traps = .; \ + KEEP(*(.kcfi_traps)) \ + __stop___kcfi_traps = .; \ + } +#else +#define KCFI_TRAPS +#endif +#endif + /* * Read only Data */ @@ -529,6 +545,8 @@ __stop___modver = .; \ } \ \ + KCFI_TRAPS \ + \ RO_EXCEPTION_TABLE \ NOTES \ BTF \ @@ -537,21 +555,6 @@ __end_rodata = .; -/* - * .text..L.cfi.jumptable.* contain Control-Flow Integrity (CFI) - * jump table entries. - */ -#ifdef CONFIG_CFI_CLANG -#define TEXT_CFI_JT \ - . = ALIGN(PMD_SIZE); \ - __cfi_jt_start = .; \ - *(.text..L.cfi.jumptable .text..L.cfi.jumptable.*) \ - . = ALIGN(PMD_SIZE); \ - __cfi_jt_end = .; -#else -#define TEXT_CFI_JT -#endif - /* * Non-instrumentable text section */ @@ -579,7 +582,6 @@ *(.text..refcount) \ *(.ref.text) \ *(.text.asan.* .text.tsan.*) \ - TEXT_CFI_JT \ MEM_KEEP(init.text*) \ MEM_KEEP(exit.text*) \ @@ -1008,8 +1010,7 @@ * keep any .init_array.* sections. * https://bugs.llvm.org/show_bug.cgi?id=46478 */ -#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) || \ - defined(CONFIG_CFI_CLANG) +#if defined(CONFIG_GCOV_KERNEL) || defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KCSAN) # ifdef CONFIG_CONSTRUCTORS # define SANITIZER_DISCARDS \ *(.eh_frame) diff --git a/include/linux/cfi.h b/include/linux/cfi.h index 2cdbc0fbd0ab..655b8b10ac3d 100644 --- a/include/linux/cfi.h +++ b/include/linux/cfi.h @@ -2,17 +2,42 @@ /* * Clang Control Flow Integrity (CFI) support. * - * Copyright (C) 2021 Google LLC + * Copyright (C) 2022 Google LLC */ #ifndef _LINUX_CFI_H #define _LINUX_CFI_H +#include +#include + #ifdef CONFIG_CFI_CLANG -typedef void (*cfi_check_fn)(uint64_t id, void *ptr, void *diag); +enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr, + unsigned long target, unsigned long type); +#else +static inline enum bug_trap_type report_cfi_failure(struct pt_regs *regs, + unsigned long addr, + unsigned long target, + unsigned long type) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ -/* Compiler-generated function in each module, and the kernel */ -extern void __cfi_check(uint64_t id, void *ptr, void *diag); +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +bool is_cfi_trap(unsigned long addr); +#else +static inline bool is_cfi_trap(unsigned long addr) { return false; } +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ -#endif /* CONFIG_CFI_CLANG */ +#ifdef CONFIG_MODULES +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +void module_cfi_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + struct module *mod); +#else +static inline void module_cfi_finalize(const Elf_Ehdr *hdr, + const Elf_Shdr *sechdrs, + struct module *mod) {} +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ +#endif /* CONFIG_MODULES */ #endif /* _LINUX_CFI_H */ diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index babb1347148c..42e55579d649 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -66,8 +66,10 @@ # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif -#define __nocfi __attribute__((__no_sanitize__("cfi"))) -#define __cficanonical __attribute__((__cfi_canonical_jump_table__)) +#if __has_feature(kcfi) +/* Disable CFI checking inside a function. */ +#define __nocfi __attribute__((__no_sanitize__("kcfi"))) +#endif /* * Turn individual warnings and errors on and off locally, depending diff --git a/include/linux/module.h b/include/linux/module.h index 87857275c047..3b485834be74 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -27,7 +27,6 @@ #include #include #include -#include #include #include @@ -388,8 +387,9 @@ struct module { const s32 *crcs; unsigned int num_syms; -#ifdef CONFIG_CFI_CLANG - cfi_check_fn cfi_check; +#ifdef CONFIG_ARCH_USES_CFI_TRAPS + unsigned long *kcfi_traps; + unsigned long *kcfi_traps_end; #endif /* Kernel parameters. */ diff --git a/kernel/cfi.c b/kernel/cfi.c index 2cc0d01ea980..456d5eac082a 100644 --- a/kernel/cfi.c +++ b/kernel/cfi.c @@ -1,94 +1,86 @@ // SPDX-License-Identifier: GPL-2.0 /* - * Clang Control Flow Integrity (CFI) error and slowpath handling. + * Clang Control Flow Integrity (CFI) error handling. * - * Copyright (C) 2021 Google LLC + * Copyright (C) 2022 Google LLC */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Compiler-defined handler names */ -#ifdef CONFIG_CFI_PERMISSIVE -#define cfi_failure_handler __ubsan_handle_cfi_check_fail -#else -#define cfi_failure_handler __ubsan_handle_cfi_check_fail_abort -#endif - -static inline void handle_cfi_failure(void *ptr) -{ - if (IS_ENABLED(CONFIG_CFI_PERMISSIVE)) - WARN_RATELIMIT(1, "CFI failure (target: %pS):\n", ptr); - else - panic("CFI failure (target: %pS)\n", ptr); -} - -#ifdef CONFIG_MODULES +#include -static inline cfi_check_fn find_module_check_fn(unsigned long ptr) +enum bug_trap_type report_cfi_failure(struct pt_regs *regs, unsigned long addr, + unsigned long target, unsigned long type) { - cfi_check_fn fn = NULL; - struct module *mod; + pr_err("CFI failure at %pS (target: %pS; expected type: 0x%08x)\n", + (void *)addr, (void *)target, (u32)type); - rcu_read_lock_sched_notrace(); - mod = __module_address(ptr); - if (mod) - fn = mod->cfi_check; - rcu_read_unlock_sched_notrace(); + if (IS_ENABLED(CONFIG_CFI_PERMISSIVE)) { + __warn(NULL, 0, (void *)addr, 0, regs, NULL); + return BUG_TRAP_TYPE_WARN; + } - return fn; + return BUG_TRAP_TYPE_BUG; } -static inline cfi_check_fn find_check_fn(unsigned long ptr) +#ifdef CONFIG_ARCH_USES_CFI_TRAPS +#ifdef CONFIG_MODULES +/* Populates `kcfi_trap(_end)?` fields in `struct module`. */ +void module_cfi_finalize(const Elf_Ehdr *hdr, const Elf_Shdr *sechdrs, + struct module *mod) { - cfi_check_fn fn = NULL; + char *secstrings; + unsigned int i; - if (is_kernel_text(ptr)) - return __cfi_check; + mod->kcfi_traps = NULL; + mod->kcfi_traps_end = NULL; - /* - * Indirect call checks can happen when RCU is not watching. Both - * the shadow and __module_address use RCU, so we need to wake it - * up if necessary. - */ - RCU_NONIDLE({ - fn = find_module_check_fn(ptr); - }); + secstrings = (char *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; - return fn; + for (i = 1; i < hdr->e_shnum; i++) { + if (strcmp(secstrings + sechdrs[i].sh_name, "__kcfi_traps")) + continue; + + mod->kcfi_traps = (unsigned long *)sechdrs[i].sh_addr; + mod->kcfi_traps_end = (unsigned long *)(sechdrs[i].sh_addr + + sechdrs[i].sh_size); + break; + } } -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) +static bool is_module_cfi_trap(unsigned long addr) { - cfi_check_fn fn = find_check_fn((unsigned long)ptr); + bool found = false; + struct module *mod; + unsigned long *p; - if (likely(fn)) - fn(id, ptr, diag); - else /* Don't allow unchecked modules */ - handle_cfi_failure(ptr); -} -EXPORT_SYMBOL(__cfi_slowpath_diag); + rcu_read_lock_sched_notrace(); -#else /* !CONFIG_MODULES */ + mod = __module_address(addr); + if (mod) + for (p = mod->kcfi_traps; !found && p < mod->kcfi_traps_end; ++p) + found = (*p == addr); + + rcu_read_unlock_sched_notrace(); -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag) + return found; +} +#else /* CONFIG_MODULES */ +static inline bool is_module_cfi_trap(unsigned long addr) { - handle_cfi_failure(ptr); /* No modules */ + return false; } -EXPORT_SYMBOL(__cfi_slowpath_diag); - #endif /* CONFIG_MODULES */ -void cfi_failure_handler(void *data, void *ptr, void *vtable) +extern unsigned long __start___kcfi_traps[]; +extern unsigned long __stop___kcfi_traps[]; + +bool is_cfi_trap(unsigned long addr) { - handle_cfi_failure(ptr); + unsigned long *p; + + for (p = __start___kcfi_traps; p < __stop___kcfi_traps; ++p) + if (*p == addr) + return true; + + return is_module_cfi_trap(addr); } -EXPORT_SYMBOL(cfi_failure_handler); +#endif /* CONFIG_ARCH_USES_CFI_TRAPS */ diff --git a/kernel/module.c b/kernel/module.c index 296fe02323e9..411ae8c358e6 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -57,6 +57,7 @@ #include #include #include +#include #include #include "module-internal.h" @@ -3871,8 +3872,9 @@ static int complete_formation(struct module *mod, struct load_info *info) if (err < 0) goto out; - /* This relies on module_mutex for list integrity. */ + /* These rely on module_mutex for list integrity. */ module_bug_finalize(info->hdr, info->sechdrs, mod); + module_cfi_finalize(info->hdr, info->sechdrs, mod); module_enable_ro(mod, false); module_enable_nx(mod); @@ -3928,8 +3930,6 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname, return 0; } -static void cfi_init(struct module *mod); - /* * Allocate and load the module: note that size of section 0 is always * zero, and we rely on this for optional sections. @@ -4059,9 +4059,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); - /* Setup CFI for the module. */ - cfi_init(mod); - /* Now copy in args */ mod->args = strndup_user(uargs, ~0UL >> 1); if (IS_ERR(mod->args)) { @@ -4502,31 +4499,6 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *, #endif /* CONFIG_LIVEPATCH */ #endif /* CONFIG_KALLSYMS */ -static void cfi_init(struct module *mod) -{ -#ifdef CONFIG_CFI_CLANG - initcall_t *init; - exitcall_t *exit; - - rcu_read_lock_sched(); - mod->cfi_check = (cfi_check_fn) - find_kallsyms_symbol_value(mod, "__cfi_check"); - init = (initcall_t *) - find_kallsyms_symbol_value(mod, "__cfi_jt_init_module"); - exit = (exitcall_t *) - find_kallsyms_symbol_value(mod, "__cfi_jt_cleanup_module"); - rcu_read_unlock_sched(); - - /* Fix init/exit functions to point to the CFI jump table */ - if (init) - mod->init = *init; -#ifdef CONFIG_MODULE_UNLOAD - if (exit) - mod->exit = *exit; -#endif -#endif -} - /* Maximum number of characters written by module_flags() */ #define MODULE_FLAGS_BUF_SIZE (TAINT_FLAGS_COUNT + 4) diff --git a/scripts/module.lds.S b/scripts/module.lds.S index 1d0e1e4dc3d2..0708896139cc 100644 --- a/scripts/module.lds.S +++ b/scripts/module.lds.S @@ -3,20 +3,10 @@ * Archs are free to supply their own linker scripts. ld will * combine them automatically. */ -#ifdef CONFIG_CFI_CLANG -# include -# define ALIGN_CFI ALIGN(PAGE_SIZE) -# define SANITIZER_DISCARDS *(.eh_frame) -#else -# define ALIGN_CFI -# define SANITIZER_DISCARDS -#endif - SECTIONS { /DISCARD/ : { *(.discard) *(.discard.*) - SANITIZER_DISCARDS } __ksymtab 0 : { *(SORT(___ksymtab+*)) } @@ -31,6 +21,10 @@ SECTIONS { __patchable_function_entries : { *(__patchable_function_entries) } +#ifdef CONFIG_ARCH_USES_CFI_TRAPS + __kcfi_traps : { KEEP(*(.kcfi_traps)) } +#endif + #ifdef CONFIG_LTO_CLANG /* * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and @@ -51,15 +45,6 @@ SECTIONS { *(.rodata .rodata.[0-9a-zA-Z_]*) *(.rodata..L*) } - - /* - * With CONFIG_CFI_CLANG, we assume __cfi_check is at the beginning - * of the .text section, and is aligned to PAGE_SIZE. - */ - .text : ALIGN_CFI { - *(.text.__cfi_check) - *(.text .text.[0-9a-zA-Z_]* .text..L.cfi*) - } #endif } From patchwork Fri May 13 20:21:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849462 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 211A6C433EF for ; Fri, 13 May 2022 20:35:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=FMUeTK4JW7RvYkE4z8Yl+kemI/5mzrCRaPvtdDtoiRw=; b=rRlSqChsHRIF1QvQKdj/wY2zp3 dFrC2U9GB3XUlFYMziAgWU95JmpObpM9eKwUY9mniYKwjpoeu9ZEvyNWn5NxZUbfIKIM7YXNVJYlK xJ+fMho2ShIQ13bX9qYtUUTNOUHX9IW0IKFCRI/yPo5l8C1iwtQQJ2HHeD34qmeoq7I/yTZSQMMyA n+jZ9BWWevHQ0Ry2D0X9dJ71DiCiI5QfCNM+INUsZ8ZfF9K1YpB51sYvePmXGcecApwdXL8n9U7Ru T/SXtI5/dqvC8ETIgb89s624jh1w/WruV3MhC7OiEQHFhFrKk1zibxFncojImc9Hu5EJcM9Mp5rv6 xiJw6rCw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbyk-00HXAl-KF; Fri, 13 May 2022 20:33:39 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboZ-00HRhR-Rf for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=F7/EuKDqNIRpl9cuxgWt3S67o/ HYe+w3fELtMtAA2ww5OCcm40gRYhT5y5+jn4suxhwsmYGWKkqeSzsyktwLNgSd4IqItwL6YdlmHLu WTayXyRozSFi+cZ1ub9XESnuTNi0ESQDLl9+7YZ9QyiTUDZo/XBy2h+YQHGOtchQ+gAAOm17+kFb7 M9sD5L/RBU79iQ0AP97NgKVSLKLXIPneRhrI66aNg40AtYGpuaGkHJKY2XKun/1NDI+XAwdqGKssX EZfIUews2At4OlIcqe3bp182OP5ejl3vkVTiCCj47BvrWcp9nrfJ+MRF6eqjgYSb8sHBv+HhwaBxx Jluc7NVg==; Received: from mail-pg1-x549.google.com ([2607:f8b0:4864:20::549]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbo0-0006Ey-SM for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:54 +0000 Received: by mail-pg1-x549.google.com with SMTP id q13-20020a638c4d000000b003821725ad66so4650474pgn.23 for ; Fri, 13 May 2022 13:22:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=MESMouEFY2G4SFqcafmefQWoFCP7ps3QB1tZ46af/jtYe6cn5zcxOwxTwft4N8E1NQ +UuIHuj5VEcDhbnPdN1c0OsP0m7BBsr8MIip1QKYnYg6zeoMy088Pl9eVtEl5uK0saGo XtR42j6pIymFijnyo6XcDzAed95J3W7UJ8IviGf6zqWy//NvXfkBj+GJVwnuCt9lcOFH Z4nLVMl3mKjxxgvlkFCBZewyyE5+nMu5wsw21EWC3AA96x/4tIfvIZsY75Roh12akrho avQ626Wx3RZtmrx/IEAGQSI1UB2H2FZgt4JgCTLLjEpfu6Qdx7RMgQixkMV7q4jIt2ca yN7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=f+v85zCmompJWMzZo0Lo44MXyCG4blaViTEubU7Q5pk=; b=lgA2+/sDwPeTej5yY39j0OyVT8TxrJRGeqy5Grp2qDLtoeM/wpi9T0g5G15orGM5j0 aewUVL2VhGMF87tHSeIyCbXaSZJ/dCD9wsKWLGr9JXJsGxOvEwiMmFNWH/Z9yAY2ekzR ue0Lc0ZEcoYdzajwdwXXBJtKpW913r0iNsQKmzwrUgFZJTbTdaXq0Jk1ZMyJQUAETKjZ R2TcS4ZoStAu7+yLci/ALcrHtoB/q8t+pS00l24tzuvJdYpueLLtSiaSpB4D4WCGixB0 QAD2/bLiZKl6bHarFB+E04pDhDcpadNhIWfH7DP6atIHEDYFly2sJPyKyLLqxbqi1UkR Dmnw== X-Gm-Message-State: AOAM5320kFdoQJA9TrA3zqV6tPBXLt7eVIsH3e3oLz4FNM23uBM5d3Ua qL+MVkduHcafXRRaefSh9ihJt3lS8gn1KSBGn3I= X-Google-Smtp-Source: ABdhPJwfcFjFJSZbXy4dFXWlYx0UTPoVmJGQDFAqlwZxMLFtphKEHH2VS3sWnVMuhcTFKwv+pj6ccI88tY8WuVvcx7E= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:aa7:88d1:0:b0:510:3ee2:3f25 with SMTP id k17-20020aa788d1000000b005103ee23f25mr6048858pff.41.1652473338024; Fri, 13 May 2022 13:22:18 -0700 (PDT) Date: Fri, 13 May 2022 13:21:45 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-8-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2369; h=from:subject; bh=TboG0ryIg4JgbMTsV2OXgx0SX/UFOnu1UldMJxVt8Po=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j4WY4BkbqYI6dC/ZfJbPOV8T4fFdqndEpsBM/ hV5fbI2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7gMxC/ 4pxFRx4HmL+KUme/ZjGLLUnoT9FbQCcyon3/8qR0GI2jddZNW3zIDnAihW+p9AayVGcFBw/cucqeD6 aXfUmw4i5Efc8tn7VJtIfgwBMJEeT97CO0koKO1cJfqhLgyPXQDEp5x3qbmJIPEvXkFbMwd9T0no37 HPRxilpeC2rxuO4N07WfXvHHMyvz873twQyminhgkImNDn8LWrzNZD2TYLXYTmCSbYCFGu5tXSDEhw ZHK28QweaPZFMYbk0wN8AvV4LKrTN0/LJoOuYP485lixfm/DeCd/25TzV57VDBt4ZfW/VlEHh4RkgX cFHax638u12jlXDQHJK2SS7MLmlojw27IhKgnEszme11T0yFry4yEqhhcfa1m4PMtHA6DBWFAZjYwA CCw/0R+hbTncTA8X3SMH0fWDvX+13ZsaiGA+rH7eLAG+M6F+T6JF6K+96BK3G6xvoablbMV270wlb8 +GZCYAV3P1rotvaWrcFV5saGNcr9RR12T6hfVDEQ+LtAA= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 07/21] cfi: Add type helper macros From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212246_395361_7AE0F823 X-CRM114-Status: GOOD ( 14.12 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions called indirectly from C code must be annotated with type identifiers to pass CFI checking. The compiler emits a __kcfi_typeid_ symbol for each address-taken function declaration in C, which contains the expected type identifier. Add typed versions of SYM_FUNC_START and SYM_FUNC_START_ALIAS, which emit the type identifier before the function. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/cfi_types.h | 57 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 include/linux/cfi_types.h diff --git a/include/linux/cfi_types.h b/include/linux/cfi_types.h new file mode 100644 index 000000000000..dd16e755a197 --- /dev/null +++ b/include/linux/cfi_types.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Clang Control Flow Integrity (CFI) type definitions. + */ +#ifndef _LINUX_CFI_TYPES_H +#define _LINUX_CFI_TYPES_H + +#ifdef CONFIG_CFI_CLANG +#include + +#ifdef __ASSEMBLY__ +/* + * Use the __kcfi_typeid_ type identifier symbol to + * annotate indirectly called assembly functions. The compiler emits + * these symbols for all address-taken function declarations in C + * code. + */ +#ifndef __CFI_TYPE +#define __CFI_TYPE(name) \ + .4byte __kcfi_typeid_##name +#endif + +#define SYM_TYPED_ENTRY(name, fname, linkage, align...) \ + linkage(name) ASM_NL \ + align ASM_NL \ + __CFI_TYPE(fname) ASM_NL \ + name: + +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_TYPED_ENTRY(name, fname, SYM_L_GLOBAL, SYM_A_ALIGN) + +#endif /* __ASSEMBLY__ */ + +#else /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define __SYM_TYPED_FUNC_START_ALIAS(name, fname) \ + SYM_FUNC_START_ALIAS(name) + +#define __SYM_TYPED_FUNC_START(name, fname) \ + SYM_FUNC_START(name) +#endif /* __ASSEMBLY__ */ + +#endif /* CONFIG_CFI_CLANG */ + +#ifdef __ASSEMBLY__ +#define SYM_TYPED_FUNC_START_ALIAS(name) \ + __SYM_TYPED_FUNC_START_ALIAS(name, name) + +#define SYM_TYPED_FUNC_START(name) \ + __SYM_TYPED_FUNC_START(name, name) +#endif /* __ASSEMBLY__ */ + +#endif /* _LINUX_CFI_TYPES_H */ From patchwork Fri May 13 20:21:46 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849385 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 6D9B9C433F5 for ; Fri, 13 May 2022 20:25:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=d0KZ77v5kO4gBAT3YYZSAcEzD9iVhlPXD9Wxs5jhYZw=; b=3WYpmtfpTpFE7YL/RD58CcVNLC tu9KIPjMlCiUhesKmVz624TI6ZV/pViRWlL42xF3PFdEEmpSJ5K+OY4Q3ToO2UlLURSPqkoLETPDE lDyDD2TYtxiMQAz93u0DHk9pBOBMuo21cKoDcMRQgmwIrPJv0WhhmQQz+9kVlcUrvOJ5rouzBXvrE ZUhg4cFDiJR5l4Zf6yoWysp91XHvpfQEEaRj92brh9fjZydh9mJocRh1rUunC01FcCc+E+JJiHEmU /BdRcGMJTxGXMlXRpO862uaW435EsWVTJ9q+//nrXMXbqE93LKiuVFMxVuSM1P1W0QheCCpyDoZAC 2rIvoMLg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbq2-00HSQT-MF; Fri, 13 May 2022 20:24:38 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnp-00HRJc-VM for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:23 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f4e17a5809so81517657b3.2 for ; Fri, 13 May 2022 13:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=bOpzM5rX2l4ip7yxSBZMEDJLuv66hWELCctweBJJHks=; b=rL/hL6OntTIlT6+vghCQAiZfUmoZf+JKLSwkZf+IrrsNgssVEJVawitmFaYY55jmBe amD7Eq+wsfiNCduzWZ9qsgP4L4Eaoz5WdsbalKIQn6dmzQtZSjg5Ws94G9xU2GMA3379 ptYLd/GCT/HZYVruQu1ULOS8r60MhY8tYFWaQkLiwx/jHZy3Hv8nqZJGcbTTlO61CRHO Ui5viFE1OPI2iQTd8ZFgpeNNg8UIf9lxq/5l0yMHnkI4aHbNASnhtiPtCkKN6ow4/8Gy Buw+p+M5hlwFYUt71jzAT461tK+NYI45ChnwXdq3pjmdEybkufp0sSLOl8jFCSlKjOtr c9KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=bOpzM5rX2l4ip7yxSBZMEDJLuv66hWELCctweBJJHks=; b=yWcDZZ0+NTCSB4tGo7utHUTXDyPNw8QODHtVl+J4tP8IPXoDc+XwFbwC1Ui6jokSQ1 yeAIPSTD07kKdxrrpInfI230QDCk6Tm9s9SGacF/hyLS9Xdl8Lu7vrY1MKHVYMrd0TqV TECrHV+lqqnmDoijqcJ0WumvQjmi2ighJ8qgNlBtZNVPiDlmIft/46IJ1EeohQyskwZa hWACuemtHJrdZLRM1Z32Jfji/sOKWs0tqQJGWD8Rs+R6zK2J5claAKAUoBCVHzInJdqr vu/tHO4vqsk58rnBieiR4znusE6V+17IqZJRB9FopOWFQQ45r3cOWR5ZD4ijsCP9wXMf DIWw== X-Gm-Message-State: AOAM532aoc8MUtGLGa1hp0KGJ2kc6mP+YsZ/oc04fMSQmh+LaAoMtYgf XuXguQSzO9CiNNZz7hvEyfHxD6PvqdyQy0uYQ2k= X-Google-Smtp-Source: ABdhPJwWzw5BAhCv70kXSSaCh7PhBQVVl4ghLTYlA0W/0QO97ijY+sTWmPSKw5zlsA+je25PPHFJReZCMSvJtqlJTmo= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:b320:0:b0:645:6969:52f4 with SMTP id l32-20020a25b320000000b00645696952f4mr6410598ybj.466.1652473340628; Fri, 13 May 2022 13:22:20 -0700 (PDT) Date: Fri, 13 May 2022 13:21:46 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-9-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=835; h=from:subject; bh=HH1ZoZ4U7IrTG0qT02hkMGqwA8ikkqMw52ht6iNCIe8=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3j/HnryEij1/HDUc2sbZLQyYN7d6556HPZq1qT l1xSJNOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn694wAKCRBMtfaEi7xW7ktXDA CU67UkQ9+rP6BZrl4m0BX4xUiwzSmmKPLl9nByQ7yxpXu6x9cOxvsh7U+Y+kdEvD+wXiJX/83jCg88 viRNpRYeMvJXxI1DPEyJhK+E2GSrC8RfNlnOKOCBWyBm9pDr7/akIxQSKPItAZ9NR9hoZDzYxImk2b kFlY7+tt3abbniKqgwD2SlAe9ab1jJeTDp1b8ijpK85f3dEHhJtGWHn4ijrJQWlimUHtN4amn+DJmV I7Ti8ClmSh7Lky12ga65DmJQ3s1WHHj5ZrZGalNG25evyzYj+FTwpvEv/D9IRDB2+brvZ/pidt0x7N F1EQbzuYgZCDrr4PNCycx1HLCBZ4pC1q+96fvrsjj4UyPP6hEiyzGaqhTM211QovCAKh8N5YyyY8Kq cgmRTA/+rmphPKNrl6e434tN7thBoUXXn9pnTlR1B7tNq5ZAio1MvLBno+7zYk2Lthd97TwEgrcjPV xYOFqJC1W7SajhbCnMeZUuTW5HZSIq64lZnTLiQXLJKfU= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 08/21] psci: Fix the function type for psci_initcall_t From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132222_046757_45614990 X-CRM114-Status: GOOD ( 12.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Functions called through a psci_initcall_t pointer all have non-const arguments. Fix the type definition to avoid tripping indirect call checks with CFI_CLANG. Reported-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- drivers/firmware/psci/psci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c index cfb448eabdaa..6554bf4b8c99 100644 --- a/drivers/firmware/psci/psci.c +++ b/drivers/firmware/psci/psci.c @@ -521,7 +521,7 @@ static int __init psci_probe(void) return 0; } -typedef int (*psci_initcall_t)(const struct device_node *); +typedef int (*psci_initcall_t)(struct device_node *); /* * PSCI init function for PSCI versions >=0.2 From patchwork Fri May 13 20:21:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849463 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5D517C433EF for ; Fri, 13 May 2022 20:35:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=bY8C+ygosoIchBksZOPAPj4uU9BxLoMkZyhN32eFUyU=; b=4FgrlN/ySSpZ86vWA403/pe1I0 L4lMVclFrukqvak78suOHRjdh6B5qOav3q4T5ebtH0qeVazgTs/JyEzq0/6u5eQXU1IjPEGQH9hkM hFPnw/J70Vt7ZVqJKT4BGVoDaOavEkI8R9HOSoMF8fMG10FzEMYWwO4b8Q0NQn1P22n6oI3Wbxih/ hg+iY8t9RqN+MSa8rEg4uVPavMHn6By/xlPnZoncF9rAyDx5C6uiQY6ckJgET6+o9y/Nq9GHvwnAg kDhCKptbSBNS+hhuLMl4rl7aZe7hDwpuWuxVlePTkR/XsD6HWfe80JmS0I33A2bzLnLSVFfd5dh/4 2PiA0SoQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbzT-00HXNw-J9; Fri, 13 May 2022 20:34:25 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboZ-00HRhS-Tb for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=qSFqHEoM0jVY7Xc145M1tC6JaMH9LeBcrCGvTvckEBI=; b=cnqci5jafv8fscgh/+zgT9EjSK qo6IOUA+sZXJS6yia3vgtYrciV1AD+Ab4LTsDqExQtqHbNvqs3ZzA31iYn/GO90S21Ux88M5QUuCj mMBhZm3yyZ6zCbIpZNKkNjMCgAAthFfPw0PlKFEe6p2dvFi7Y7S9QAIhsVALMQuQcFBJt0yVxEW9G 3dss5D1461Aogm8gzBW6CSgrillfbAu+cp9iIhLFMUAsLZPkZhR7LXOcrdFEfWhrVPxWLTalj2Tgg zRz+SLNth8eyqrUVThUVE3BvDJorXsWZe7O9FxezyqGdFH37zOxsdjetHukRtA6Pmu2apuEj/WNHY oV1h4gLw==; Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbo5-0006F9-OI for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:54 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id d22-20020a25add6000000b00645d796034fso8239362ybe.2 for ; Fri, 13 May 2022 13:22:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=qSFqHEoM0jVY7Xc145M1tC6JaMH9LeBcrCGvTvckEBI=; b=cByubZC95NZHiGgqSDuLONtA3X/WkLE+HVnc2mzvEL8ZduMsM8hhr6bGQhjb5MAoBf AlxWoFJljgvPJAPexGdsYAU2nkBf2511z76YHeCLBBKG0AAYVqG85Ns8p0H5W1w5vphk R+kEXvZ920Vz9rWKPcwDnTjphfS8yAb1vP3H2TwcJedrvDrAz0I2StTob25tINYtK41w dFHR1/CxVJuaplVjk1XnKzaYEW6m/C1cuf3Iqs0DUZ9htCJOpUbLQuifBjU1Cnimx+Bw DryMNF1HR27a9YQqZ5rpnYIGLfjb9lXH9MM5byY46h79zx0IWoycyOAqIAeODvAlCl4n g0fw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=qSFqHEoM0jVY7Xc145M1tC6JaMH9LeBcrCGvTvckEBI=; b=6kRnz+LstwS3bMwH8NhyCez+TvBhYuHrPwEwOvCh5DDIWzp0zx2ExnyVs/A/ZznUHw XH2tuqmHrnph8KXu57VrTJqeDZI3+oqPQ4SPhP5+0x4UEVPFXry6ppv1FDE1MQW6z+k0 ER+VyVjMPhyOWyrSi9lK0DXaecKu1nMoNoUlaE3eue2zK6zPv6Q0uH9ToN5axI0KFwKD SEFTLd/0TgNF7yncYifHsQbyoUf55pkYmUoRSSVDpVWl7fZRVcpvFX5HgAGDwpVmZnQt BTbCRpxaOT7POBw6VtjZF7jNcCf41/f2MSeI5WFRYscI5OtUkv7OkwbwMnGkAiLRDOdg 0BZw== X-Gm-Message-State: AOAM533Do/433cx4I/B6BWPZj6FnXkCCwC1+j3uXW8WU5jolkZAoy3F1 xSvYlOIpeyEFfWZ9b1HTGjNRta38kph3Aa5pmTI= X-Google-Smtp-Source: ABdhPJxDA6ZdqsEPj1xJDYsYUmAOPwqTrdnMoq/rG+psn5HvqkJ8fzRIKNGmJ0yGoi6cJV7H5UV2gjxi7x01RpVxzCs= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:84:b0:63d:4a3d:eb5 with SMTP id h4-20020a056902008400b0063d4a3d0eb5mr6762470ybs.145.1652473342924; Fri, 13 May 2022 13:22:22 -0700 (PDT) Date: Fri, 13 May 2022 13:21:47 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-10-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=3798; h=from:subject; bh=4TCS/TOOZQmpZTvnkB/4gv9RquE2CFE6aPMp1ORi+F8=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3keudw4QkzukoMzVjW96Vw+mRxd/N17uuheg4o ZrrHzi+JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7mAnC/ 9MFFSpVcCRnjn6y/sZgCMgB5v8SzFD4fcUMRzQdCuywzauLs6IVlf2abTnws4RBuqt7xXRPaT0d/Tp CCDvoWoZFKFeNWuUyQQdq8O7hdkgMuRAE+YdBhUJj7/b8NNcxtC//EOkOMwUrddtnhRe+mpqu114Wt x0LCWvLmWILbkSArCygz4rgemA07WPWqt5qveGMr/+j2gvuZlXXlrz8HUewJ30uyHQeeeFk8dXRH41 Q59fHATagQlVvKd+rYHMie0iY8PA0hShyA8NRIc3pLg+ZezhtHPudqd7m93l8758xWWMK/RGkNUWqc yIWBB4W3oOfq6RzuUShftpo40PN+Gp2cNvGocpje01s8dROy4bqL2HYjWmLS1nJN4v9PEsMc0KdLMy IbmU/jfkO9j3mbRV3Eg2GqPE/h5IpHeC/yo4w6LEJ69OktyEoM6DTD+k0eg3RitzHvCPjTnnf2eE0E NwIRPdYI8Xg4cSruMxRSdJXpLJx6qOsiQBXk9HWActwcE= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 09/21] arm64: Add types to indirect called assembly functions From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212246_399728_B0C39C8B X-CRM114-Status: GOOD ( 13.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Use SYM_TYPED_FUNC_START for indirectly called functions. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/crypto/ghash-ce-core.S | 5 +++-- arch/arm64/crypto/sm3-ce-core.S | 3 ++- arch/arm64/kernel/cpu-reset.S | 5 +++-- arch/arm64/mm/proc.S | 5 +++-- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/arch/arm64/crypto/ghash-ce-core.S b/arch/arm64/crypto/ghash-ce-core.S index 7868330dd54e..ebe5558929b7 100644 --- a/arch/arm64/crypto/ghash-ce-core.S +++ b/arch/arm64/crypto/ghash-ce-core.S @@ -6,6 +6,7 @@ */ #include +#include #include SHASH .req v0 @@ -350,11 +351,11 @@ CPU_LE( rev64 T1.16b, T1.16b ) * void pmull_ghash_update(int blocks, u64 dg[], const char *src, * struct ghash_key const *k, const char *head) */ -SYM_FUNC_START(pmull_ghash_update_p64) +SYM_TYPED_FUNC_START(pmull_ghash_update_p64) __pmull_ghash p64 SYM_FUNC_END(pmull_ghash_update_p64) -SYM_FUNC_START(pmull_ghash_update_p8) +SYM_TYPED_FUNC_START(pmull_ghash_update_p8) __pmull_ghash p8 SYM_FUNC_END(pmull_ghash_update_p8) diff --git a/arch/arm64/crypto/sm3-ce-core.S b/arch/arm64/crypto/sm3-ce-core.S index ef97d3187cb7..ca70cfacd0d0 100644 --- a/arch/arm64/crypto/sm3-ce-core.S +++ b/arch/arm64/crypto/sm3-ce-core.S @@ -6,6 +6,7 @@ */ #include +#include #include .irp b, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12 @@ -73,7 +74,7 @@ * int blocks) */ .text -SYM_FUNC_START(sm3_ce_transform) +SYM_TYPED_FUNC_START(sm3_ce_transform) /* load state */ ld1 {v8.4s-v9.4s}, [x0] rev64 v8.4s, v8.4s diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S index 48a8af97faa9..6b752fe89745 100644 --- a/arch/arm64/kernel/cpu-reset.S +++ b/arch/arm64/kernel/cpu-reset.S @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -28,7 +29,7 @@ * branch to what would be the reset vector. It must be executed with the * flat identity mapping. */ -SYM_CODE_START(cpu_soft_restart) +SYM_TYPED_FUNC_START(cpu_soft_restart) mov_q x12, INIT_SCTLR_EL1_MMU_OFF pre_disable_mmu_workaround /* @@ -47,6 +48,6 @@ SYM_CODE_START(cpu_soft_restart) mov x1, x3 // arg1 mov x2, x4 // arg2 br x8 -SYM_CODE_END(cpu_soft_restart) +SYM_FUNC_END(cpu_soft_restart) .popsection diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S index 50bbed947bec..dfa715315551 100644 --- a/arch/arm64/mm/proc.S +++ b/arch/arm64/mm/proc.S @@ -10,6 +10,7 @@ #include #include #include +#include #include #include #include @@ -184,7 +185,7 @@ SYM_FUNC_END(cpu_do_resume) * This is the low-level counterpart to cpu_replace_ttbr1, and should not be * called by anything else. It can only be executed from a TTBR0 mapping. */ -SYM_FUNC_START(idmap_cpu_replace_ttbr1) +SYM_TYPED_FUNC_START(idmap_cpu_replace_ttbr1) save_and_disable_daif flags=x2 __idmap_cpu_set_reserved_ttbr1 x1, x3 @@ -224,7 +225,7 @@ SYM_FUNC_END(idmap_cpu_replace_ttbr1) */ __idmap_kpti_flag: .long 1 -SYM_FUNC_START(idmap_kpti_install_ng_mappings) +SYM_TYPED_FUNC_START(idmap_kpti_install_ng_mappings) cpu .req w0 num_cpus .req w1 swapper_pa .req x2 From patchwork Fri May 13 20:21:48 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849464 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D2AD5C433EF for ; Fri, 13 May 2022 20:37:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=55XByMjYyNuhH6NqgCYht30CuV9GD/GBRmkBa7jbswE=; b=cQDxynMcEu/8hCg4fWA4FTCN3J pWj3+SkVclmZ+0mEj/OVNbmA1DHaLCbfgBu1d6BBm3js5d0BpgbqhnIMiTtwdrD5on8NZh2s1455e vdRKhDoG+RZEWPotB6nY3gO3AKLLXl5IX99iR0KfC5nOXBpdG0fMSdLXA+TtjUQP45c1snDfN1FX0 hMAo0pKqmFVAPJqOCmboq060xqJqnmxaBIIw+4J6567IMIy/6dmO/4OQlHan3A5hbzCX3CwqXkjj2 pmh4lUo8fV3/Ul18VgPKPnpS0/R8ZzyiAtmH8mw1kn9qrxvc1RUtZmHQ2OvacI0Gpgi+KK9aINQiS IYHMqSzA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npc0m-00HXqs-7f; Fri, 13 May 2022 20:35:45 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboj-00HRlY-PB for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:17 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Md6wwFDvMB4PVLqDkhfp9mTXd6QYVPx7Z8FPR5f9BSc=; b=KuONWTYcMLzU+oUAs5pUXdQjQJ IhjzMvjIhS5SuJDKiPBp9ZyBOtQ1+1wdtpaERBpfjlnqrVd2LYmdSUiq4sNdH5FILNjuOCigmLTJZ 0O7UZPeFR4caU8+gVJPo0ODIW/QODjKWSP9Z0eziLsGnuPrx815gJ9jm0/+ZZ4E2nKrVr+ig6N4DZ WbdgnSI5SPqAL7kYz9sA0UhtXcVQanBeI0KL2JACy/0W49uxj1Vew3j27+zY1fIBJEu7A/olJN3Va mSAx2Tg8leTNqie+6xvXCEBr3NrnSdnaI7y03t/0lfbPTzvWhI5KX3oj5WyU03bSCPtp6CV92piCw 83kXlS6Q==; Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboH-0006FB-Ro for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:59 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f7ee6bc6ddso81784877b3.1 for ; Fri, 13 May 2022 13:22:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=Md6wwFDvMB4PVLqDkhfp9mTXd6QYVPx7Z8FPR5f9BSc=; b=KiVS3O4bekcxB7zRZoUJHFZJC7pmj9et4ExYBMRQtrZU8uDdsD3u+yuBe2bpvHaboU icZWw3PUM7spsGQu8RtA1aBOVIb1TYAejdog7cMCVttwD9GBxAh1mMFoUmkbc8g6LhE6 7VkGoEPn54yf0UcOMBF+yOqdXQNuzX/wnmG40puQlxRB6ekpOaaFEp0ZczuHMwwQpq4o 3x3klsFe0NGwLywlH8fDArVTUG5ZKzuXuhX1Ua2NneiDnzgkNTJPR3JX0InVVnr7olCT ha0Lzz9IjicA8KUwWf24IYVSSBiuTB6Kr4ntbh/fI76NbITvA/+8xWXIGKUZjKbOmq8I Q3dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Md6wwFDvMB4PVLqDkhfp9mTXd6QYVPx7Z8FPR5f9BSc=; b=CzCKegeTs/AJl3iBIq1N6KsUmyQTvjGPEropH5rQxt/vNd8hUgY2HOIAuMVRLPLrt1 fEvAcIadA//scsW1CqkWGRzNpMA5KVXxIUYDJx9zpogOJG6fmuwLekHI26qcsQ5stDgO fspgzy/JCAy+SCVjL+Cez/9ZEon6VctyBdsVaDMvrX70yRGUUhGecR8IZjC1ItDnW1Z8 7hl9rWJQ8ZCqvhz9eby7iS31SgRW/FFSTngiUX9oQUAjdpjHhsjjIe+It7SjwXrGNiOT B/ljW5o+u6ngASX8NHhSXlqldCO/Pnm8ESTMBKCkitDdBlL9YgmpBf4qILZPwm712/KF 0xbg== X-Gm-Message-State: AOAM532qLDhDVK2xQwCkkP2JTNR6OytbnjakJy5G4mqz+eG5G26D6HtV 5+rAXWH4o2HrLSl+UAsiklrqH6OhOM3XIQqyX1Y= X-Google-Smtp-Source: ABdhPJzzS+hgrDXkIQ78C1jkwVYeeiqi5zDv7GpOH8HTs/OQpJlVpQOvxTx5coGiuLkilLM7qnBvEsaxCyb0BC1W874= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a0d:f545:0:b0:2fe:abb3:7c with SMTP id e66-20020a0df545000000b002feabb3007cmr6167664ywf.442.1652473345464; Fri, 13 May 2022 13:22:25 -0700 (PDT) Date: Fri, 13 May 2022 13:21:48 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-11-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=4086; h=from:subject; bh=cZE++FYxgA229q0aEVyJMl4ketApj5AOcD5nAVOWycA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kd278w3J1O0/fEBAHIfTms9eoTg4xVty1x+fK sxtAHyaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7oQyC/ 9MK5AaJuJ0icIag21s1ACQae/rcQ41SWh1Ec8GZwcMOoJRNqBhJHgFoOgs6sXcBcAb/evxOT6/I4Yt PoLSoTUYzU/wrJ67vPbLcuVppH1i8JDgV902A1wsjtaNLZEfqjtMFOlNsx2qlwJb/m3jqyReATfZUl Di7bvD/X8nPduu+wx+FYK6yN1CbB2MyanTnqytQDgBJG+ekfG3qwYZU6caWhHxli8mW3Aaol4qf5Ez uzXpaVu1FeVEw57NTqcwwSB5qIuMm3Ex1TGjLW/M0aeSUEcW0GiG6fr2EiWsdQILSlGG5zlaBW5GUR 2qnQXy5m1b/upu1i1lHM+rRuqMQ63eAn4tOoVvsQbRb5wh3z4+xRPiR6WYV9JtWCDN/aXKegiDKzZY Ddi/6Azc4I2/hxVQoB2KvshJfM3hpkm+Y1RPwZwmJY+h7v4eucWpyQEKru0C9hp3vvSQ1tK31t9kMV KOiO4NAvTjGTUhPLwehD8ina98kge2npOGXqie6Wf/i2A= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 10/21] arm64: Add CFI error handling From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212257_220640_4FF37EB5 X-CRM114-Status: GOOD ( 19.06 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With -fsanitize=kcfi, CFI always traps. Add arm64 support for handling CFI failures. The registers containing the target address and the expected type are encoded in the first ten bits of the ESR as follows: - 0-4: n, where the register Xn contains the target address - 5-9: m, where the register Wm contains the type hash Suggested-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/brk-imm.h | 6 +++++ arch/arm64/kernel/traps.c | 46 +++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/brk-imm.h b/arch/arm64/include/asm/brk-imm.h index ec7720dbe2c8..6e000113e508 100644 --- a/arch/arm64/include/asm/brk-imm.h +++ b/arch/arm64/include/asm/brk-imm.h @@ -17,6 +17,7 @@ * 0x401: for compile time BRK instruction * 0x800: kernel-mode BUG() and WARN() traps * 0x9xx: tag-based KASAN trap (allowed values 0x900 - 0x9ff) + * 0x8xxx: Control-Flow Integrity traps */ #define KPROBES_BRK_IMM 0x004 #define UPROBES_BRK_IMM 0x005 @@ -28,4 +29,9 @@ #define KASAN_BRK_IMM 0x900 #define KASAN_BRK_MASK 0x0ff +#define CFI_BRK_IMM_TARGET GENMASK(4, 0) +#define CFI_BRK_IMM_TYPE GENMASK(9, 5) +#define CFI_BRK_IMM_BASE 0x8000 +#define CFI_BRK_IMM_MASK (CFI_BRK_IMM_TARGET | CFI_BRK_IMM_TYPE) + #endif diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 0529fd57567e..17b083b683f4 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include @@ -990,6 +991,37 @@ static struct break_hook bug_break_hook = { .imm = BUG_BRK_IMM, }; +#ifdef CONFIG_CFI_CLANG +static int cfi_handler(struct pt_regs *regs, unsigned int esr) +{ + unsigned long target, type; + + target = pt_regs_read_reg(regs, FIELD_GET(CFI_BRK_IMM_TARGET, esr)); + type = pt_regs_read_reg(regs, FIELD_GET(CFI_BRK_IMM_TYPE, esr)); + + switch (report_cfi_failure(regs, regs->pc, target, type)) { + case BUG_TRAP_TYPE_BUG: + die("Oops - CFI", regs, 0); + break; + + case BUG_TRAP_TYPE_WARN: + break; + + default: + return DBG_HOOK_ERROR; + } + + arm64_skip_faulting_instruction(regs, AARCH64_INSN_SIZE); + return DBG_HOOK_HANDLED; +} + +static struct break_hook cfi_break_hook = { + .fn = cfi_handler, + .imm = CFI_BRK_IMM_BASE, + .mask = CFI_BRK_IMM_MASK, +}; +#endif /* CONFIG_CFI_CLANG */ + static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) { pr_err("%s generated an invalid instruction at %pS!\n", @@ -1051,6 +1083,9 @@ static struct break_hook kasan_break_hook = { }; #endif + +#define esr_comment(esr) ((esr) & ESR_ELx_BRK64_ISS_COMMENT_MASK) + /* * Initial handler for AArch64 BRK exceptions * This handler only used until debug_traps_init(). @@ -1058,10 +1093,12 @@ static struct break_hook kasan_break_hook = { int __init early_brk64(unsigned long addr, unsigned int esr, struct pt_regs *regs) { +#ifdef CONFIG_CFI_CLANG + if ((esr_comment(esr) & ~CFI_BRK_IMM_MASK) == CFI_BRK_IMM_BASE) + return cfi_handler(regs, esr) != DBG_HOOK_HANDLED; +#endif #ifdef CONFIG_KASAN_SW_TAGS - unsigned int comment = esr & ESR_ELx_BRK64_ISS_COMMENT_MASK; - - if ((comment & ~KASAN_BRK_MASK) == KASAN_BRK_IMM) + if ((esr_comment(esr) & ~KASAN_BRK_MASK) == KASAN_BRK_IMM) return kasan_handler(regs, esr) != DBG_HOOK_HANDLED; #endif return bug_handler(regs, esr) != DBG_HOOK_HANDLED; @@ -1070,6 +1107,9 @@ int __init early_brk64(unsigned long addr, unsigned int esr, void __init trap_init(void) { register_kernel_break_hook(&bug_break_hook); +#ifdef CONFIG_CFI_CLANG + register_kernel_break_hook(&cfi_break_hook); +#endif register_kernel_break_hook(&fault_break_hook); #ifdef CONFIG_KASAN_SW_TAGS register_kernel_break_hook(&kasan_break_hook); From patchwork Fri May 13 20:21:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849386 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A71A6C433F5 for ; Fri, 13 May 2022 20:26:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=bh/JOyr+VMBiunwqKh10RFwNk7ghu3VNx+Oj8AeUXrc=; b=BEWNQXG6KzzB3czdtOecEOJGcf jrADzHNDF78nzrWL7H9NTWiHLBI8mXLPU6mfi+P3C5BZu97+5AqVM3wpMWFA+ttDJVhePekbOxSHZ aWnYrnKYZ1t3GA4VZ6sBXUPY8byAc0dw/aYWkBAmIaOq0+gimwhscx1t8FTayAj6YaS8YSI6Sl7iQ wIBeHatJWsBu3+KtGA4GJhRoLSN5i3RmLqdSUisfr07KoAIr7crDAR6/W4Rci0YE1lk4XlH3oQN9R 66Ijaa0K3FpEVJaCnqzxz80J5a2UEMtrxO/AuU5gPuAMfBjZY6e9QJzkoWJaVXM7QzpwW2WS1o5AZ ABPBOMBg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbqd-00HSis-9I; Fri, 13 May 2022 20:25:16 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbnx-00HRJc-2l for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:30 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f4e17a5809so81517657b3.2 for ; Fri, 13 May 2022 13:22:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=hVI2H0xnZ7RmL/u8CtkGkcPsuty3huMjT1xVoaokMS8=; b=ChOWWSpwlZWxcJIQ+SaNXPfO7pMlQzZbg6m7xZvVehWYTAEfesAlK2rfgMl6kKYUJZ PC88MEu08ggaydfb7OYECcrn2NOkrMNmn4eblAgc0zmX5VRvl27k7SoIFReIQfZLRN8r Xj+i+6O7FRCzR9R40JANUSe2JsNQtPUVmZ6bmpUImk/RWRvp35IAvOEg1QHOncWHWOnk XFPQyfBLs72a30aa6J5tmiMLgoA9h+0MOtVMP6BgtZM14sSGVY6sTiFi8Kp9sHcbO8mr 6JuTiZzANlnMwoHHFhf4NoXoBBK3TW7AygfM2wKUm2o2ehKVgRxQJX1O8ZfSyi07I/GC 15xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=hVI2H0xnZ7RmL/u8CtkGkcPsuty3huMjT1xVoaokMS8=; b=RAuxG6SCF9nYUgjGdz9n1+u4rmGbpeqGDa/J4NfUiYzEPq04A4wplrM27nGB3yqmlU h6jjBUMkN+jQHvhaD3B0dU3vUY54gMW5PQ/B6b7U6HaEFlW1krg+icNiq3es1Q6avE0w Nahntv/SdE+yw5QxqEPyxrk6J3JGbxhFy+ReQn99xtDqSC2sOTG5m91bZXyfST1AScCJ IPYYTfr/WHrrPzrZmOmOTJbdHIZJQMQp1Hlh7HZkdV1bZVJKcTJF7FKWPJS8W2Iqn690 htKsG4hlOYyrMiLy8AhiOIqTTn32twI6VPyh/OrBLfguPthXwenaew05cQWAtfgtq2Li xaEQ== X-Gm-Message-State: AOAM531kHTNNAuKp/VSzP7MxYFsscHTKC6rbTPPVntYbp2vFHZ2anVhh Y9wsQk4f5wCjUN+Uer2g6X4cGMYPmq+n78HWaMU= X-Google-Smtp-Source: ABdhPJyXOQ8uvyWPL+12fGNZws/BE5YW9i9nX3hNgx2mGOV+806AxTC5RpGIfedu/1NbCFyEdmO58l9WKRQjRyjzaEE= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:6407:0:b0:64b:4b88:a3a1 with SMTP id y7-20020a256407000000b0064b4b88a3a1mr6935792ybb.320.1652473347761; Fri, 13 May 2022 13:22:27 -0700 (PDT) Date: Fri, 13 May 2022 13:21:49 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-12-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2335; h=from:subject; bh=UQlGPlwtYybM8FEAV0vACm4HLycz0znjf8+xx6gkTx0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3knoHGJRQ8lklk1VH0eWFsW6jNYP2xh19dScd+ EuJIIM2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7kRSC/ 42vBryC3ccOIXP/usmo03Al21Qca5sIegalwVHuJV+choTcYrlXsVgpXmKEbgvi0MOdXz7P2uXwf6N ZMqBuYr2/fS7MiuRb0lv3fUxcWTBSlLokzEKszNO55+3k1A2+OaE1jGDM26vzTk4E6f/ehXixU/lmb EPwPWGqa6vrC9QuGN0TOqrJw9h6RZh7EmB5kzUNvXQx0dPN/t0h4qyIufAjODvsE/Umg2MZ+NwqIww SXHqyzYZeaEY3pxLTbJ2FC9WvJaK/LnVAtWGuvmNdvdTjHq7ly2b3SVz/5el1sPLp+v5ZoAZ1C6wF/ HeIsnn2jx/Mk2gb7IcxRwxwtMZjrnTDW9lfq/d0TDHhReaCXOqEWfwE02+h7xRT+xyVP0J2XVbpUK4 KbUE3kdbMCFdQidVvRFCZlCYl5UbTml8VKUW+GZu1taVIPo5a9jIUwUHJXhrLhxKRfAWWFnz5DnB2g vTke5m0gcOVH/HeP/DAQgo3aqLyGnKoS8NlOfBBSnEqmc= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 11/21] arm64: Drop unneeded __nocfi attributes From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132229_145237_CE4E49D5 X-CRM114-Status: GOOD ( 13.54 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With -fsanitize=kcfi, CONFIG_CFI_CLANG no longer has issues with address space confusion in functions that switch to linear mapping. Now that the indirectly called assembly functions have type annotations, drop the __nocfi attributes. Suggested-by: Mark Rutland Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/kernel/alternative.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index 6770667b34a3..ca0140d0b8cf 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -143,7 +143,7 @@ static inline void cpu_install_ttbr0(phys_addr_t ttbr0, unsigned long t0sz) * Atomically replaces the active TTBR1_EL1 PGD with a new VA-compatible PGD, * avoiding the possibility of conflicting TLB entries being allocated. */ -static inline void __nocfi cpu_replace_ttbr1(pgd_t *pgdp) +static inline void cpu_replace_ttbr1(pgd_t *pgdp) { typedef void (ttbr_replace_func)(phys_addr_t); extern ttbr_replace_func idmap_cpu_replace_ttbr1; diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c index 7bbf5104b7b7..e98466bab633 100644 --- a/arch/arm64/kernel/alternative.c +++ b/arch/arm64/kernel/alternative.c @@ -133,7 +133,7 @@ static void clean_dcache_range_nopatch(u64 start, u64 end) } while (cur += d_size, cur < end); } -static void __nocfi __apply_alternatives(struct alt_region *region, bool is_module, +static void __apply_alternatives(struct alt_region *region, bool is_module, unsigned long *feature_mask) { struct alt_instr *alt; diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d72c4b4d389c..af78dcacf9fe 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1596,7 +1596,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry, } #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 -static void __nocfi +static void kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) { typedef void (kpti_remap_fn)(int, int, phys_addr_t); From patchwork Fri May 13 20:21:50 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 47024C433EF for ; Fri, 13 May 2022 20:38:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=sbegeUN7/+ysx2jW/tXgHX6DzY1QJfUTnbPJ3XHM27o=; b=RFl5+3R4a+F2I/4AuVtuUbI8aq HaWKJAOLZducb5sJVHG9ESNS+aycE2jdTkzArtE8PTozPckHVr8xaFF4nVV7Sckzii4wFKI7roLB8 5V0xV0ck4epNDrFYRLEKotDp0i+d1a6iiGY98Z4mJYogA8AObizS8+S/VsEeE5e0E+PX+PCwxyftY ILbISGaRK3xc2JQNBrkwEKZyHyWDsOROOgI5EiWvMwAUewDKJeTTllb++0RlqoXr8L+A6wRUIoWFL 7g7sTQ3u4c0yEhZLkIDdIados4HfPw5xeNW41hrPQPFUjEC7WUnrAI6WwzL6KOAq6AFI+AN5A8UAC B5tu8s3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npc1p-00HYHG-CQ; Fri, 13 May 2022 20:36:51 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbom-00HRn0-5C for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=pKueGfTY/goVznJAZHYRfYoVZQS7FwsuWNl2D1WQxOc=; b=FCarHmg8iTbhvHIpfcolBur7Kt LgXbye5SR4i5zeKOeTY5YVFBksBHS3ykt1y13pNNG4am/oAjYLSnRK8Nm1LDg7Ry9tzr8V7lKm7Nj C46rpGFePr0LeJaK27PoG0MZQPgJJtObUoUpsC0A5kqvFgBc2rIF1q9aj4K7aFXS5ajmt5Y0l4I41 gxwXzQRa1dephCiR0xceHzIQpK7qK7XY0ICF3f1CS+N/tks00DzUWnPVp1oapavrprXEjvIKW29q8 DVl+pWzBVO/lCSMffVbbltz2ieT/2z213BwxOE11ku4yR8Kp2KSNpEqJqx/R9SS3WcNvRwNGq5BJY ze8fZf8g==; Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboN-0006FV-Hg for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:23:06 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f84aeb403fso80743967b3.22 for ; Fri, 13 May 2022 13:22:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=pKueGfTY/goVznJAZHYRfYoVZQS7FwsuWNl2D1WQxOc=; b=AicD+aVMHbyUQgelDu/u1R/RkuImfZ3NGDh4a/dhInL4LzdUJxQBUWHXlNlcacf0eI CegXrZ2hbEYHxCUPYInEXPizy12BBQI2p1qyscoH6IJ4i67DbcWl83hZ0URoR1t83ocY c46yJ7P8M3Or0ilkvKBy91bhCu6kDnwYsiF04Im92neNmb6JP6jzyBds6Mv6f8qqAhbl oITe/nj0cScYIxxAw+C2IhHsj3Xs9ByKn4k4SHBna424pWvxrFdSR/60KXeg7yESas/W iOC1TWXB+03qjcnLDnZSLHddRJ8TkQYFlQZLdByDZojTADJhNpC7XlLuaG4fErPLqiX2 soxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=pKueGfTY/goVznJAZHYRfYoVZQS7FwsuWNl2D1WQxOc=; b=tMFfMV8S8pfUm5yVksENFfQvgxi74wDFoE1YbN3tKCZIaWX+BoMZwKA3Kx0O0smIFm lSTLPax7uY9UCp5xUK4Y3MGUSa2hl81tnbnZx9QjEK/iEaRTZQDY2eKDedsy10BVqbP/ wPUazW47RH2XK8qHAwxVFVAaMdzQFDzLd3wxwhP4Sovs/vsXRNq68wEhNZJueICOrynD yvhCS2S/lSxHph/HDbrEylt4lky3IJFhMi4rVrmnb6L8xp3fDyC9DUa+6R1x8PKpDljy B2QhUEBOpfc7A34G9AlXHgeWHiZEG4q86fF2+qrQIrstNeFMeCCZH7v31FLjtK5U3TIe j3vQ== X-Gm-Message-State: AOAM5339BA7IIqE6mRoJMii5Fdd7Cg1CgPuiKeISZZElLj3IvRl16Tl0 BzRho7Vh06X7B3IBz4qJI/qMpWrgiLds1z3R+88= X-Google-Smtp-Source: ABdhPJy5NerZ1QnDRY0rssJnyjhliebRM5u8sYM6yAbU5xicftCyA+akr+zUPpxv5UkC8ZHwoVf/gQSETw7HtPBynIE= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:1f85:0:b0:64b:a5fc:e881 with SMTP id f127-20020a251f85000000b0064ba5fce881mr3747683ybf.514.1652473349990; Fri, 13 May 2022 13:22:29 -0700 (PDT) Date: Fri, 13 May 2022 13:21:50 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-13-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=8359; h=from:subject; bh=GtdEXeDqgjL7YUExR6pdSdJ+hG7BYB7rjNpqb21+UBA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kPJP7OmlNlPlbiAOhG3bHnMXk3ULzMmONyfdc R6B9+SOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7gLlC/ 9ZqJK6Kjg5kn0Elz0CwXBy+P8cvualdfbnv3PcNfhsDu066XR3fGQzuwjfeTr0eiD/FRQZ7YUprO8d jcsKq+FhrcyaqCWDqG2iGCsZTMBWsYjsfakU0qhXmG3kTJCtm/tg09JcqIJW5CkA7k2lYo8c694yFt qbUJDc2cvKyZAXyO0EhZvHWc0I6H7b8rj1tpJmEgmEtCWqxAAyYAOdDsFBZC5tIEe41ao4EfDqxdd7 kKSabDZgPqthIulZjR+830BQxel97CM4e522nqvu10rk5bVTjilOfbX5B9JxHNALN4a6NhBRNjHVi4 iI04qnAKyKPXlXOoqvJuhTAthCuHBKhRTzqQ6yhQK3SBwxL37jqittFUoRUBzEQeGP2ufp6vVAn0dk NjiZ7sAd8rp2L4G0AzwgXsZPKJmuhj+8wexLnS8d8xz2eCFnz6WdTJB0s56pSbW7x9EJfbeoBjFsjd TxOe937WNZgFvk6Fl01Q4sJ7g6aZbD+3bgbs4x4K8HjEs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 12/21] treewide: Drop function_nocfi From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212303_754523_1E8D6E63 X-CRM114-Status: GOOD ( 18.99 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With -fsanitize=kcfi, we no longer need function_nocfi() as the compiler won't change function references to point to a jump table. Remove all implementations and uses of the macro. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/arm64/include/asm/compiler.h | 16 ---------------- arch/arm64/include/asm/ftrace.h | 2 +- arch/arm64/include/asm/mmu_context.h | 2 +- arch/arm64/kernel/acpi_parking_protocol.c | 2 +- arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/ftrace.c | 2 +- arch/arm64/kernel/machine_kexec.c | 2 +- arch/arm64/kernel/psci.c | 2 +- arch/arm64/kernel/smp_spin_table.c | 2 +- drivers/firmware/psci/psci.c | 4 ++-- drivers/misc/lkdtm/usercopy.c | 2 +- include/linux/compiler.h | 10 ---------- 12 files changed, 11 insertions(+), 37 deletions(-) diff --git a/arch/arm64/include/asm/compiler.h b/arch/arm64/include/asm/compiler.h index dc3ea4080e2e..6fb2e6bcc392 100644 --- a/arch/arm64/include/asm/compiler.h +++ b/arch/arm64/include/asm/compiler.h @@ -23,20 +23,4 @@ #define __builtin_return_address(val) \ (void *)(ptrauth_clear_pac((unsigned long)__builtin_return_address(val))) -#ifdef CONFIG_CFI_CLANG -/* - * With CONFIG_CFI_CLANG, the compiler replaces function address - * references with the address of the function's CFI jump table - * entry. The function_nocfi macro always returns the address of the - * actual function instead. - */ -#define function_nocfi(x) ({ \ - void *addr; \ - asm("adrp %0, " __stringify(x) "\n\t" \ - "add %0, %0, :lo12:" __stringify(x) \ - : "=r" (addr)); \ - addr; \ -}) -#endif - #endif /* __ASM_COMPILER_H */ diff --git a/arch/arm64/include/asm/ftrace.h b/arch/arm64/include/asm/ftrace.h index 1494cfa8639b..c96d47cb8f46 100644 --- a/arch/arm64/include/asm/ftrace.h +++ b/arch/arm64/include/asm/ftrace.h @@ -26,7 +26,7 @@ #ifdef CONFIG_DYNAMIC_FTRACE_WITH_REGS #define ARCH_SUPPORTS_FTRACE_OPS 1 #else -#define MCOUNT_ADDR ((unsigned long)function_nocfi(_mcount)) +#define MCOUNT_ADDR ((unsigned long)_mcount) #endif /* The BL at the callsite's adjusted rec->ip */ diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h index ca0140d0b8cf..8fa4cfbdda90 100644 --- a/arch/arm64/include/asm/mmu_context.h +++ b/arch/arm64/include/asm/mmu_context.h @@ -164,7 +164,7 @@ static inline void cpu_replace_ttbr1(pgd_t *pgdp) ttbr1 |= TTBR_CNP_BIT; } - replace_phys = (void *)__pa_symbol(function_nocfi(idmap_cpu_replace_ttbr1)); + replace_phys = (void *)__pa_symbol(idmap_cpu_replace_ttbr1); cpu_install_idmap(); replace_phys(ttbr1); diff --git a/arch/arm64/kernel/acpi_parking_protocol.c b/arch/arm64/kernel/acpi_parking_protocol.c index bfeeb5319abf..b1990e38aed0 100644 --- a/arch/arm64/kernel/acpi_parking_protocol.c +++ b/arch/arm64/kernel/acpi_parking_protocol.c @@ -99,7 +99,7 @@ static int acpi_parking_protocol_cpu_boot(unsigned int cpu) * that read this address need to convert this address to the * Boot-Loader's endianness before jumping. */ - writeq_relaxed(__pa_symbol(function_nocfi(secondary_entry)), + writeq_relaxed(__pa_symbol(secondary_entry), &mailbox->entry_point); writel_relaxed(cpu_entry->gic_cpu_id, &mailbox->cpu_id); diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index af78dcacf9fe..5dbe381670a0 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -1619,7 +1619,7 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused) if (arm64_use_ng_mappings) return; - remap_fn = (void *)__pa_symbol(function_nocfi(idmap_kpti_install_ng_mappings)); + remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings); cpu_install_idmap(); remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir)); diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c index 4506c4a90ac1..4128ca6ed485 100644 --- a/arch/arm64/kernel/ftrace.c +++ b/arch/arm64/kernel/ftrace.c @@ -56,7 +56,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) unsigned long pc; u32 new; - pc = (unsigned long)function_nocfi(ftrace_call); + pc = (unsigned long)ftrace_call; new = aarch64_insn_gen_branch_imm(pc, (unsigned long)func, AARCH64_INSN_BRANCH_LINK); diff --git a/arch/arm64/kernel/machine_kexec.c b/arch/arm64/kernel/machine_kexec.c index e16b248699d5..4eb5388aa5a6 100644 --- a/arch/arm64/kernel/machine_kexec.c +++ b/arch/arm64/kernel/machine_kexec.c @@ -204,7 +204,7 @@ void machine_kexec(struct kimage *kimage) typeof(cpu_soft_restart) *restart; cpu_install_idmap(); - restart = (void *)__pa_symbol(function_nocfi(cpu_soft_restart)); + restart = (void *)__pa_symbol(cpu_soft_restart); restart(is_hyp_nvhe(), kimage->start, kimage->arch.dtb_mem, 0, 0); } else { diff --git a/arch/arm64/kernel/psci.c b/arch/arm64/kernel/psci.c index ab7f4c476104..29a8e444db83 100644 --- a/arch/arm64/kernel/psci.c +++ b/arch/arm64/kernel/psci.c @@ -38,7 +38,7 @@ static int __init cpu_psci_cpu_prepare(unsigned int cpu) static int cpu_psci_cpu_boot(unsigned int cpu) { - phys_addr_t pa_secondary_entry = __pa_symbol(function_nocfi(secondary_entry)); + phys_addr_t pa_secondary_entry = __pa_symbol(secondary_entry); int err = psci_ops.cpu_on(cpu_logical_map(cpu), pa_secondary_entry); if (err) pr_err("failed to boot CPU%d (%d)\n", cpu, err); diff --git a/arch/arm64/kernel/smp_spin_table.c b/arch/arm64/kernel/smp_spin_table.c index 7e1624ecab3c..49029eace3ad 100644 --- a/arch/arm64/kernel/smp_spin_table.c +++ b/arch/arm64/kernel/smp_spin_table.c @@ -66,7 +66,7 @@ static int smp_spin_table_cpu_init(unsigned int cpu) static int smp_spin_table_cpu_prepare(unsigned int cpu) { __le64 __iomem *release_addr; - phys_addr_t pa_holding_pen = __pa_symbol(function_nocfi(secondary_holding_pen)); + phys_addr_t pa_holding_pen = __pa_symbol(secondary_holding_pen); if (!cpu_release_addr[cpu]) return -ENODEV; diff --git a/drivers/firmware/psci/psci.c b/drivers/firmware/psci/psci.c index 6554bf4b8c99..16a1daec8cd2 100644 --- a/drivers/firmware/psci/psci.c +++ b/drivers/firmware/psci/psci.c @@ -334,7 +334,7 @@ static int __init psci_features(u32 psci_func_id) static int psci_suspend_finisher(unsigned long state) { u32 power_state = state; - phys_addr_t pa_cpu_resume = __pa_symbol(function_nocfi(cpu_resume)); + phys_addr_t pa_cpu_resume = __pa_symbol(cpu_resume); return psci_ops.cpu_suspend(power_state, pa_cpu_resume); } @@ -359,7 +359,7 @@ int psci_cpu_suspend_enter(u32 state) static int psci_system_suspend(unsigned long unused) { - phys_addr_t pa_cpu_resume = __pa_symbol(function_nocfi(cpu_resume)); + phys_addr_t pa_cpu_resume = __pa_symbol(cpu_resume); return invoke_psci_fn(PSCI_FN_NATIVE(1_0, SYSTEM_SUSPEND), pa_cpu_resume, 0, 0); diff --git a/drivers/misc/lkdtm/usercopy.c b/drivers/misc/lkdtm/usercopy.c index 9161ce7ed47a..79a17b1c4885 100644 --- a/drivers/misc/lkdtm/usercopy.c +++ b/drivers/misc/lkdtm/usercopy.c @@ -318,7 +318,7 @@ void lkdtm_USERCOPY_KERNEL(void) pr_info("attempting bad copy_to_user from kernel text: %px\n", vm_mmap); - if (copy_to_user((void __user *)user_addr, function_nocfi(vm_mmap), + if (copy_to_user((void __user *)user_addr, vm_mmap, unconst + PAGE_SIZE)) { pr_warn("copy_to_user failed, but lacked Oops\n"); goto free_user; diff --git a/include/linux/compiler.h b/include/linux/compiler.h index 9303f5fe5d89..80ed9644d129 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -203,16 +203,6 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, __v; \ }) -/* - * With CONFIG_CFI_CLANG, the compiler replaces function addresses in - * instrumented C code with jump table addresses. Architectures that - * support CFI can define this macro to return the actual function address - * when needed. - */ -#ifndef function_nocfi -#define function_nocfi(x) (x) -#endif - #endif /* __KERNEL__ */ /* From patchwork Fri May 13 20:21:51 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849486 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D2BCAC433F5 for ; Fri, 13 May 2022 20:39:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=P1LGAYcF+KWlFM8usydCU4dW6v48v3TpMFlkipaVvlE=; b=M473xl8CAhljq7WpwNBSCC2Rch XKso3snCst0q/0BrdMPjPwWHJdkXDZWp4XSCE3mKU3ClQ6/NIbC+jpCZ0Rd3Q0UiXzCsf0LOExcsz uB6CP3EfxYFNoAWy1aCNrlY8onkfZGtL03dJu8HGNe12C47B0sEMD3oTC4a49X/+JPhevO8dCnqqi pRGCd7DC78QuzqHh6viOw+V2nSgcMqqELGZ10jx6GBb1mRqFTVperHnBXK2Sez+f7NtsHjxGc8UWD 6sXdsbnjKkFkhTaS8GMiuCFsfKJrjvGqw2OAKXrW7muA0ZAT18t6NJJIaMz0GkDFi1Hu3s9uEPdeC pc7dD5pA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npc39-00HYpP-Lq; Fri, 13 May 2022 20:38:12 +0000 Received: from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbos-00HRpj-DH for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:23:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=A+7QPiSqoa8uHCAaz7cWSuhzWOaNl1zZwhVwOmSdW3Q=; b=p1gD4cRNTFELSszKb/q6a+Rt7J dnzVm1MZKdYCZqJnWuRld8yHOmlhQ8yWMFlo7pLzKA+KuVKHojNVPdxAWpZVNaMyeYp0LQZ/tosfB QA/xiWCIq4JFUvQ0gkIciB9OCkLfLBdSpaN5xjnvpOjA9PvrADYQU7jorufUvPShwJG60Uefm134L RLyjVUZKx39/oE2jUpZikgHAAQtrLMr28uli6Udw2pG9ROQt7V2TZDUJGVlB176grvOeyJl4AILPy Z0Ns58VW+XYD/Ficp1jedDqqWEHAmiajoPdWp1iZHw2GdSfb4YNhlUGuo0DgIPVigaFeW05tJfLz4 Kul/xuxQ==; Received: from mail-yb1-f201.google.com ([209.85.219.201]) by desiato.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboY-0006Fq-KU for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:23:17 +0000 Received: by mail-yb1-f201.google.com with SMTP id b6-20020a5b0b46000000b006457d921729so8203560ybr.23 for ; Fri, 13 May 2022 13:22:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=A+7QPiSqoa8uHCAaz7cWSuhzWOaNl1zZwhVwOmSdW3Q=; b=eoneec1qCPJ+mzeLTO/26o4Gge0cWT5SAiGzbalPj2kajo6F/0cY+hXNaJV6/r+1ew Y6uGiwZLXUyodzZ8UYO/n8YLOsl89RGDclgPhS6fxgoPf/o7am8+mqu4bw/b3L+/Yuyi Cc/OaxzJLjKECCzrQRpdRnOuumBxE4idnbmxYj0GGrcjayFmVVo2gRU+pSIAIGWkmF0a 3GrUoXzWAOrstvsKGj3Hh/ia4A/Gbuk8XwS8MbQH/z19h/yMUcGvuCm84jFLSCi6XCzG qcVtZMwaKqUWyqXG9PrxZtGErnPUmFAsNBu4fvRjKv6v93XufMYo0X2ugGmnuiRsSDsp gASQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=A+7QPiSqoa8uHCAaz7cWSuhzWOaNl1zZwhVwOmSdW3Q=; b=3zSRFLH7e8WCo+Yl/WINGW69fMFajHwPaJ0kvbzImWcBox9opSNQlKyT911UtB9nR3 KXeb8tFndO/476MDZESLf+9aXdz9rxjnIVxrqayBYJ3SqIAZbABzN4URF04t3THw81IY ZC+UYFPuRSyhsOteUGujp13kP0eRS5w+qi+YuJ8RpCeGQzu3CG4K9i2cqOcpJX3dy6BQ qhWnfK514WCcIJkQnfD3IPLRG32hf0q+nHvEoMidhaZ+MvFV1Yc/PrDnX9mEZJ4AuA3E 29CavAcGeWquHCF3HB6X/i4uN0ce0zWL2+nVtXAfB8d8GX231FVMQyBr/wnsKnUiCUZA rROw== X-Gm-Message-State: AOAM531AtervUP5u+j8I33rIxuEw9TZSkjSLpHOxacw1GEpSoE2+ETB0 Ak0Qz6JphJvF32eqSh6yjMarO2KnLlh24PcYHVA= X-Google-Smtp-Source: ABdhPJzvGknJQJvJIOdsshYzjyQxItMWAOO5KzitzyEuNvSreyd+VCQrAAW9GnGKTwHoKx86rGgma5rzRyc5taV0BnQ= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:3685:0:b0:2fb:947b:5247 with SMTP id d127-20020a813685000000b002fb947b5247mr7593917ywa.64.1652473352269; Fri, 13 May 2022 13:22:32 -0700 (PDT) Date: Fri, 13 May 2022 13:21:51 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-14-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2492; h=from:subject; bh=O+VMkemg5E90usG6SsfLEV+HTvQnGaBlMMBcrxqTesI=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3kE9sw78o8+eJw34YnMmYuK157n4APskm6j4x8 RWFsHcaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695AAKCRBMtfaEi7xW7nURC/ wOdNWBO3UhCkvlEOcn4eL9iiDgGLHqd+ms7km80Bh8LZzW9sOnnlG3t3vRb52kdG5VEXtgkxioGv41 xDP0vHe/60Dqza8pTAK6oUDwZ9oravnzAdveNeysGT+iWwn6o+1PlLzaJmMM1WHiNJunt64I1Frt7l MG+kykOaX8IOtuUHQGbZHWos22oiPy9qAluaUwvZuPOkfOfDaZILICUJ+aOVo0YsM8pziu05P1lMyZ S6JU5H6j9BiCebv0Fc2EqSsSN5gNHjaRWhPBzA5au10tr+30q+wOqa1BHCK8mMAkmGTFUQZsKOfVyJ OcIxdboVGgRVBnDBRJCMZ8aytWoWx0G6HlaYhqS/WvOC1C4QDVu1DaIIC7FFX3v7KJB+D8zmwf7Tzo BbojzcBBfnmu6tJIxx1uUPt69XNi1OBt4xpbkBA8+eLJ4X7gmJouTVZo8KFUFQJeB6mF8MYQ1ttzhr h0OWEF+nFaDfGtzLvSL23nOGQJx8DP5aI9DLAbnTGhKs8= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 13/21] treewide: Drop WARN_ON_FUNCTION_MISMATCH From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212314_901179_20C22C2E X-CRM114-Status: GOOD ( 15.21 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org CONFIG_CFI_CLANG no longer breaks cross-module function address equality, which makes WARN_ON_FUNCTION_MISMATCH unnecessary. Remove the definition and switch back to WARN_ON_ONCE. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/asm-generic/bug.h | 16 ---------------- kernel/kthread.c | 3 +-- kernel/workqueue.c | 2 +- 3 files changed, 2 insertions(+), 19 deletions(-) diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h index ba1f860af38b..4050b191e1a9 100644 --- a/include/asm-generic/bug.h +++ b/include/asm-generic/bug.h @@ -220,22 +220,6 @@ extern __printf(1, 2) void __warn_printk(const char *fmt, ...); # define WARN_ON_SMP(x) ({0;}) #endif -/* - * WARN_ON_FUNCTION_MISMATCH() warns if a value doesn't match a - * function address, and can be useful for catching issues with - * callback functions, for example. - * - * With CONFIG_CFI_CLANG, the warning is disabled because the - * compiler replaces function addresses taken in C code with - * local jump table addresses, which breaks cross-module function - * address equality. - */ -#if defined(CONFIG_CFI_CLANG) && defined(CONFIG_MODULES) -# define WARN_ON_FUNCTION_MISMATCH(x, fn) ({ 0; }) -#else -# define WARN_ON_FUNCTION_MISMATCH(x, fn) WARN_ON_ONCE((x) != (fn)) -#endif - #endif /* __ASSEMBLY__ */ #endif diff --git a/kernel/kthread.c b/kernel/kthread.c index 50265f69a135..dfeb87876b4a 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -1050,8 +1050,7 @@ static void __kthread_queue_delayed_work(struct kthread_worker *worker, struct timer_list *timer = &dwork->timer; struct kthread_work *work = &dwork->work; - WARN_ON_FUNCTION_MISMATCH(timer->function, - kthread_delayed_work_timer_fn); + WARN_ON_ONCE(timer->function != kthread_delayed_work_timer_fn); /* * If @delay is 0, queue @dwork->work immediately. This is for diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 0d2514b4ff0d..18c1a1c09684 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1651,7 +1651,7 @@ static void __queue_delayed_work(int cpu, struct workqueue_struct *wq, struct work_struct *work = &dwork->work; WARN_ON_ONCE(!wq); - WARN_ON_FUNCTION_MISMATCH(timer->function, delayed_work_timer_fn); + WARN_ON_ONCE(timer->function != delayed_work_timer_fn); WARN_ON_ONCE(timer_pending(timer)); WARN_ON_ONCE(!list_empty(&work->entry)); From patchwork Fri May 13 20:21:52 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849436 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 50EB5C433F5 for ; Fri, 13 May 2022 20:32:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=dXhgLxYkBe/PevoqxoXkrKGkyZvyRFL4jL/OfHhTN8E=; b=a3OZ1EI2IYZqPIZFU9gjm0uX1M kxQCxG8RCUZQ1gDwFpDwv894BdEI1s0djUkSPv9xoYtiN7r0gtywnhT6jCh9D6OQVRPXKSt5MVDrx juGd0RA04dGPl53tFRyY0NbUxhj6fBWulFR1M5+myOqvyFoGD+1PKLdlBaZB3+zoEar+JeygLUTgq LNiib1Oss7F/gkQXIVf7HZXNlcLNwQF+PXeh3hthNvSVDui+HpIB70EDDVgSHEJq2XOj7B7mp4J0a IjIR+XzZNsoL+GhF2VQ69pkY3b7ijD47jrzSKkrMDPa6OR9Mq53/GAmRansOpm8BIKjkqMkzqHQK1 baSQxYpA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbw3-00HVoc-CW; Fri, 13 May 2022 20:30:51 +0000 Received: from casper.infradead.org ([90.155.50.34]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboM-00HRZW-Hi for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:22:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=ZCzpPwz0WdrY6BfkeL81XAsKV8wn1SlQoxjmwZ5/Gig=; b=o0ii+Y/6Lvkt15fBzWmEJuQkvx m8O2ayGiOUhrVYZPGqvmxrl3ECflqga1F8aW74mvJXJm0sbUUWCXkfUMx6vrgeu3QnyzIq4QOvx02 wWggy0aUucjXAZ6yCNMhIgeUUkVMBVhHiIpHwx6s4FF7gbMWdoRXBZREgk7achptRBcX8K2MaWlHj H0rIcSN+zh5f9o0L1pvqBVw3nyx9YoAm0xtX3aFruA2jmji2VLfXsOFgSyTi7TFNjqr5gdUDRz4/p 9xT6/fzvHxOdmRpdUMSEBms2DJK8PTj1qhwjdolcT+uKMGOQm8dApeqWbndnbxhI66rTb+QOAMApu SGfvcUlQ==; Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by casper.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboF-007fIf-2n for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:53 +0000 Received: by mail-yb1-xb49.google.com with SMTP id b33-20020a25aea1000000b0064588c45fbaso8147939ybj.16 for ; Fri, 13 May 2022 13:22:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=ZCzpPwz0WdrY6BfkeL81XAsKV8wn1SlQoxjmwZ5/Gig=; b=HceXmTaEkp+ZKV12vL4SdGdkWcvgFkun09LtngiucUo4uOaqteWrC89nSX8n8KF4Mf zbFQUygsTyJ/9cwGEdvi8CB+UnSn1AFgPq0r43pT0ibJpLVodVsxquLgyGcsVsujaOSG H+4SDyFdBebZKV0i5cPpZFFV8XZbJ6ILCp6VFWVPxYYiTMv2PnZ7GkElEQEcxyCLaem2 gHZ1kSHq2SaN8UpO6x3mbvHgvKrmQwvQnZQNCh89RrLMZptVGCOTgCtXmsjtL4HQ01M2 wb+wm2+HBcRXx8kcsZslS2kTnasITkIwT25vPWYX5Bi9iZ7iAdVT+LYMv9R5Gw/JPljd d3Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=ZCzpPwz0WdrY6BfkeL81XAsKV8wn1SlQoxjmwZ5/Gig=; b=5QCXYNCD9WrOR2X1gFXCDT8WEziJ1PAd1bJ8gssug9VYYiOpoFmi4GY1aoVePTX+PU mMSOgO1X4nshQtZHmRabtUqpJESVNOFIxjegaKeUb/r19P82U1yYcfXBk4Q4DB1GrXAK z4QOFA7UKhoTYQ0rXoA12xN4jTnu+e0sq7ECfA0R3CeihYfAGyHc1IjHOTa7jKOk7vna I2x0GEiLgCr7HdizUwPiVvjUh85xBRqEBUSEHnlce4RPWUv+m2/xzpELqt02yZpArc/U WsUX5FioYw/HP6nCv6F9kQBLv9i3GCuq1uiWl1Vr+IOgg5np8tezjIqfkKcw2FOirFUo Bd8Q== X-Gm-Message-State: AOAM532bxhXKVNW37KAEzB9OrVmWMvqx8zt17jXGsSyjmXvOBFn8VcdM T7oW7ozdQgt0OU8W+Rc4Z9IHIFNxpfkbbTmEePU= X-Google-Smtp-Source: ABdhPJwjkOWXgmy/JxzpSMehnJkSuFF0D3wmLwLqRyg1T3zp4KGNDNlpSVncsIY2Ja7kEm5CrMJ4V6Sh37EDs4qk3Tk= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a81:1545:0:b0:2f7:b6d6:c486 with SMTP id 66-20020a811545000000b002f7b6d6c486mr7693703ywv.261.1652473354343; Fri, 13 May 2022 13:22:34 -0700 (PDT) Date: Fri, 13 May 2022 13:21:52 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-15-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=2028; h=from:subject; bh=Btj3XbJhA+i2nr8WkfyzaSMc7F2qnUf9voEPafSbHsA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lBRhm69f1gMiDJ9ChWdlEwjDHcutOztiRSiWd fHu6Rt2JAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7khWC/ 9DJejYBF4x70seHry7Yoz1+q2B5Kox5SdltfPtwsecQsxFcy4h5MQApJMlXdNaqyRQBiMdZ+NZ6WZr FFeaM1NATYX1I2v40aekvK8Y3DrMLfLqHyeh6b/6Td2ThG0FVX9xox+sbvNNgdd4oB7QUKlQHTLGhJ KkhsGb1eHUM0BAJXuL8UFnaMmR5SKWnHGk5ddNXgO/M4Kgt70iZYY8QdjS2FNRE/fsBrBb2f4FSVso +V4Z9MavzM8TkF6i2a0maWtI1R9EJTWioq/ppno0q36dBGTx+KUHpGsc6Jb8QQ0i/kwc+MNzEacy7u b5gU0t6+N1QBu1zpBj/NwgNFSsfVWPPHVKnJrfZC0hXMWa9Dz4ShzwhdiNIYYhCo/7awGZfdfPk9j6 mbCe5BZBHOMd5zXf5zDRGH/eV1z2P+dxCeUSlndkKrwKYfjIBXAJOaMBrrwszg6NzP0QCiYZDluLKX DFBRz/Brl+FE12I0FWpbGPaAYnZN0/uoF7o/8C7lAGqpw= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 14/21] treewide: Drop __cficanonical From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212247_169993_32EFFB74 X-CRM114-Status: GOOD ( 12.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org CONFIG_CFI_CLANG doesn't use a jump table anymore and therefore, won't change function references to point elsewhere. Remove the __cficanonical attribute and all uses of it. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/compiler_types.h | 4 ---- include/linux/init.h | 4 ++-- include/linux/pci.h | 4 ++-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 1c2c33ae1b37..bdd2526af46a 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -263,10 +263,6 @@ struct ftrace_likely_data { # define __nocfi #endif -#ifndef __cficanonical -# define __cficanonical -#endif - /* * Any place that could be marked with the "alloc_size" attribute is also * a place to be marked with the "malloc" attribute. Do this as part of the diff --git a/include/linux/init.h b/include/linux/init.h index baf0b29a7010..76058c9e0399 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -220,8 +220,8 @@ extern bool initcall_debug; __initcall_name(initstub, __iid, id) #define __define_initcall_stub(__stub, fn) \ - int __init __cficanonical __stub(void); \ - int __init __cficanonical __stub(void) \ + int __init __stub(void); \ + int __init __stub(void) \ { \ return fn(); \ } \ diff --git a/include/linux/pci.h b/include/linux/pci.h index 60adf42460ab..3cc50c4e3c64 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -2021,8 +2021,8 @@ enum pci_fixup_pass { #ifdef CONFIG_LTO_CLANG #define __DECLARE_PCI_FIXUP_SECTION(sec, name, vendor, device, class, \ class_shift, hook, stub) \ - void __cficanonical stub(struct pci_dev *dev); \ - void __cficanonical stub(struct pci_dev *dev) \ + void stub(struct pci_dev *dev); \ + void stub(struct pci_dev *dev) \ { \ hook(dev); \ } \ From patchwork Fri May 13 20:21:53 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849435 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0EAD1C433F5 for ; Fri, 13 May 2022 20:31:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=VndmEJgZeHH1tWN4B/mSrcghMcicpEHAsEQcAaoYV3o=; b=OTNMzS+fu8jOKL9Edlc0ESUjTR dUSOZmrZYnD2J1tCB+rTnWLyi4a4Wv/jSoNjIjhj0s4cMrfF6IwoXddhemU9wibo/reaNXCeO3Anq pvjr/buTVp/3WqPTRO0WcwaRKNTpG2dqyp3kSZEYWyFDsUy2VDyv14wB/wLWhBGTLL+pyPWX8XrRb 37Q3niejxGb0GEcJyjFQ6DwcX1ApH1I9SeMBD3odmpnnhTcXmVee3GdxVh8LFyoDCV6BxujoafSFh zDVPo219zy9uAlwEgTR9eLF9emHCowBEhGXDRkQ4/7oj1oP884KrxD8wj4xBPCE5eRZanCG7oknVj 8whrjW0A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbum-00HUyB-2O; Fri, 13 May 2022 20:29:33 +0000 Received: from casper.infradead.org ([90.155.50.34]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboM-00HRZW-8i for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:22:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=CUpp+eY1h6QavnLplUi4X+6IJ2Hw5l406MyPGXj9jyo=; b=E2sp4g6uIdVVGBwGpPRKNMjVbO CmS15r2mKOUuuoUQfDv5B4Jjjm14/8uivWRA31pDAUEbPQ/1ZxdjXLZSjcemOPC6Oei5zoP8kwHpF J1u8fJuB7JlFSljuWAW+D4B9jLhjw5Of0uEh6DXAovqQtH+F1x9yvhr200ZxllsT3SVzeOiYF886E d1VNTsUJQ8stKNlPnmevzlaAr2qtn2kIcjqB5u0thULWPdA41BEEY7w5V/F1WBq8gBa14k7iQBtwA HvxqA7ZsP0lAlMPd96RrMK2IHNIgqZ64kVgwg/i0gWV/G7QKaQavj7MK8mqyrStzv7RPAiJBoZmgf AMiqEvRQ==; Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by casper.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboF-007fIk-0q for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:50 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2fec016ade1so16370567b3.6 for ; Fri, 13 May 2022 13:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=CUpp+eY1h6QavnLplUi4X+6IJ2Hw5l406MyPGXj9jyo=; b=NJZvNrKMHoHE07itMseh//QkW1oZVG1hCm5Y34ki8iVp32X/fIOIG4pQrp41GoNIh4 4/vt1vqzEx1K7q8Je1+0mPg3QA9/Qy4ZitgvgWB49MQowYMC/cH9uxBIK5vAGqnAJXir ekRUxDpRjm8KyFj/cpyFJMcXI+ruO3K/yT4m+65BqWW9aWkxjK1EdSTA53QBrbcyXoNS kYAR4exBZhq7ge6oYG/Z6cHSKt7QKR+Doiv7NpqSnEwN9RmcMp8+U5jwfKld3dm3Ueuc m1oIjVLfuTjqn3YAQkcR4uVX8iEvvpOKWA5v+AX8LB6GAGLFkF96bW8ARNw1LRoAUfEV xF8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=CUpp+eY1h6QavnLplUi4X+6IJ2Hw5l406MyPGXj9jyo=; b=P7my283h5qwnILtZqwG83bMTzLx2mQHCTNYXuiQjh+zDHN51zDM0ShBA7mMmwqp05S YWW5RrqZ7AmfP9T1VwykOa4bU45T3YXeExqFOOmfKwUpHgaReT7ZwW6FGN11vTD8wO1/ Vlnh7dUId2wZggM89GUJS+3mBVvbfyUqRdDjAr2NjZvS94CPviQkJIxLraih7FgYFRGV 7HUeWna0Wh/q4/jKBCZZ044/Ry2pnTYxqMsAnIkQ7GVlDGslVh5N0/ug3HDxgF95c12h sLfDhKynmHc7KOyYbMP0dDdjyfIk5+B5g6Okjsx/hxAFJ8Q+sWD271GQYIXLGgW9+JMT f0qw== X-Gm-Message-State: AOAM532GKVYFECxQXvoVHLh1fccuq6EglVe9MQGmtXovW0FrOoEIHMCO 3m25gFGZ7MHv8FMQOhdpiOP8nj3dlrtcLfoNjEA= X-Google-Smtp-Source: ABdhPJz5wAuQU3zhvCRsK12hFWDISmsLfDtjrTPNI5RGXLBRze46095reNUl3lvy/7ZwI2ttc/rbo/qNH7jP9MYfta4= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:595:0:b0:648:dd02:7e51 with SMTP id 143-20020a250595000000b00648dd027e51mr6808309ybf.486.1652473356577; Fri, 13 May 2022 13:22:36 -0700 (PDT) Date: Fri, 13 May 2022 13:21:53 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-16-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1132; h=from:subject; bh=/4dgPteGbvoZ6Zm9ahP/RnJKty3E0+Ci/Lgu/Bn2E3A=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lEh9/nV290jJ4ehCHvPJOG78C323NH9UaWJCR 7UXQDEKJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7r1IC/ 95H/s3slv+1ghpDO8U01KIVSGedwc/9NJRp7/HlT/nHaySYRWxxRwR5AqeE42fgrLsMPiozLy0Gfxj rcr/Twts4H9ZFBUSI1zYQ2eKUgaBOvevjRwwMWpcW1O0FilrWNF8RIsot8ME7I9MbxjJrnOG+pHJfT NNyxQDi02C4LNomTPzVRftAmOwfSpPyodElQFeBS5iWwA3B0AiUhkh8E6mBsXlJDAtHQamg7yXPD5U EGcfAHyyTA/JVuvdvSJagxtTXU9AMwHPt4D9hltcduns8G8fsw8PbvIhCtYyN2+fBE5oNs5y8ZEGkY fy7lP7nBp/SfFw/JgNztUkvbE5Qk5zuC6DzVZwU6jIhMAYwyNs5FgeY1k7KCuSwHBPTrCyHxMjO35Z 65OmbzeZnKrCpwJNuLuoXnPZi6zFP7iUkZI0QJl8XSDLul8rQvLdrgPRrEnuJU2U4qxS2/n//iyqIy c0HZsESX2A63vEHvQWQsl/o6WsSYKsYPwxnyLskmJeO/c= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 15/21] objtool: Don't warn about __cfi_ preambles falling through From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212247_108306_79135953 X-CRM114-Status: GOOD ( 10.72 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org The __cfi_ preambles contain valid instructions, which embed KCFI type information in the following format: __cfi_function: int3 int3 mov , %eax int3 int3 function: ... While the preambles are STT_FUNC and contain valid instructions, they are not executed and always fall through. Skip the warning for them. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- tools/objtool/check.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index ca5b74603008..88f005ae6dcc 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3311,6 +3311,10 @@ static int validate_branch(struct objtool_file *file, struct symbol *func, next_insn = next_insn_to_validate(file, insn); if (func && insn->func && func != insn->func->pfunc) { + /* Ignore KCFI type preambles, which always fall through */ + if (!strncmp(func->name, "__cfi_", 6)) + return 0; + WARN("%s() falls through to next function %s()", func->name, insn->func->name); return 1; From patchwork Fri May 13 20:21:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849387 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 43C4FC433F5 for ; Fri, 13 May 2022 20:26:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=ikhPpi9dauJioj6sOMZ3DiSzRjQT6kVbTMxPZ7eeHgk=; b=sJMsqZ0jPJ3Lb+45WcYayUKI7e Pu2WIRY0dYb+NvK0L7+iQdkfjOGEp9jblbtC1bU1dfnpsjc0m0EwIJtbe6wwtb4Kh1i/2GX1yF9+h Keg3Gh5XTPsC8S2zu5PiyG4oVqcB8teXyQ3xVs4FJ+qsq/rd934f1jxx50p3MZTgAkuo6oKt2MkMt 6kP5egH9JjevN3eXLUOxYEpeTAWc8RYq/x9V1kBUrQYK69kWdV8/EzhqsX1QTVKLQmd97afOOEeFc L9ymf+lC9jokqFChLc0dY8F2k0TS2JiTN2+Ym/MmEbA6L95CUVjgtnT+HIwDdh0fYbkl1myfPkfss Xf/t4kNQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbr5-00HSvd-R9; Fri, 13 May 2022 20:25:44 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbo8-00HRTF-KU for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:41 +0000 Received: by mail-yb1-xb49.google.com with SMTP id d22-20020a25add6000000b00645d796034fso8239877ybe.2 for ; Fri, 13 May 2022 13:22:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3UaFU5xHj03sZsROlsGwfgYzXTeZAfKKB9B52UkHPts=; b=eCcXC8IEU4TE1wUZ9lhaNpCA7Z0h4DyMFY/4H5NAaxQsccUwtk8sjePd+x1NbczBs6 Ox0P0++T7xXz5z8piJI/aM8tT+OeVA8J6bK2UToqho+Fc+Jf0lOSPvXV6TI4oxl76/45 VD8MFSCK2J1gh7JhBYsOT8o7NGx4Dq5IWxRlcHwu1CzJOD2h09EjVCJnALkxcaud//td oKVpNJ15xxQ7Pw9VU1AfCY+U/VH0XOP1vOZXa4Tp/ktS5ehYSnGnGIW18Kvuu3tBr4ts LVkqDmg5dihnZSeWav46yeycpyXIgsAeDPyLDpaaOHDjpqxXJsukVeHoZb2bUIv6D4vd qCgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3UaFU5xHj03sZsROlsGwfgYzXTeZAfKKB9B52UkHPts=; b=hcDgqLTS7jomVF7t/gi/B8RL/0Gal0ZTmB88gCm8yhnhRzZ97ZsGoo5bsMQDRUb1lG MaNB47yTy9rAznntbMQiWkhORL492aGifjYgJGcNwRhF09Mbitpq0QxnDn6KiJawQc85 U+PuHDEgknv/cyC8e4qfbCCxutVJO0yQS4JcBHWLCxaU8qGjdLJqt6SB3FTnxAZEHWwC T+HUtqa6d3Lf0QQbGIBelYHm37EaNgpGLzEdl27n1EVKRcqUHutkcDgTMbXDfpO7DFSg jKWxy0oEeIzXFz6Wvh4PeyQMD4YW7cWvvCLQPjNTr1Or3RjNtQxq8lh2dbro6Z/keMQN o1hw== X-Gm-Message-State: AOAM533Fz9532MUyCR2DCQ++NFb1vpEnOqLjbAZDC67qC3Z1B3qpEGKz Z+ZTNnj+JW/ume12hYmmrUHBAoP92AQvfzML0kE= X-Google-Smtp-Source: ABdhPJy/Xry+6o5/aZvCnAuWwOtasUz4noL3K26Hbe2/oGf4osiyUIQJ54ZDIZxyv42DhCx7eptfqF9TiwS8lip9gso= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:7243:0:b0:649:1be0:5061 with SMTP id n64-20020a257243000000b006491be05061mr6561779ybc.597.1652473359022; Fri, 13 May 2022 13:22:39 -0700 (PDT) Date: Fri, 13 May 2022 13:21:54 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-17-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=641; h=from:subject; bh=BSMde0wfILoH9GAgh/AL2A0KfpejGhMH1EXBp0R87bA=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lS6DgGrgcdlTr4VdqCp+hJ4gok3CvQfxUBLVW A6LaMPeJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7gXFDA CHg4xEbmMadZBDqHqq0UEmifRbgTU4jfyD/g+/XScylIqJWRNr8acWg1Ez0oZ0wjApncrd0VTGbZOG N/N8qRTqHOujf3tWPFlD/3WoW4YHoqB79n1ZD01+aEGVLL5f5SV879mjfR/bQOxEJ2E98v+sgkOGlC c+zxC3gNrduPHvIGuK5jSsQ+g5DW+VP51Lw6g+FQgNRZQjtROp9VfPIFXTyQe8MqbHvDkX/ZFXNAu8 aKQvmfyrQSv32nXwOhRyUvBsq7YMNpEw5tdud1hVmJNg/0dGh2eY/AGjMa5JVsnVN4QbBLvgGhGqT9 camb6c2XcHf9mWoHSlfEG4e81gGiWkWMbkASfkHOBZ6EX/Z5HgYtH9N20zS4fMUYg9Di0ChEBrGYGv YLM333v24SOGwcOKOyNghGoUDw+juh4Quum23MthHk6uV+Ukmf7hTzsvyE7wy1D37AZGJpzk42FpKe 72X8bL5jcVLHUzRFwpfIXccSO7+M1E/jMAgXYvXsGlWA4= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 16/21] x86/tools/relocs: Ignore __kcfi_typeid_ relocations From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132240_728133_5B3919AF X-CRM114-Status: GOOD ( 10.06 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Ignore __kcfi_typeid_ symbols. These are compiler-generated constants that contain CFI type identifiers. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/tools/relocs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c index e2c5b296120d..2925074b9a58 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -56,6 +56,7 @@ static const char * const sym_regex_kernel[S_NSYMTYPES] = { "^(xen_irq_disable_direct_reloc$|" "xen_save_fl_direct_reloc$|" "VDSO|" + "__kcfi_typeid_|" "__crc_)", /* From patchwork Fri May 13 20:21:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849388 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DB22CC433F5 for ; Fri, 13 May 2022 20:27:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=tDSOaoYulGmGEXaiPIByDgQiENAHflIW7jJ8wNNaguM=; b=uW5eBsGfjAmHfWC5vzDI2bkxO8 WgzR0P/MTujWsKNGndJ6cQxlWBQYfnl9ibR+NFv+rrcf8PIHRDOE6b99isg3p6Aipa+YCnZ6VyHoB BEgi4exy4P/p0sPDNl7hWcpJ3yXINJ1z60sVyKXXk8m/E47jCjkAQ6KfQTGzIEGbZwYLV7ZjZLE6N Zexuig5VXyK53aDc8SzU8XI0bFEMAFE7xzBhr47IQBtLvRe0P3yUagu24HqyxQC1LyYah7DQrfLfh N9KMiG9XMNUfo/0jj0f8L+dz7auiE5PgersDqYOPfvNVi/NSEGBe/nBN72EQ5/flFepGO0Gl+R6l/ QpnbfFwg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbre-00HTCo-0k; Fri, 13 May 2022 20:26:19 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboA-00HRUI-Db for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:43 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id t42-20020a25aaad000000b00649d5b19ee3so8224964ybi.4 for ; Fri, 13 May 2022 13:22:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=nUpPaqC0eYL5Nt1oJAx9xMuIXQVPdTCitfDNswclMOQ=; b=NGUyzaEgTOzOQLTvGRKxy+h20499lPJi5/bsMfRsZPY50ZEZqUY00bPfA5hyNxQu4L vN8+OSPtEHMBxroLCTwKi1OSx4Vzz3fhx04vGmzP5a0PBrWxie/lCPWbhCj/liIjolRo NqTebXuV+en7aRSF+p/b93gOcmPVRpVzC7/GH3X/tKBVpb8qIKWEQT/gKhb+CzKbbYo4 +kCZheZew6tKW+x89Ktx1lasOXVEVag1VVYCJlE2snyDQ7WQcJEZnsYNaVnJjuzTop5H Nl4yioYKQ958oMvcKEMiiZhY/HU3opeNEd5zKqAeoqbQ4OqqG+TCsRg8h1wnkzkZ9mcJ 9zzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=nUpPaqC0eYL5Nt1oJAx9xMuIXQVPdTCitfDNswclMOQ=; b=YzfNQTmCd4VZfoJ6+oSYgJvxnAPAwDbwju+yoQcO19QkEDsvJaOKHRNoRuBY95bqsm vcoS6aZGVgUN5Y8M0OQTDdX9XaLW+Y1cBcQuL7fE6ox5R+jRfGLJf5Ql7aTzcwQA/BH9 eHvAoTAXllaaR4E+OWWAi10oNm3iOr8Xx2koyklkxXxaDISswd0L4avnP7TKg6H1RRKg Wn7HeQN71wkahNjic1PyV/IqaaD3gny8cC0XEiHba/Jws+ZLb5nWC3Ea8aSzADBB4jF4 obbtYB7Hm92ZfE9vGajir/JnXPogvWEaWFWLGt69mFXkVkCUCzoP+Ef9WEdS8Yisu6s9 9HsA== X-Gm-Message-State: AOAM533PuGiLDe3mM/8G5y/KlEC5iUeESIJp+PSGLdWOhwbVCZapufRs 9mE68kbDYgRb/qyh58aXUh3XHcl4YHdzozx6pPc= X-Google-Smtp-Source: ABdhPJym3cBdFsDpIM2tmSGXzSDbcw5wm3NKeWj4wDNkpC1RXx4qZwbZndlBzE2vMNk03H9K3mFgotzJMVnS9Ymc5Zo= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:526:b0:648:506b:1a0c with SMTP id y6-20020a056902052600b00648506b1a0cmr6623042ybs.254.1652473361076; Fri, 13 May 2022 13:22:41 -0700 (PDT) Date: Fri, 13 May 2022 13:21:55 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-18-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1843; h=from:subject; bh=Tzngjb8MoymH2ioVLVXdJdgOCZQILE66fWSMpHjt6pE=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lsRq/H1xovX9N/KUFK0NOk3o/nIT8tQQsdWEf Ofbm6FyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7sS1C/ 9gij0HCI9i3xZiRVcPO0F8xuDwz3inbEGwbWsTKqlXSy5gWjfweTKMJXIgkYcouSrgbOjhl8nzwPxL 81nocm/AhRTr3/yte0jvexKghAR3TJlP4Qu3fjMwdAN97zxjt9+LTucDd54iBkvR9iDd23FMge6C7j YPIYFUshdjCb3rqxtJyoMrTauMj1hPnhMANlj4WDN13X+Ay16VtB9w0JPAwwAy6A/uB5M3QACY2XJR pjpKA3O+1HU1Ojf7QN7z4DR63l/wHh3+xSKudUS0njUm7mZc617Z6n10l2nuxvfVFQVyvlFBS0hDPK +kj+tWdbgwuqRgr4/HwxWx0s5ssxvIn4V12RFbkaNEPiI78ESoVO5vyvelqxDjzRlWKId+HB9a6i8D 92WpY30bsvj+a1djwv5hmFiTsICSpLsIXFCeMZa5lwzBY2u/7GEdUcwnwzqyYUfLIYiqjbhnvExzYD 95XvQRRTCdT2ULBXckH5XIp+S2pLb8o2bqHbgUcKAJwDs= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 17/21] x86: Add types to indirectly called assembly functions From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132242_544192_F01EF03C X-CRM114-Status: GOOD ( 11.68 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, assembly functions indirectly called from C code must be annotated with type identifiers to pass CFI checking. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/crypto/blowfish-x86_64-asm_64.S | 5 +++-- arch/x86/lib/memcpy_64.S | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S index 802d71582689..4a43e072d2d1 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S @@ -6,6 +6,7 @@ */ #include +#include .file "blowfish-x86_64-asm.S" .text @@ -141,7 +142,7 @@ SYM_FUNC_START(__blowfish_enc_blk) RET; SYM_FUNC_END(__blowfish_enc_blk) -SYM_FUNC_START(blowfish_dec_blk) +SYM_TYPED_FUNC_START(blowfish_dec_blk) /* input: * %rdi: ctx * %rsi: dst @@ -332,7 +333,7 @@ SYM_FUNC_START(__blowfish_enc_blk_4way) RET; SYM_FUNC_END(__blowfish_enc_blk_4way) -SYM_FUNC_START(blowfish_dec_blk_4way) +SYM_TYPED_FUNC_START(blowfish_dec_blk_4way) /* input: * %rdi: ctx * %rsi: dst diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S index d0d7b9bc6cad..e5d9b299577f 100644 --- a/arch/x86/lib/memcpy_64.S +++ b/arch/x86/lib/memcpy_64.S @@ -2,6 +2,7 @@ /* Copyright 2002 Andi Kleen */ #include +#include #include #include #include @@ -27,7 +28,7 @@ * Output: * rax original destination */ -SYM_FUNC_START(__memcpy) +__SYM_TYPED_FUNC_START(__memcpy, memcpy) ALTERNATIVE_2 "jmp memcpy_orig", "", X86_FEATURE_REP_GOOD, \ "jmp memcpy_erms", X86_FEATURE_ERMS From patchwork Fri May 13 20:21:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849434 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C1952C433EF for ; Fri, 13 May 2022 20:30:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=x0k3tQYykJDbPdtcKEru+a5B4XBxY3L/wz4IE+ibMiU=; b=1KqperrBtFiZw+3d4qwB/Fnb1X p+fRKiqyPLL12n1jbRL/SyCx1FXjF5qBP4ONTVuM//OmIaS5xq/gFlZKudXCIkQkMcxCFdVkL0/dO EM/txRgsDmPBXeHaUSVEnMXxa0Eov7B2GB9RhCdMgWqE4Ptbgyatmm9j6cGmmfjbGe0KKT4WRPaLu e1o0Rha3DpB0ZhVXhR8lEGmg/ZvXu5m6zhiwr0p+FMFqchdB1CyTeCfO/JHP8qLC3wXy7VeShElwD +cN85DjmqmYGAGi37cSNBuN7emSJ0kWJTZRZok28+Js2nEyp+Z5kCIdmUiTsYb2KMOVWjVPyLYOX2 PYiXi2tg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbtm-00HUIW-MO; Fri, 13 May 2022 20:28:31 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboJ-00HRYE-3H for linux-arm-kernel@bombadil.infradead.org; Fri, 13 May 2022 20:22:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:Cc:To:From:Subject: References:Mime-Version:Message-Id:In-Reply-To:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=PfUOUCtWYZGmp8CXclCTWw0GE2v5WPFVxnxla7QB7vw=; b=ALn7iGhh4TiR2IkdkNm/9S0Pu0 zF+Lc2iXFPGOUxH8p5RWjAW04pjEUat5pH3qQ4avt24ba80A/OSXrFDDvRVRbdOt2f/txDd96y827 FRj8pc16yKK1EU0VQruBVOFhDl5LrcV7yz7q15gi4kuUevmXzVRxp8G6qUWvUBZB9VecaWL4rJGIz zGUPwptensvdDDzGypN9Ab+AuQvZph+fcsNpDGPKClVwkb1cpKeZW2ZRsdZueHWF9NgO4BpLRdYw3 pODI+le2RpmEdu9ZX5RNHyPxGE0cQdFCaYGHxPTypDXOZQu1JEsI5OQXaoFODN+h5bMRlrCQKoy7T V72rEwmA==; Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by casper.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboE-007fIj-A0 for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:49 +0000 Received: by mail-yb1-xb49.google.com with SMTP id n190-20020a25d6c7000000b0064b9bf694e1so2155229ybg.3 for ; Fri, 13 May 2022 13:22:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=PfUOUCtWYZGmp8CXclCTWw0GE2v5WPFVxnxla7QB7vw=; b=nCubo4qm3EWLu8ph4cU0J48klMHpfNRcdDDHvRk87yHuzwBoIBJ/AU7Zj01a7RdZIF t6ik+RXGU61svm9iFsdm0UO6eotpCIPJMowDcoGi43HtZioBN2GSc7Bb/24mH+Y1XxI/ H2UqwryguqTCBR6WTNv/1J0rrcU4SgUpj/DCVM+I43JCXI9PY0ZuqC6e3pyWT8kxLHXz aypLH1zJKclQCdpSo+hy/cCSzYH+emciZNSjzDJjmkCQGnRGZTqaCMDjwLCQp7F7hD8B lNK/pR0WZNB0QYRB2IObpdQwuIcXVOFy3fveUYDJmRy2HB/sObRtwd1nPyaJGlvjuvKx 1jew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=PfUOUCtWYZGmp8CXclCTWw0GE2v5WPFVxnxla7QB7vw=; b=pmb40Fd02JLYlkJqJGv25m3vKxI9JIWkcqKM9WXaIrjcEImapfqfks9UjjQmvzPzML c7u3VeK0QKNw4LJAndarNbFlyJ9K4fk2oAOiY3yJXg1GPmhvTI4eQdLF6ii2mD8Sx0Uz GttzrP+Nm/Wv5NEv+WYlGkEnDw6BgsmJYySNvYj1oVi93Duc9vAKLhhjn5Mmk6Gk+1FZ bMRhdI/U6a4UTTRW+jwi11ueY3+A6bgVUT3+gUyiQmh9LB8TLzxTCt9qhZHnO6HTqadW 6gr8Pa+R6d25iP6sKg8fg7vDtMjW/AIuPFwkfxFzvU39bwvxecPjrmBTJWUCrB6h7LkL Sg5Q== X-Gm-Message-State: AOAM533WNic33vle9TY7lgg/6i/mhtf0YdRTvJcYn9wfG7EVXhh2JhRN jlImIZurxNbP/e6wHfHVd1AkbOmvQ/WxkQZ7MeA= X-Google-Smtp-Source: ABdhPJw+D7t6SSlbjDlENv5lafSoapQJ6Q274oZIPQGeVXoNM9Zg7HmZCxd74l5G/0JMvVqt1aRLChSV/AE8SNevvWU= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:8c03:0:b0:649:c7f8:1fc9 with SMTP id k3-20020a258c03000000b00649c7f81fc9mr6802241ybl.587.1652473363438; Fri, 13 May 2022 13:22:43 -0700 (PDT) Date: Fri, 13 May 2022 13:21:56 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-19-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=867; h=from:subject; bh=1zGkTRBFsYQeOh1nY0Ftktys2F76fLo0aIs4c+r3/F0=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3lqAwmlxBUGYGrHtGRBycX29CVlKsWO3WkULXp 4RXxZyyJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7iRJC/ 40aO3dHx7HRqL5IBxJl4LEnss6Sben7NjXL1WF89h7qFltZ5dAJeU01SJQLXBbFrGMVwlJ6QXAdGEj 635LhB+9rvz3J3LtnqvUssb7EF73SxuPBnb6OMm+qYoJRX6x4QzHFUBMSpT7nQgeSRXxgqGzkDSRup vh3xGCK6gB9qpNMP6tfQC0arD6MlBlA6GdKe9mp1HvtqGMQB7swpv2WD9cOCfE9KLcH0y91ynQ6g4U UZPiaQZWKDZYiQPJldKSe7moKZrikR0U0Qo5Q553qfQPjeadJ5XvtghpEAkLCafukyveKh4N09VV1w S5uP5cVYPc1iWKtXKqmCRwCpMMwF7IuEhjpg+hVIGDfAoBFfQZc7B4mxMlOChIzO8+9ddE4OTx6XxB YRAfx/UF3uy7/M0r/sDjqemuUQ62BUUmbl2fY3WLz7xKDa+6xiPI1E+yb9szaxBwq3DbFWH1ubyPnI mSllpHUKTR62DNzA8dewcd7rUu26o+Zb8p+isVc2xVeb0= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 18/21] x86/purgatory: Disable CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_212246_375785_481330D8 X-CRM114-Status: UNSURE ( 8.96 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Disable CONFIG_CFI_CLANG for the stand-alone purgatory.ro. Signed-off-by: Sami Tolvanen Reviewed-by: Nick Desaulniers Tested-by: Nick Desaulniers Tested-by: Sedat Dilek Reviewed-by: Kees Cook --- arch/x86/purgatory/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index ae53d54d7959..b3fa947fa38b 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -55,6 +55,10 @@ ifdef CONFIG_RETPOLINE PURGATORY_CFLAGS_REMOVE += $(RETPOLINE_CFLAGS) endif +ifdef CONFIG_CFI_CLANG +PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_CFI) +endif + CFLAGS_REMOVE_purgatory.o += $(PURGATORY_CFLAGS_REMOVE) CFLAGS_purgatory.o += $(PURGATORY_CFLAGS) From patchwork Fri May 13 20:21:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849432 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 127C8C433F5 for ; Fri, 13 May 2022 20:28:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=ly0D9pKWBRDNBa2zd64kB223IAcdj59A5JkyiQ9agTo=; b=sJW5h15ly83atoCmT4kmOqax6T zSy/00J4gzwYqG0AArcyFRWnY05fYFQWfg8vdM8Pz2UjWDW43NLgSK1dny6d8MuVn+Cc/FuTwBD/3 6M8KRQus+FmKSZugEkIT7EKpbOtI3K6cxW0cD/VKcjPvWTedzsB+v9YrgeWTTNLCnL/IurXJK0Ytb S2lvlMWt0+zsTtfpaAfaCU1IXglnddZV43nvik29QJizbrkzsfQjzKeZahvqQstkAG1SWvTi61xtF 6cEMSEpRDouCVUBP2CopSMzz4SygBosxy2bPNDRupYu5CUkZGBVIAWL+FagNGgPGOoCDyG6aMj3rF pAwAFj6w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbsP-00HTXI-W3; Fri, 13 May 2022 20:27:06 +0000 Received: from mail-yw1-x1149.google.com ([2607:f8b0:4864:20::1149]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboF-00HRWT-8J for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:48 +0000 Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-2f7c322f770so81167427b3.20 for ; Fri, 13 May 2022 13:22:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=sN1MQIdlcLov8VgTjyWeulzGcdWJ7BEX/VgFu9sqEms=; b=NDN+pnJemIaCSxm+K2o9kM8xoxP4AQp7FKNhm67B5YN9f5EDBtjQNKeP31f39bv4/X u7Sta5zaVqNE8LpDfbgbrzZSc89IJTRdfylKuFMkp86I7w1oQQ7UKjoL47AzIJGV2wY4 9LsNi1Ao6snjicLqufdQjigC9QuO4Lj+vJJw7hg8/6NkaOuIZDEnaS2id6So0DG0ta2C SvvhUKEOlmhey8NHV9HehLbFjkcnVEoZHby8OxicoYYxpFyzgd1HR0qIC2KTzvXjto4r dZJbPHQ/lkgGGEiIG2FhPu3ibzslDXp4HRuIKvuvNFZvOS/+/U8h2BmuRQ7EWpXo/BrE bNrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=sN1MQIdlcLov8VgTjyWeulzGcdWJ7BEX/VgFu9sqEms=; b=fCtcVCuvnj+3VAiC7necdHipBFwZaF6NH2BBDYsiqWJJRPNnx4Ig+p3+X+0vqUy3Ip KWVjyiOaSXI4rx+6/TeDYKBeFd+0OVgAGtSBh8yP+ycrnabkY3QXalzH943IK5XaGTyp gJrWrLVpXN8x9QLzR/+0zgcroWIJ7IKh+fJ96y2s1dUzXF/ucJx0TKEsMXbnqf3/0lw4 brMYg5dQxAgqQ9FGVfn65/UPaMS2ZK5G4b6Ku9GiuyxV3IoaHa7Ew059hQ2r4G5DxGxz srpGzidK86wzs2IdlwyLvQoenRVg+NXr5uJi7F4jEyWd0vjDJb92vM3C6ipNjsBWqON2 HKNQ== X-Gm-Message-State: AOAM5305z0v1d0r+A9vE2kCYyjLKQbLEOS5yLtpeo6pBQlhVR7WZVPIf p4CQZ1KjdnwQHEbaFOrJQJ2m+f3ze9xZ2kEV9WA= X-Google-Smtp-Source: ABdhPJx5nJW+fLyEvpdIEtsWTO7Bccf8P7rQGyFfkNsIumtMA98HgpHClV78e0G6XQroqhr1CVABaVT70arCD7DKWJc= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a05:6902:3c4:b0:64b:9947:ae0c with SMTP id g4-20020a05690203c400b0064b9947ae0cmr4277666ybs.139.1652473365524; Fri, 13 May 2022 13:22:45 -0700 (PDT) Date: Fri, 13 May 2022 13:21:57 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-20-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=1427; h=from:subject; bh=57qcu+U/ESwPOD6Y+SONkBgb7Co02QyfDr74Uk03b6A=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3l0ipJhNE6eoVPfJVHE9QVfJa5ZOmTd70bEYHX Y/YEamOJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695QAKCRBMtfaEi7xW7uSFC/ 0ZKCyQe27MbqBSzxoH/uHRZkF/mRGq3PzbQqycBC63gV53AhsNrxa68cqQI/p9ZTMUlHpbuqgxceYo GjOUCTNfeFJQjNAvcAtAQ4FVHmv7MHC5RaI6Zkv+hnIWlXizBxMSPe2QPGCU44v2xkUx2bDxbItGGX HU4Yj5bSd0gZIL0BsXOTeqEWlBel1tof7WIru7x5Cc63rAUVarAFiecr4J5owvzEya+9gnBPxYDcra ay5jeQ/kViL1zXdWuWv/c8lO2bshaKGI+7byXNTzIm1NyKM1Bc34y+t7X9RVLcTWX6+AalxYela27+ Cs7ndV9QgHxu5DDVyrwFBg79BVA2y34witGsut8PgrYolzywRZxaAJKu9U5O3U8UX9U83Kk8iiPCg7 lnvfvJ+JEZUT2MG1p2X4EhWueUL2cbGs3eL+XCeAouQAA4iV2dYhb+hVPp2BwiDIf9yLF5O+QaFQHu MWoGpc8TGw8nfWrniueaU8rSDQl15j0/F9fJPb4Z8u43c= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 19/21] x86/vdso: Disable CFI From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132247_361204_BFCBEBB5 X-CRM114-Status: GOOD ( 11.00 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org CC_FLAGS_LTO no longer includes CC_FLAGS_CFI, so filter these flags out as well. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- arch/x86/entry/vdso/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile index 693f8b9031fb..abf41ef0f89e 100644 --- a/arch/x86/entry/vdso/Makefile +++ b/arch/x86/entry/vdso/Makefile @@ -91,7 +91,7 @@ ifneq ($(RETPOLINE_VDSO_CFLAGS),) endif endif -$(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) +$(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) # # vDSO code runs in userspace and -pg doesn't help with profiling anyway. @@ -151,6 +151,7 @@ KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32)) +KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_CFI),$(KBUILD_CFLAGS_32)) KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic KBUILD_CFLAGS_32 += -fno-stack-protector KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) From patchwork Fri May 13 20:21:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849433 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 591EBC433EF for ; Fri, 13 May 2022 20:29:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=lL5OxdAGGPQSbkaDzTR/vjg6aicUaLYBJzd2hdryM94=; b=CmTMc6UwrcrLcbKqpyM8OA1HzJ i0bCqWwmqsVXCrx0Xv8DgBHfpuqkF5WiRBS+O4Yq7MYEAj8kDWrkTNAHKq2TuKwPz+R3kcCr6cXrq feVIiLbZIRBHjVbNpv2TRCEZRye8SV7MEC2tMByNBe0FCkmx04ridL+8A/ziTfx20+U3AwhApbXvs rp3WSKUz3JO7Cs+MyAzjQzd9KYlumjYOT+6pXhQzufdbDGIbTYZ7dZ2rJiXyC57+o5E7BMd0FGJA1 8L9q/nI5TFTmw1fBByjILkDdUuepTEr4SdQZG6lxHA4ZlH8oUfFXQXBApLQcVpBa3Zjh+Evs7oQ4+ 8U8Rz6JA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbt9-00HTvD-Tc; Fri, 13 May 2022 20:27:52 +0000 Received: from mail-yb1-xb4a.google.com ([2607:f8b0:4864:20::b4a]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboH-00HRXQ-B1 for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:50 +0000 Received: by mail-yb1-xb4a.google.com with SMTP id 9-20020a250909000000b006484b89c979so8125417ybj.21 for ; Fri, 13 May 2022 13:22:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc:content-transfer-encoding; bh=JmUcB71UJsapD3GVrO4eUWV0XUj+8/03004nVnvcXak=; b=q+waAbIPDqPXiH8Wgpa93Fc43zirFgzfaoRzu0Q5jNfW74oP0t5HWD2wC1p1VHbruB 7qYzcZ894qexmN06FGKvFmNxzmoZjlpErpk9CisCKJylmj/NZCW/7c+4QXNZUzkOyqY5 ZmrN+OotCHK0Zxe6n6widKeoxY6e4P6cB5hh8ACBmzF3WPinJVT7094cUhFIg4g9rOgH HrYQk4QQjb3Yg8txeGH/fxa1z+bPXdFTIoOUn6STFBkAo5+racs7j7HLOp+WR7/u5i9Z fbE+JWGAc+uThCpOJoTMigL5puZSpV0KB0FiT9EKn/mSiY0cT9VjwEJD/StPJlOU0Cev 8cFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc:content-transfer-encoding; bh=JmUcB71UJsapD3GVrO4eUWV0XUj+8/03004nVnvcXak=; b=30io0hDIZqT0yQnmrzjsGqkLE/h35dim/ecGAJKgaAupdxyJ+k4UcAgc7KSstSoFbk WhAc0veNWf2Rjd0UNcmANw+NOYqlkYNk5f3yF2TzZM/+pwCjLQt7/Fsfj5nHl5kzndno /ZbEAZzKTRp3R/+kaa2tv3s3ABwsFBfFR7pSAoEgg3Oj5BzQ8gP61a+XuNcnCHblscaS OiJCADo9FgMT+mWB8UTqgCBJI5ivH+bWyD9a9yAdIijNk/Dd+7oYDKQG6e6hWwc8Oosl RaZUX23eqbaHdYjl18bHWCkvI/Cd7QDeJmu7hEwmH0ntTmCjhXQ85lwIv356+pIT9P+e NJfA== X-Gm-Message-State: AOAM5333kwxoB/lZSJAIurojQf5oTJa7eZ+DgTj2CwNrKCo8bPWIVtzc KUFSdgl6yDeZjJFPy50nt3fHNsM7vCnsb1fgtLo= X-Google-Smtp-Source: ABdhPJxGXIqwfLWWVdQxKuBrR4ghlUD/U84TY8XUBMGdfyRVGJlvO7KK85ebE9nSek/CneTaJ2zwEZeCATeLZcT7B6g= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:ca0b:0:b0:648:3e2d:3f1e with SMTP id a11-20020a25ca0b000000b006483e2d3f1emr6403961ybg.362.1652473367748; Fri, 13 May 2022 13:22:47 -0700 (PDT) Date: Fri, 13 May 2022 13:21:58 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-21-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=4439; h=from:subject; bh=bn6mttx/+N79EqzqH4lUGVrrHJpkhXhGEyYfvAshG7g=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3miAgPARrfh1jZo/AMj9afOxuevNvNz1zEXoxO T5E2BAmJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695gAKCRBMtfaEi7xW7uTzC/ 9b9JUjgkRS+vIpbCBv2wAQzLNRFHZegpFnvMQoIRaCvqoY5boY6o0Xuz4QszhTRn1+ascJMVcRMW6Z oHJDJPwlebdNS6OMzh83h9gqPCPvFqtHxuUILPy4WV3SidB7tv86rJaDoTIajuK3Ea40avqwWsmfOF aRuH7ecXZnSmH7uiY0mhXR/DbiXrBK5xh4ZTiuCx307rT3EhXyn6Ct4FnxDH9pCtH73EbaXflqQkBa ryRG4iDZf5TcRVeSDnJr+U81TkzvdCCXZmcWq4wo7r3BL3GeMZOZurN5sSNndagsAYijRCnfD5cj5o e4gPm+t6uteLjf2G920Xk43zl0MKhtuWtH2aeRse7fvHufNm5LLJjPTbMjQcA9/IvOaIMWixIS/bpw s2jg8SjAkgt4uypGp881cRfUjnY6/ujb0NCeb7C8YoA+20X4sdEJgSLx5vdf1D6AhEjOF5QG/7NyUa KNnOpBF6vXJPl0DlF3Ic+IY/CA2aDA/bukfnAaBt3CIeg= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 20/21] x86: Add support for CONFIG_CFI_CLANG From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132249_423863_16E106E7 X-CRM114-Status: GOOD ( 19.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately before each function and a check to validate the target function type before indirect calls: ; type preamble __cfi_function: int3 int3 mov , %eax int3 int3 function: ... ; indirect call check cmpl    , -6(%r11) je .Ltmp1 ud2 .Ltmp1: call __x86_indirect_thunk_r11 Define the __CFI_TYPE helper macro for manual type annotations in assembly code, add error handling for the CFI ud2 traps, and allow CONFIG_CFI_CLANG to be selected on x86_64. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Kees Cook --- arch/x86/Kconfig | 2 ++ arch/x86/include/asm/linkage.h | 12 +++++++ arch/x86/kernel/traps.c | 60 +++++++++++++++++++++++++++++++++- 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 4bed3abf444d..2e73d0792d48 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -108,6 +108,8 @@ config X86 select ARCH_SUPPORTS_PAGE_TABLE_CHECK if X86_64 select ARCH_SUPPORTS_NUMA_BALANCING if X86_64 select ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP if NR_CPUS <= 4096 + select ARCH_SUPPORTS_CFI_CLANG if X86_64 + select ARCH_USES_CFI_TRAPS if X86_64 && CFI_CLANG select ARCH_SUPPORTS_LTO_CLANG select ARCH_SUPPORTS_LTO_CLANG_THIN select ARCH_USE_BUILTIN_BSWAP diff --git a/arch/x86/include/asm/linkage.h b/arch/x86/include/asm/linkage.h index 85865f1645bd..0ee4a0af3974 100644 --- a/arch/x86/include/asm/linkage.h +++ b/arch/x86/include/asm/linkage.h @@ -25,6 +25,18 @@ #define RET ret #endif +#ifdef CONFIG_CFI_CLANG +#define __CFI_TYPE(name) \ + .fill 7, 1, 0xCC ASM_NL \ + SYM_START(__cfi_##name, SYM_L_LOCAL, SYM_A_NONE) \ + int3 ASM_NL \ + int3 ASM_NL \ + mov __kcfi_typeid_##name, %eax ASM_NL \ + int3 ASM_NL \ + int3 ASM_NL \ + SYM_FUNC_END(__cfi_##name) +#endif + #else /* __ASSEMBLY__ */ #ifdef CONFIG_SLS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c index 1563fb995005..320e257eb4be 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -295,6 +296,62 @@ static inline void handle_invalid_op(struct pt_regs *regs) ILL_ILLOPN, error_get_trap_addr(regs)); } +#ifdef CONFIG_CFI_CLANG +static void decode_cfi_insn(struct pt_regs *regs, unsigned long *target, + unsigned long *type) +{ + char buffer[MAX_INSN_SIZE]; + struct insn insn; + int offset; + + *target = *type = 0; + + /* + * The compiler generates the following instruction sequence + * for indirect call checks: + * + *   cmpl    , -6(%reg) ; 7 bytes + * je .Ltmp1 ; 2 bytes + * ud2 ; <- addr + * .Ltmp1: + * + * Both the type and the target address can be decoded from the + * cmpl instruction. + */ + if (copy_from_kernel_nofault(buffer, (void *)regs->ip - 9, MAX_INSN_SIZE)) + return; + if (insn_decode_kernel(&insn, buffer)) + return; + if (insn.opcode.value != 0x81 || X86_MODRM_REG(insn.modrm.value) != 7) + return; + + *type = insn.immediate.value; + + offset = insn_get_modrm_rm_off(&insn, regs); + if (offset < 0) + return; + + *target = *(unsigned long *)((void *)regs + offset); +} + +static enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + if (is_cfi_trap(regs->ip)) { + unsigned long target, type; + + decode_cfi_insn(regs, &target, &type); + return report_cfi_failure(regs, regs->ip, target, type); + } + + return BUG_TRAP_TYPE_NONE; +} +#else +static inline enum bug_trap_type handle_cfi_failure(struct pt_regs *regs) +{ + return BUG_TRAP_TYPE_NONE; +} +#endif /* CONFIG_CFI_CLANG */ + static noinstr bool handle_bug(struct pt_regs *regs) { bool handled = false; @@ -312,7 +369,8 @@ static noinstr bool handle_bug(struct pt_regs *regs) */ if (regs->flags & X86_EFLAGS_IF) raw_local_irq_enable(); - if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN) { + if (report_bug(regs->ip, regs) == BUG_TRAP_TYPE_WARN || + handle_cfi_failure(regs) == BUG_TRAP_TYPE_WARN) { regs->ip += LEN_UD2; handled = true; } From patchwork Fri May 13 20:21:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sami Tolvanen X-Patchwork-Id: 12849437 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A40B6C433EF for ; Fri, 13 May 2022 20:32:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=j7flD9lsXfsruhnz5o6y8KNUekY7xbzJgH5YYZf6Y70=; b=gLHVkr9Cf0rZ0MFZZj88K0KAjs 4qD7+N4p4o6TjyGEqKvO9vlsJfnbl/iuHSIKD0T0INkYoOPKJkjy6Bp6v6ulZ84jQys0mJCxW3Va4 hJ0N/BPDhLwk8Kn/+3lMZ9Ohbm3tZnPFvJ7Lix/FxJNlmI3HfJPzbgZpK3KDf7uTfMzqH6wh11Br0 e6VY2a1qlKgIkOKThpp0S77OScBtaSsElo89foqA0pTuvipyRWe4h4Fz3pJNkN+pQgWICkg8d4ucq pqvf7TEkonWw9UVKWTU1fhOnyOkTKAxV5io+Jp2SkQKxX9MA82gSa0vG5nMQnV+4xVX8uDeIBFSN6 mGk+w/hw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1npbwc-00HW4I-30; Fri, 13 May 2022 20:31:27 +0000 Received: from mail-yb1-f202.google.com ([209.85.219.202]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1npboM-00HRYd-7M for linux-arm-kernel@lists.infradead.org; Fri, 13 May 2022 20:22:55 +0000 Received: by mail-yb1-f202.google.com with SMTP id b33-20020a25aea1000000b0064588c45fbaso8148478ybj.16 for ; Fri, 13 May 2022 13:22:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=dlbVbF+zSH65SmcGkXw1HXEqEtfYUZQQn63+I2niGUI=; b=suo26qtPRItoyTwDfbbz3LASboBjKdoSMFI8aXUKdlLp7CvixfOiS0uW8H0gGPFal2 ufgd4A/bFbLLb35MHsIFdaYntoAIZwz2uyf3z8bMRt81n9k1SU3nJTLVFvOQgb2SG8Fu bxKBgJRrvLFgiFjcPBc5Ql/tiiDyCHMFHdMWHyl55ksvDj3IxU5xl8BS15jw7IGglpoD rCWQ6dehGYNUVVdSLJleQQBFDeVcxeS2wdMj89py0SHeVj1/phR+9VxOKeAhx/R3o0y3 dxmzZBsr6Kb5ReKmsDe4eAPOCfkU7q2HMZmt2/P07pSpGYOWb8T5SJmlzQByOBASF86u WdkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=dlbVbF+zSH65SmcGkXw1HXEqEtfYUZQQn63+I2niGUI=; b=LdJsQgcliy0Aobf9tWF9Y9ioKc5vjwa2rhr+CwoE7OrAso7gOZyK605Llxt83sT8zr cyuVGzIItxH8IUSUcW/MqFlXJYiEkJKZVkj6FJV5VIwEYZc5lktAUFrGXmc5tXXX2ajQ nZGPbsvN3ea01GIgArAj5HmI5PH17SrbAVx4pmum0eYSDE2pMJcKVGMW3WLNlsBDMUvX gx0qTMWDfAmW77/BMDF0pWVc3MnkRQtuq9s5ru67gOuc2wOqUWWZH4q8Pk/HnfDa+xpy dVQLC0w0kkLpnWHidE3Gh9qRbkvgFdzl/jr+sFv24z8iPI5FL6oydMlJC0X2ZGwTzOp6 UNpQ== X-Gm-Message-State: AOAM532qHMcB5PQFtIoqqDZciR7oi3SUGJrbdypPIyGQvZVcr29j2J7I 1ZUniMAgmsqAlPuRzuQHyDf1OL1Ab7wP1O/pUGI= X-Google-Smtp-Source: ABdhPJzFM48oKh50rHebCrOHf34tcszegLHZxSEku5WBt1TgwOcHyEAQ0+hAqjBZ97NekznHKYIzAU+Im42Yn+P0SW0= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:e0:c17e:c2dc:13eb]) (user=samitolvanen job=sendgmr) by 2002:a25:3441:0:b0:64b:dc55:bdd2 with SMTP id b62-20020a253441000000b0064bdc55bdd2mr2715370yba.75.1652473369915; Fri, 13 May 2022 13:22:49 -0700 (PDT) Date: Fri, 13 May 2022 13:21:59 -0700 In-Reply-To: <20220513202159.1550547-1-samitolvanen@google.com> Message-Id: <20220513202159.1550547-22-samitolvanen@google.com> Mime-Version: 1.0 References: <20220513202159.1550547-1-samitolvanen@google.com> X-Developer-Key: i=samitolvanen@google.com; a=openpgp; fpr=35CCFB63B283D6D3AEB783944CB5F6848BBC56EE X-Developer-Signature: v=1; a=openpgp-sha256; l=873; h=from:subject; bh=EnKTZWbwTuwhGtVwGe8P9VjRM8gy1nwr12ORzB61S+o=; b=owEB7QES/pANAwAKAUy19oSLvFbuAcsmYgBifr3mfZ8/2S8lWN4wX+IbgzR7T53VLtyDzI5tt2rz WJL+EaaJAbMEAAEKAB0WIQQ1zPtjsoPW0663g5RMtfaEi7xW7gUCYn695gAKCRBMtfaEi7xW7pVmC/ 9a3zu00Ju5TXxz0xiUJonHs8P0BGs4hr5NmWM2GMbyFjujv8hZeNGa4mbYKHKM5PCQQ5gvZgix8xN7 pycP7Dh2F7rK9HP2Fk6aH55ONw1ChCEHEzVNMB01KLR5+6/b4c4y7TCE3ZD3mF3h76hXjR8das2Zy8 /l8yvdEZQEHquOWm1zBiS8yJvQi3QiroJFJv29MfZwGqv77y80QGHlf3OYSNsl1cli2prx6ZgDNeja U700rcBs2hsB/3Idgu5rWH2o1LwNQhhLXRSSPCJ+RDTgVj3o3z2qnQbJNcqWpzelCvO9OedQQVoUBc ijxVLEzzl1xpeBdNk1MBk5Yt1djJtfSIXAccu2h/e8gme3qYn4dkUdt/4mtjccvvFGzy5KZnCTFIAk UTsfhTj2V9f+6fyGCQ3hu/sQOzwh7XJUzd+IyJINOyFAw+0gRm/XHYEstiM2STE6izuoI7QWPXRpM3 9+1GAAvAXf8upx6jl7Yk6dH45w3SkswkAp7IP4wLfr7Y4= X-Mailer: git-send-email 2.36.0.550.gb090851708-goog Subject: [RFC PATCH v2 21/21] init: Drop __nocfi from __init From: Sami Tolvanen To: linux-kernel@vger.kernel.org Cc: Kees Cook , Josh Poimboeuf , Peter Zijlstra , x86@kernel.org, Catalin Marinas , Will Deacon , Mark Rutland , Nathan Chancellor , Nick Desaulniers , Joao Moreira , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, Sami Tolvanen X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220513_132254_304014_8FFD8278 X-CRM114-Status: GOOD ( 12.35 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org It's no longer necessary to disable CFI checking for all __init functions. Drop the __nocfi attribute. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook --- include/linux/init.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/init.h b/include/linux/init.h index 76058c9e0399..a0a90cd73ebe 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -47,7 +47,7 @@ /* These are for everybody (although not all archs will actually discard it in modules) */ -#define __init __section(".init.text") __cold __latent_entropy __noinitretpoline __nocfi +#define __init __section(".init.text") __cold __latent_entropy __noinitretpoline #define __initdata __section(".init.data") #define __initconst __section(".init.rodata") #define __exitdata __section(".exit.data")