lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 Mar 2021 14:27:07 -0700 From: Sami Tolvanen <samitolvanen@...gle.com> To: Kees Cook <keescook@...omium.org> Cc: Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Masahiro Yamada <masahiroy@...nel.org>, Will Deacon <will@...nel.org>, Jessica Yu <jeyu@...nel.org>, Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>, "Paul E. McKenney" <paulmck@...nel.org>, Christoph Hellwig <hch@...radead.org>, Peter Zijlstra <peterz@...radead.org>, Sedat Dilek <sedat.dilek@...il.com>, bpf@...r.kernel.org, linux-hardening@...r.kernel.org, linux-arch@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org, linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org, clang-built-linux@...glegroups.com, Sami Tolvanen <samitolvanen@...gle.com> Subject: [PATCH v4 03/17] mm: add generic function_nocfi macro With CONFIG_CFI_CLANG, the compiler replaces function addresses in instrumented C code with jump table addresses. This means that __pa_symbol(function) returns the physical address of the jump table entry instead of the actual function, which may not work as the jump table code will immediately jump to a virtual address that may not be mapped. To avoid this address space confusion, this change adds a generic definition for function_nocfi(), which architectures that support CFI can override. The typical implementation of would use inline assembly to take the function address, which avoids compiler instrumentation. Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com> Reviewed-by: Kees Cook <keescook@...omium.org> --- include/linux/mm.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 8ba434287387..22cce9c7dd05 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -124,6 +124,16 @@ extern int mmap_rnd_compat_bits __read_mostly; #define lm_alias(x) __va(__pa_symbol(x)) #endif +/* + * With CONFIG_CFI_CLANG, the compiler replaces function addresses in + * instrumented C code with jump table addresses. Architectures that + * support CFI can define this macro to return the actual function address + * when needed. + */ +#ifndef function_nocfi +#define function_nocfi(x) (x) +#endif + /* * To prevent common memory management code establishing * a zero page mapping on a read fault. -- 2.31.0.291.g576ba9dcdaf-goog
Powered by blists - more mailing lists