lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Aug 2021 09:56:40 -0700
From:   Andy Lutomirski <luto@...nel.org>
To:     Sami Tolvanen <samitolvanen@...gle.com>, x86@...nel.org
Cc:     Kees Cook <keescook@...omium.org>,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Sedat Dilek <sedat.dilek@...il.com>,
        linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org,
        clang-built-linux@...glegroups.com
Subject: Re: [PATCH v2 08/14] x86/extable: Do not mark exception callback as
 CFI

On 8/23/21 10:13 AM, Sami Tolvanen wrote:
> From: Kees Cook <keescook@...omium.org>
> 
> The exception table entries are constructed out of a relative offset
> and point to the actual function, not the CFI table entry. For now,
> just mark the caller as not checking CFI

Does this *mark* the caller as not checking CFI or does it actually make
the caller stop checking CFI?  What are the semantics of a __nocfi function?

> The failure is most visible
> at boot with CONFIG_DEBUG_RODATA_TEST=y.

What's the failure?

> 
> Signed-off-by: Kees Cook <keescook@...omium.org>
> Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com>
> ---
>  arch/x86/mm/extable.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
> index e1664e9f969c..d150d4d12d53 100644
> --- a/arch/x86/mm/extable.c
> +++ b/arch/x86/mm/extable.c
> @@ -155,6 +155,7 @@ enum handler_type ex_get_fault_handler_type(unsigned long ip)
>  		return EX_HANDLER_OTHER;
>  }
>  
> +__nocfi
>  int fixup_exception(struct pt_regs *regs, int trapnr, unsigned long error_code,
>  		    unsigned long fault_addr)
>  {
> 


This at least needs a comment explaining what's going on.  But maybe it
could be fixed better by either having the extable entry resolve to the
magic CFI table entry (can this be done?) or by marking the actual
indirect call or the type of the variable through which the call is done
as being a non-CFI call.

--Andy

Powered by blists - more mailing lists