lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 May 2022 14:28:22 +0200 From: Rasmus Villemoes <linux@...musvillemoes.dk> To: Kees Cook <keescook@...omium.org>, Sami Tolvanen <samitolvanen@...gle.com> Cc: linux-kernel@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>, Peter Zijlstra <peterz@...radead.org>, x86@...nel.org, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Mark Rutland <mark.rutland@....com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Joao Moreira <joao@...rdrivepizza.com>, Sedat Dilek <sedat.dilek@...il.com>, Steven Rostedt <rostedt@...dmis.org>, linux-hardening@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, llvm@...ts.linux.dev Subject: Re: [RFC PATCH v2 07/21] cfi: Add type helper macros On 14/05/2022 23.49, Kees Cook wrote: > On Fri, May 13, 2022 at 01:21:45PM -0700, Sami Tolvanen wrote: >> With CONFIG_CFI_CLANG, assembly functions called indirectly >> from C code must be annotated with type identifiers to pass CFI >> checking. The compiler emits a __kcfi_typeid_<function> symbol for >> each address-taken function declaration in C, which contains the >> expected type identifier. Add typed versions of SYM_FUNC_START and >> SYM_FUNC_START_ALIAS, which emit the type identifier before the >> function. >> >> Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com> > > And the reason to not make this change universally (i.e. directly in > SYM_FUNC_START) is to minimize how many of these symbol annotations get > emitted? (And to more directly indicate which asm is called indirectly?) > > What happens if an asm function is called indirectly and it doesn't have > this annotation? Presumably that's a fail. I'm also interested in how this works at the asm/linker level. I assume that the .o file generated from the asm input has __kcfi_typeid_<function> as an undefined symbol; the compiler emits that symbol as an absolute one upon taking the address of <function>, and the linker then has the info it needs to patch things up. But what then happens if we have some function implemented in assembly which for whatever .config reason never has its address taken in any .c translation unit that gets linked in? Does the __kcfi_typeid_<function> symbol silently resolve to 0, or does the link fail? I can't really imagine the compiler emitting __kcfi_typeid_<function> symbols for each and every function it sees merely declared in some header. Two different .c files both taking the address of <function> should of course emit the same value for __kcfi_typeid_<function>. Is there any sanity check anywhere that that's actually the case? Can we please have some objdump/readelf output from some .o files involved here? Rasmus
Powered by blists - more mailing lists