lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 19 Jul 2020 17:50:31 +0200
From:   Oscar Carter <oscar.carter@....com>
To:     Steven Rostedt <rostedt@...dmis.org>,
        Ingo Molnar <mingo@...hat.com>,
        Kees Cook <keescook@...omium.org>
Cc:     Oscar Carter <oscar.carter@....com>, linux-kernel@...r.kernel.org,
        kernel-hardening@...ts.openwall.com, Jann Horn <jannh@...gle.com>
Subject: [PATCH v2 0/2] kernel/trace: Remove function callback casts

In an effort to enable -Wcast-function-type in the top-level Makefile to
support Control Flow Integrity builds, there are the need to remove all
the function callback casts.

ftrace_ops_list_func() can no longer be defined as ftrace_ops_no_ops().
The reason for ftrace_ops_no_ops() is to use that when an architecture
calls ftrace_ops_list_func() with only two parameters (called from
assembly). And to make sure there's no C side-effects, those archs call
ftrace_ops_no_ops() which only has two parameters, as the function
ftrace_ops_list_func() has four parameters.

This patch series is a new proposal for the work start by me [1] and
followed by the Steven Rostedt patch [2] and Jann Horn comments [3].

This new proposal removes all the function callback casts without the
use of linker magic and so is more CFI friendly.

The first patch prepares the needed infrastructure to remove all the
function callback casts. This infrastructure is based in a new union
type to manage two different function pointers (2 parameters and 4
parameters) using the same variable. Also create two static inline
helpers to set and compare against the fields of the new union type.
The helpers are duplicated for the archs that support ftrace ops and
for the archs that don't support ftrace ops as both cases use different
function prototypes.

The second patch removes all the function callback casts using the
infrastructure defined previously in the first patch.

[1] https://lore.kernel.org/kernel-hardening/20200614070154.6039-1-oscar.carter@gmx.com/
[2] https://lore.kernel.org/kernel-hardening/20200617165616.52241bde@oasis.local.home/
[3] https://lore.kernel.org/kernel-hardening/CAG48ez04Fj=1p61KAxAQWZ3f_z073fVUr8LsQgtKA9c-kcHmDQ@mail.gmail.com/

Changelog v1->v2
-Discard the idea behind the v1 patch.
-Use a new union type to manage two different function pointers.
-Create the infrastructure to remove the casts.
-Remove the casts using the new infrastructure.

Oscar Carter (2):
  kernel/trace: Prepare to remove function callback casts
  kernel/trace: Remove function callback casts

 kernel/trace/ftrace.c | 80 +++++++++++++++++++++++++++++++++----------
 1 file changed, 61 insertions(+), 19 deletions(-)

--
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ