[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200724123528.36ea9c9e@oasis.local.home>
Date: Fri, 24 Jul 2020 12:35:28 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: Oscar Carter <oscar.carter@....com>
Cc: Ingo Molnar <mingo@...hat.com>, Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
Jann Horn <jannh@...gle.com>
Subject: Re: [PATCH v2 2/2] kernel/trace: Remove function callback casts
On Fri, 24 Jul 2020 18:19:21 +0200
Oscar Carter <oscar.carter@....com> wrote:
> > The linker trick is far less intrusive, and I believe less error prone.
>
> If we use the linker trick, the warning -Wcast-function-type dissapears,
> but in a way that makes impossible to the compiler to get the necessary
> info about function prototypes to insert the commented check. As far I
> know, this linker trick (redirection of a function) is hidden for the
> CFI build.
>
> So, in my opinion, the linker trick is not suitable if we want to protect
> the function pointers of the ftrace subsystem against an attack that
> modifiy the normal flow of the kernel.
The linker trick should only affect architectures that don't implement
the needed features. I can make it so the linker trick is only applied
to those archs, and other archs that want more protection only need to
add these features to their architectures.
It's much less intrusive than this patch.
-- Steve
Powered by blists - more mailing lists