[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210408182843.1754385-16-samitolvanen@google.com>
Date: Thu, 8 Apr 2021 11:28:40 -0700
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Masahiro Yamada <masahiroy@...nel.org>,
Will Deacon <will@...nel.org>, Jessica Yu <jeyu@...nel.org>,
Arnd Bergmann <arnd@...db.de>, Tejun Heo <tj@...nel.org>,
"Paul E. McKenney" <paulmck@...nel.org>,
Christoph Hellwig <hch@...radead.org>,
Peter Zijlstra <peterz@...radead.org>,
Sedat Dilek <sedat.dilek@...il.com>,
Mark Rutland <mark.rutland@....com>,
Catalin Marinas <catalin.marinas@....com>, bpf@...r.kernel.org,
linux-hardening@...r.kernel.org, linux-arch@...r.kernel.org,
linux-arm-kernel@...ts.infradead.org, linux-kbuild@...r.kernel.org,
linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org,
clang-built-linux@...glegroups.com,
Sami Tolvanen <samitolvanen@...gle.com>
Subject: [PATCH v6 15/18] arm64: add __nocfi to __apply_alternatives
__apply_alternatives makes indirect calls to functions whose address
is taken in assembly code using the alternative_cb macro. With
non-canonical CFI, the compiler won't replace these function
references with the jump table addresses, which trips CFI. Disable CFI
checking in the function to work around the issue.
Signed-off-by: Sami Tolvanen <samitolvanen@...gle.com>
Reviewed-by: Kees Cook <keescook@...omium.org>
Tested-by: Nathan Chancellor <nathan@...nel.org>
---
arch/arm64/kernel/alternative.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/kernel/alternative.c b/arch/arm64/kernel/alternative.c
index 1184c44ea2c7..abc84636af07 100644
--- a/arch/arm64/kernel/alternative.c
+++ b/arch/arm64/kernel/alternative.c
@@ -133,8 +133,8 @@ static void clean_dcache_range_nopatch(u64 start, u64 end)
} while (cur += d_size, cur < end);
}
-static void __apply_alternatives(void *alt_region, bool is_module,
- unsigned long *feature_mask)
+static void __nocfi __apply_alternatives(void *alt_region, bool is_module,
+ unsigned long *feature_mask)
{
struct alt_instr *alt;
struct alt_region *region = alt_region;
--
2.31.1.295.g9ea45b61b8-goog
Powered by blists - more mailing lists