lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202104261141.5B699FE@keescook>
Date:   Mon, 26 Apr 2021 12:12:21 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, Ben Dai <ben.dai@...soc.com>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Christoph Hellwig <hch@....de>,
        Jack Pham <jackp@...eaurora.org>, Jessica Yu <jeyu@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Mark Rutland <mark.rutland@....com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Sami Tolvanen <samitolvanen@...gle.com>
Subject: [GIT PULL] CFI on arm64 series for v5.13-rc1

Hi Linus,

Please pull this CFI-on-arm64 series for v5.13-rc1. This builds on last
cycle's LTO work, and allows the arm64 kernels to be built with Clang's
Control Flow Integrity feature. This feature has happily lived in Android
kernels for almost 3 years[1], so I'm excited to have it ready for upstream.

While in -next, it gained one small conflict when the prototype for
arm64's __apply_alternatives() got tweaked:
https://lore.kernel.org/linux-next/20210426103433.01f527e0@canb.auug.org.au/

The wide diffstat is mainly due to the treewide fixing of mismatched
list_sort prototypes. Other things in core kernel are to address
various CFI corner cases. The largest code portion is the CFI runtime
implementation itself (which will be shared by all architectures
implementing support for CFI). The arm64 pieces are Acked by arm64
maintainers rather than coming through the arm64 tree since carrying
this tree over there was going to be awkward.

CFI support for x86 is still under development, but is pretty close.
There are a handful of corner cases on x86 that need some improvements
to Clang and objtool, but otherwise works well.

Finally, before your grep finds the panic() in this series, I'd like to
call your attention to CONFIG_CFI_PERMISSIVE which exists to provide
the WARN-only mode for CFI, useful for system builders exploring this
feature before they enable the "kill my machine" mode, which is the mode
used by Android (and by other folks enabling CFI as a meaningful defense).

Thanks!

-Kees

[1] https://android-developers.googleblog.com/2018/10/control-flow-integrity-in-android-kernel.html

The following changes since commit e49d033bddf5b565044e2abe4241353959bc9120:

  Linux 5.12-rc6 (2021-04-04 14:15:36 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/cfi-v5.13-rc1

for you to fetch changes up to 9186ad8e66bab6a1edc66a939dd56c4638cda948:

  arm64: allow CONFIG_CFI_CLANG to be selected (2021-04-08 16:04:23 -0700)

----------------------------------------------------------------
CFI on arm64 series for v5.13-rc1

- Clean up list_sort prototypes (Sami Tolvanen)

- Introduce CONFIG_CFI_CLANG for arm64 (Sami Tolvanen)

----------------------------------------------------------------
Sami Tolvanen (18):
      add support for Clang CFI
      cfi: add __cficanonical
      mm: add generic function_nocfi macro
      module: ensure __cfi_check alignment
      workqueue: use WARN_ON_FUNCTION_MISMATCH
      kthread: use WARN_ON_FUNCTION_MISMATCH
      kallsyms: strip ThinLTO hashes from static functions
      bpf: disable CFI in dispatcher functions
      treewide: Change list_sort to use const pointers
      lkdtm: use function_nocfi
      psci: use function_nocfi for cpu_resume
      arm64: implement function_nocfi
      arm64: use function_nocfi with __pa_symbol
      arm64: add __nocfi to functions that jump to a physical address
      arm64: add __nocfi to __apply_alternatives
      arm64: ftrace: use function_nocfi for ftrace_call
      KVM: arm64: Disable CFI for nVHE
      arm64: allow CONFIG_CFI_CLANG to be selected

 Makefile                                           |  17 ++
 arch/Kconfig                                       |  45 +++
 arch/arm64/Kconfig                                 |   1 +
 arch/arm64/include/asm/memory.h                    |  16 +
 arch/arm64/include/asm/mmu_context.h               |   4 +-
 arch/arm64/kernel/acpi_parking_protocol.c          |   3 +-
 arch/arm64/kernel/alternative.c                    |   4 +-
 arch/arm64/kernel/cpu-reset.h                      |  10 +-
 arch/arm64/kernel/cpufeature.c                     |   4 +-
 arch/arm64/kernel/ftrace.c                         |   2 +-
 arch/arm64/kernel/psci.c                           |   3 +-
 arch/arm64/kernel/smp_spin_table.c                 |   3 +-
 arch/arm64/kvm/hyp/nvhe/Makefile                   |   6 +-
 arch/arm64/kvm/vgic/vgic-its.c                     |   8 +-
 arch/arm64/kvm/vgic/vgic.c                         |   3 +-
 block/blk-mq-sched.c                               |   3 +-
 block/blk-mq.c                                     |   3 +-
 drivers/acpi/nfit/core.c                           |   3 +-
 drivers/acpi/numa/hmat.c                           |   3 +-
 drivers/clk/keystone/sci-clk.c                     |   4 +-
 drivers/firmware/psci/psci.c                       |   7 +-
 drivers/gpu/drm/drm_modes.c                        |   3 +-
 drivers/gpu/drm/i915/gt/intel_engine_user.c        |   3 +-
 drivers/gpu/drm/i915/gvt/debugfs.c                 |   2 +-
 drivers/gpu/drm/i915/selftests/i915_gem_gtt.c      |   3 +-
 drivers/gpu/drm/radeon/radeon_cs.c                 |   4 +-
 .../infiniband/hw/usnic/usnic_uiom_interval_tree.c |   3 +-
 drivers/interconnect/qcom/bcm-voter.c              |   2 +-
 drivers/md/raid5.c                                 |   3 +-
 drivers/misc/lkdtm/usercopy.c                      |   2 +-
 drivers/misc/sram.c                                |   4 +-
 drivers/nvme/host/core.c                           |   3 +-
 drivers/pci/controller/cadence/pcie-cadence-host.c |   3 +-
 drivers/spi/spi-loopback-test.c                    |   3 +-
 fs/btrfs/raid56.c                                  |   3 +-
 fs/btrfs/tree-log.c                                |   3 +-
 fs/btrfs/volumes.c                                 |   3 +-
 fs/ext4/fsmap.c                                    |   4 +-
 fs/gfs2/glock.c                                    |   3 +-
 fs/gfs2/log.c                                      |   2 +-
 fs/gfs2/lops.c                                     |   3 +-
 fs/iomap/buffered-io.c                             |   3 +-
 fs/ubifs/gc.c                                      |   7 +-
 fs/ubifs/replay.c                                  |   4 +-
 fs/xfs/scrub/bitmap.c                              |   4 +-
 fs/xfs/xfs_bmap_item.c                             |   4 +-
 fs/xfs/xfs_buf.c                                   |   6 +-
 fs/xfs/xfs_extent_busy.c                           |   4 +-
 fs/xfs/xfs_extent_busy.h                           |   3 +-
 fs/xfs/xfs_extfree_item.c                          |   4 +-
 fs/xfs/xfs_refcount_item.c                         |   4 +-
 fs/xfs/xfs_rmap_item.c                             |   4 +-
 include/asm-generic/bug.h                          |  16 +
 include/asm-generic/vmlinux.lds.h                  |  20 +-
 include/linux/bpf.h                                |   4 +-
 include/linux/cfi.h                                |  41 +++
 include/linux/compiler-clang.h                     |   3 +
 include/linux/compiler_types.h                     |   8 +
 include/linux/init.h                               |   6 +-
 include/linux/list_sort.h                          |   7 +-
 include/linux/mm.h                                 |  10 +
 include/linux/module.h                             |  13 +-
 include/linux/pci.h                                |   4 +-
 init/Kconfig                                       |   2 +-
 kernel/Makefile                                    |   4 +
 kernel/cfi.c                                       | 329 +++++++++++++++++++++
 kernel/kallsyms.c                                  |  55 +++-
 kernel/kthread.c                                   |   3 +-
 kernel/module.c                                    |  43 +++
 kernel/workqueue.c                                 |   2 +-
 lib/list_sort.c                                    |  17 +-
 lib/test_list_sort.c                               |   3 +-
 net/tipc/name_table.c                              |   4 +-
 scripts/Makefile.modfinal                          |   2 +-
 scripts/module.lds.S                               |  19 +-
 75 files changed, 760 insertions(+), 113 deletions(-)
 create mode 100644 include/linux/cfi.h
 create mode 100644 kernel/cfi.c

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ