| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211220140142.922323-2-frederic@kernel.org>
Date: Mon, 20 Dec 2021 15:01:38 +0100
From: Frederic Weisbecker <frederic@...nel.org>
To: LKML <linux-kernel@...r.kernel.org>
Cc: Ard Biesheuvel <ardb@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Peter Zijlstra <peterz@...radead.org>,
Kees Cook <keescook@...omium.org>,
James Morse <james.morse@....com>,
David Laight <David.Laight@...LAB.COM>,
Sami Tolvanen <samitolvanen@...gle.com>,
Frederic Weisbecker <frederic@...nel.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Andy Lutomirski <luto@...nel.org>,
Quentin Perret <qperret@...gle.com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Mark Rutland <mark.rutland@....com>
Subject: [PATCH 1/5] static_call: Use non-function types to refer to the trampolines
From: Ard Biesheuvel <ardb@...nel.org>
In order to prevent CFI enabled code from grabbing a jump table entry
that jumps to the trampoline, rather than the trampoline itself, use an
incomplete non-function type for the trampoline, and cast it to the
right type only when invoking it.
Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>
Signed-off-by: Ard Biesheuvel <ardb@...nel.org>
Cc: Mark Rutland <mark.rutland@....com>
Cc: Quentin Perret <qperret@...gle.com>
Cc: Catalin Marinas <catalin.marinas@....com>
Cc: James Morse <james.morse@....com>
Cc: Will Deacon <will@...nel.org>
Cc: Kees Cook <keescook@...omium.org>
Cc: Sami Tolvanen <samitolvanen@...gle.com>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Steven Rostedt <rostedt@...dmis.org>
Signed-off-by: Frederic Weisbecker <frederic@...nel.org>
---
include/linux/static_call.h | 4 ++--
include/linux/static_call_types.h | 11 ++++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/include/linux/static_call.h b/include/linux/static_call.h
index 3e56a9751c06..616607393273 100644
--- a/include/linux/static_call.h
+++ b/include/linux/static_call.h
@@ -151,7 +151,7 @@ extern void arch_static_call_transform(void *site, void *tramp, void *func, bool
#define static_call_update(name, func) \
({ \
- typeof(&STATIC_CALL_TRAMP(name)) __F = (func); \
+ typeof(&STATIC_CALL_TYPE(name)) __F = (func); \
__static_call_update(&STATIC_CALL_KEY(name), \
STATIC_CALL_TRAMP_ADDR(name), __F); \
})
@@ -306,7 +306,7 @@ static inline void __static_call_nop(void) { }
void *func = READ_ONCE(STATIC_CALL_KEY(name).func); \
if (!func) \
func = &__static_call_nop; \
- (typeof(STATIC_CALL_TRAMP(name))*)func; \
+ (typeof(&STATIC_CALL_TYPE(name)))func; \
})
#define static_call_cond(name) (void)__static_call_cond(name)
diff --git a/include/linux/static_call_types.h b/include/linux/static_call_types.h
index 5a00b8b2cf9f..5e658ef537e4 100644
--- a/include/linux/static_call_types.h
+++ b/include/linux/static_call_types.h
@@ -18,6 +18,9 @@
#define STATIC_CALL_TRAMP(name) __PASTE(STATIC_CALL_TRAMP_PREFIX, name)
#define STATIC_CALL_TRAMP_STR(name) __stringify(STATIC_CALL_TRAMP(name))
+#define STATIC_CALL_TYPE_PREFIX __SCtype__
+#define STATIC_CALL_TYPE(name) __PASTE(STATIC_CALL_TYPE_PREFIX, name)
+
/*
* Flags in the low bits of static_call_site::key.
*/
@@ -36,11 +39,13 @@ struct static_call_site {
#define DECLARE_STATIC_CALL(name, func) \
extern struct static_call_key STATIC_CALL_KEY(name); \
- extern typeof(func) STATIC_CALL_TRAMP(name);
+ extern struct static_call_tramp STATIC_CALL_TRAMP(name); \
+ extern typeof(func) STATIC_CALL_TYPE(name)
#ifdef CONFIG_HAVE_STATIC_CALL
-#define __raw_static_call(name) (&STATIC_CALL_TRAMP(name))
+#define __raw_static_call(name) \
+ ((typeof(&STATIC_CALL_TYPE(name)))&STATIC_CALL_TRAMP(name))
#ifdef CONFIG_HAVE_STATIC_CALL_INLINE
@@ -96,7 +101,7 @@ struct static_call_key {
};
#define static_call(name) \
- ((typeof(STATIC_CALL_TRAMP(name))*)(STATIC_CALL_KEY(name).func))
+ ((typeof(&STATIC_CALL_TYPE(name)))(STATIC_CALL_KEY(name).func))
#endif /* CONFIG_HAVE_STATIC_CALL */
--
2.25.1
Powered by blists - more mailing lists