lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABCJKucgdTqDFyTumSCBHiyRVWgvJEhR2Fn=MxyMpTjWtvCV=Q@mail.gmail.com>
Date:   Thu, 30 Jun 2022 09:19:17 -0700
From:   Sami Tolvanen <samitolvanen@...gle.com>
To:     Haibo Li <haibo.li@...iatek.com>
Cc:     xiaoming.yu@...iatek.com, Kees Cook <keescook@...omium.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Matthias Brugger <matthias.bgg@...il.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Christophe Leroy <christophe.leroy@...roup.eu>,
        André Almeida <andrealmeid@...lia.com>,
        Luis Chamberlain <mcgrof@...nel.org>,
        Juergen Gross <jgross@...e.com>,
        Tiezhu Yang <yangtiezhu@...ngson.cn>,
        Aaron Tomlin <atomlin@...hat.com>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        LKML <linux-kernel@...r.kernel.org>, llvm@...ts.linux.dev,
        linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
        "moderated list:ARM/Mediatek SoC..." 
        <linux-mediatek@...ts.infradead.org>,
        Lecopzer Chen <lecopzer.chen@...iatek.com>
Subject: Re: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c

On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@...iatek.com> wrote:
>
> currenly,cfi.c is excluded from cfi sanitize because of cfi handler.
> The side effect is that we can not transfer function pointer to
> other files which enable cfi sanitize.
>
> Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag
>
> Signed-off-by: Haibo Li <haibo.li@...iatek.com>
> Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
> ---
>  kernel/Makefile | 3 ---
>  kernel/cfi.c    | 8 +++++++-
>  2 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/Makefile b/kernel/Makefile
> index a7e1f49ab2b3..a997bef1a200 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n
>  UBSAN_SANITIZE_kcov.o := n
>  CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector
>
> -# Don't instrument error handlers
> -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
> -
>  obj-y += sched/
>  obj-y += locking/
>  obj-y += power/
> diff --git a/kernel/cfi.c b/kernel/cfi.c
> index 08102d19ec15..456771c8e454 100644
> --- a/kernel/cfi.c
> +++ b/kernel/cfi.c
> @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr)
>         return fn;
>  }
>
> -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag)
>  {
>         cfi_check_fn fn = find_check_fn((unsigned long)ptr);
>
> @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
>         else /* Don't allow unchecked modules */
>                 handle_cfi_failure(ptr);
>  }
> +
> +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag)
> +{
> +       /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/
> +       _run_cfi_check(id, ptr, diag);
> +}
>  EXPORT_SYMBOL(__cfi_slowpath_diag);

You can just add __nocfi to __cfi_slowpath_diag, right? There's no
need for the separate function.

Sami

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ