| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABCJKucgdTqDFyTumSCBHiyRVWgvJEhR2Fn=MxyMpTjWtvCV=Q@mail.gmail.com>
Date: Thu, 30 Jun 2022 09:19:17 -0700
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Haibo Li <haibo.li@...iatek.com>
Cc: xiaoming.yu@...iatek.com, Kees Cook <keescook@...omium.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Matthias Brugger <matthias.bgg@...il.com>,
Peter Zijlstra <peterz@...radead.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Christophe Leroy <christophe.leroy@...roup.eu>,
André Almeida <andrealmeid@...lia.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Juergen Gross <jgross@...e.com>,
Tiezhu Yang <yangtiezhu@...ngson.cn>,
Aaron Tomlin <atomlin@...hat.com>,
Dmitry Torokhov <dmitry.torokhov@...il.com>,
LKML <linux-kernel@...r.kernel.org>, llvm@...ts.linux.dev,
linux-arm-kernel <linux-arm-kernel@...ts.infradead.org>,
"moderated list:ARM/Mediatek SoC..."
<linux-mediatek@...ts.infradead.org>,
Lecopzer Chen <lecopzer.chen@...iatek.com>
Subject: Re: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c
On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@...iatek.com> wrote:
>
> currenly,cfi.c is excluded from cfi sanitize because of cfi handler.
> The side effect is that we can not transfer function pointer to
> other files which enable cfi sanitize.
>
> Enable cfi sanitize for cfi.c and bypass cfi check for __cfi_slowpath_diag
>
> Signed-off-by: Haibo Li <haibo.li@...iatek.com>
> Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
> ---
> kernel/Makefile | 3 ---
> kernel/cfi.c | 8 +++++++-
> 2 files changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/Makefile b/kernel/Makefile
> index a7e1f49ab2b3..a997bef1a200 100644
> --- a/kernel/Makefile
> +++ b/kernel/Makefile
> @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n
> UBSAN_SANITIZE_kcov.o := n
> CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector
>
> -# Don't instrument error handlers
> -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
> -
> obj-y += sched/
> obj-y += locking/
> obj-y += power/
> diff --git a/kernel/cfi.c b/kernel/cfi.c
> index 08102d19ec15..456771c8e454 100644
> --- a/kernel/cfi.c
> +++ b/kernel/cfi.c
> @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned long ptr)
> return fn;
> }
>
> -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void *diag)
> {
> cfi_check_fn fn = find_check_fn((unsigned long)ptr);
>
> @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> else /* Don't allow unchecked modules */
> handle_cfi_failure(ptr);
> }
> +
> +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag)
> +{
> + /*run cfi check without cfi sanitize to avoid calling cfi handler recursively*/
> + _run_cfi_check(id, ptr, diag);
> +}
> EXPORT_SYMBOL(__cfi_slowpath_diag);
You can just add __nocfi to __cfi_slowpath_diag, right? There's no
need for the separate function.
Sami
Powered by blists - more mailing lists