| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220701021042.48037-1-haibo.li@mediatek.com>
Date: Fri, 1 Jul 2022 10:10:42 +0800
From: Haibo Li <haibo.li@...iatek.com>
To: <samitolvanen@...gle.com>
CC: <andrealmeid@...lia.com>, <atomlin@...hat.com>,
<christophe.leroy@...roup.eu>, <dmitry.torokhov@...il.com>,
<haibo.li@...iatek.com>, <jgross@...e.com>,
<keescook@...omium.org>, <lecopzer.chen@...iatek.com>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>,
<linux-mediatek@...ts.infradead.org>, <llvm@...ts.linux.dev>,
<matthias.bgg@...il.com>, <mcgrof@...nel.org>,
<mhiramat@...nel.org>, <nathan@...nel.org>,
<ndesaulniers@...gle.com>, <peterz@...radead.org>,
<xiaoming.yu@...iatek.com>, <yangtiezhu@...ngson.cn>
Subject: Re: [PATCH 1/2] ANDROID: cfi: enable sanitize for cfi.c
> On Thu, Jun 30, 2022 at 2:47 AM Haibo Li <haibo.li@...iatek.com> wrote:
> >
> > currenly,cfi.c is excluded from cfi sanitize because of cfi handler.
> > The side effect is that we can not transfer function pointer to other
> > files which enable cfi sanitize.
> >
> > Enable cfi sanitize for cfi.c and bypass cfi check for
> > __cfi_slowpath_diag
> >
> > Signed-off-by: Haibo Li <haibo.li@...iatek.com>
> > Signed-off-by: Lecopzer Chen <lecopzer.chen@...iatek.com>
> > ---
> > kernel/Makefile | 3 ---
> > kernel/cfi.c | 8 +++++++-
> > 2 files changed, 7 insertions(+), 4 deletions(-)
> >
> > diff --git a/kernel/Makefile b/kernel/Makefile index
> > a7e1f49ab2b3..a997bef1a200 100644
> > --- a/kernel/Makefile
> > +++ b/kernel/Makefile
> > @@ -40,9 +40,6 @@ KCSAN_SANITIZE_kcov.o := n
> UBSAN_SANITIZE_kcov.o :=
> > n CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack)
> > -fno-stack-protector
> >
> > -# Don't instrument error handlers
> > -CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
> > -
> > obj-y += sched/
> > obj-y += locking/
> > obj-y += power/
> > diff --git a/kernel/cfi.c b/kernel/cfi.c index
> > 08102d19ec15..456771c8e454 100644
> > --- a/kernel/cfi.c
> > +++ b/kernel/cfi.c
> > @@ -311,7 +311,7 @@ static inline cfi_check_fn find_check_fn(unsigned
> long ptr)
> > return fn;
> > }
> >
> > -void __cfi_slowpath_diag(uint64_t id, void *ptr, void *diag)
> > +static inline void __nocfi _run_cfi_check(u64 id, void *ptr, void
> > +*diag)
> > {
> > cfi_check_fn fn = find_check_fn((unsigned long)ptr);
> >
> > @@ -320,6 +320,12 @@ void __cfi_slowpath_diag(uint64_t id, void *ptr,
> void *diag)
> > else /* Don't allow unchecked modules */
> > handle_cfi_failure(ptr); }
> > +
> > +void __cfi_slowpath_diag(u64 id, void *ptr, void *diag) {
> > + /*run cfi check without cfi sanitize to avoid calling cfi handler
> recursively*/
> > + _run_cfi_check(id, ptr, diag); }
> > EXPORT_SYMBOL(__cfi_slowpath_diag);
>
> You can just add __nocfi to __cfi_slowpath_diag, right? There's no need for the
> separate function.
You are right.Now there is no requirement for constant crc of __cfi_slowpath_diag.
I will change it later.
Powered by blists - more mailing lists