lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250411064623.GL9833@noisy.programming.kicks-ass.net>
Date: Fri, 11 Apr 2025 08:46:23 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: Paweł Anikiel <panikiel@...gle.com>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	Kees Cook <kees@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	Ingo Molnar <mingo@...hat.com>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Miguel Ojeda <ojeda@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Alice Ryhl <aliceryhl@...gle.com>,
	Nathan Chancellor <nathan@...nel.org>, x86@...nel.org,
	linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org
Subject: Re: [PATCH] objtool: Detect __nocfi calls

On Thu, Apr 10, 2025 at 12:09:02PM -0700, Josh Poimboeuf wrote:
> On Thu, Apr 10, 2025 at 05:45:56PM +0200, Peter Zijlstra wrote:
> > On Thu, Apr 10, 2025 at 03:25:22PM +0200, Peter Zijlstra wrote:
> > 
> > > I should get objtool to warn about those. They undermine the point of
> > > CFI.
> > 
> > ---
> > Subject: objtool: Detect __nocfi calls
> 
> "Warn on indirect calls in __nocfi functions" ?

Yeah, I suppose that's more accurate.

> >  static int add_retpoline_call(struct objtool_file *file, struct instruction *insn)
> >  {
> > +	struct symbol *sym = insn->sym;
> > +
> > +	/*
> > +	 * kCFI call sites look like:
> > +	 *
> > +	 *     movl $(-0x12345678), %r10d
> > +	 *     addl -4(%r11), %r10d
> > +	 *     jz 1f
> > +	 *     ud2
> > +	 *  1: cs call __x86_indirect_thunk_r11
> > +	 *
> > +	 * Verify all indirect calls are kCFI adorned by checking for the UD2.
> > +	 * Notably, doing __nocfi calls to regular (cfi) functions is broken.
> > +	 */
> > +	if (opts.cfi && sym && sym->type == STT_FUNC && !sym->nocfi) {
> > +		struct instruction *prev = prev_insn_same_sym(file, insn);
> > +		if (!prev || prev->type != INSN_BUG)
> > +			WARN_INSN(insn, "no-cfi indirect call!");
> 
> Since this can break things pretty badly at runtime, this should
> actually fail the build on CONFIG_OBJTOOL_WERROR.

Oh right, I still got to adjust to the new world order here :-)

> The warning counts aren't plumbed in this early, so can this check be
> done later?  validate_retpoline() or validate_call()?

Hmm, let me have a poke around, see what can be done.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ