* [PATCH] x86: use the correct function type for native_set_fixmap
@ 2019-09-13 21:14 Sami Tolvanen
2019-09-23 23:27 ` Kees Cook
2019-10-11 11:22 ` [tip: x86/entry] x86/mm: Use the correct function type for native_set_fixmap() tip-bot2 for Sami Tolvanen
0 siblings, 2 replies; 5+ messages in thread
From: Sami Tolvanen @ 2019-09-13 21:14 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Kees Cook
Cc: x86, linux-kernel, Sami Tolvanen
We call native_set_fixmap indirectly through the function pointer
struct pv_mmu_ops::set_fixmap, which expects the first parameter to be
'unsigned' instead of 'enum fixed_addresses'. This patch changes the
function type for native_set_fixmap to match the pointer, which fixes
indirect call mismatches with Control-Flow Integrity (CFI) checking.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
---
arch/x86/include/asm/fixmap.h | 2 +-
arch/x86/mm/pgtable.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
index 9da8cccdf3fb..6a295acd3de6 100644
--- a/arch/x86/include/asm/fixmap.h
+++ b/arch/x86/include/asm/fixmap.h
@@ -157,7 +157,7 @@ extern pte_t *kmap_pte;
extern pte_t *pkmap_page_table;
void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
-void native_set_fixmap(enum fixed_addresses idx,
+void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
phys_addr_t phys, pgprot_t flags);
#ifndef CONFIG_PARAVIRT_XXL
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index 44816ff6411f..d0ad35e3de74 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -647,8 +647,8 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
fixmaps_set++;
}
-void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys,
- pgprot_t flags)
+void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
+ phys_addr_t phys, pgprot_t flags)
{
/* Sanitize 'prot' against any unsupported bits: */
pgprot_val(flags) &= __default_kernel_pte_mask;
--
2.23.0.237.gc6a4ce50a0-goog
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] x86: use the correct function type for native_set_fixmap
2019-09-13 21:14 [PATCH] x86: use the correct function type for native_set_fixmap Sami Tolvanen
@ 2019-09-23 23:27 ` Kees Cook
2019-09-24 19:51 ` Sami Tolvanen
2019-10-11 11:22 ` [tip: x86/entry] x86/mm: Use the correct function type for native_set_fixmap() tip-bot2 for Sami Tolvanen
1 sibling, 1 reply; 5+ messages in thread
From: Kees Cook @ 2019-09-23 23:27 UTC (permalink / raw)
To: Sami Tolvanen
Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
x86, linux-kernel
On Fri, Sep 13, 2019 at 02:14:02PM -0700, Sami Tolvanen wrote:
> We call native_set_fixmap indirectly through the function pointer
> struct pv_mmu_ops::set_fixmap, which expects the first parameter to be
> 'unsigned' instead of 'enum fixed_addresses'. This patch changes the
> function type for native_set_fixmap to match the pointer, which fixes
> indirect call mismatches with Control-Flow Integrity (CFI) checking.
>
> Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Is it correct that pv_mmu_ops can't be changed since this is an external
API?
Assuming so, then:
Reviewed-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> arch/x86/include/asm/fixmap.h | 2 +-
> arch/x86/mm/pgtable.c | 4 ++--
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
> index 9da8cccdf3fb..6a295acd3de6 100644
> --- a/arch/x86/include/asm/fixmap.h
> +++ b/arch/x86/include/asm/fixmap.h
> @@ -157,7 +157,7 @@ extern pte_t *kmap_pte;
> extern pte_t *pkmap_page_table;
>
> void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
> -void native_set_fixmap(enum fixed_addresses idx,
> +void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
> phys_addr_t phys, pgprot_t flags);
>
> #ifndef CONFIG_PARAVIRT_XXL
> diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
> index 44816ff6411f..d0ad35e3de74 100644
> --- a/arch/x86/mm/pgtable.c
> +++ b/arch/x86/mm/pgtable.c
> @@ -647,8 +647,8 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
> fixmaps_set++;
> }
>
> -void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys,
> - pgprot_t flags)
> +void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
> + phys_addr_t phys, pgprot_t flags)
> {
> /* Sanitize 'prot' against any unsupported bits: */
> pgprot_val(flags) &= __default_kernel_pte_mask;
> --
> 2.23.0.237.gc6a4ce50a0-goog
>
--
Kees Cook
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] x86: use the correct function type for native_set_fixmap
2019-09-23 23:27 ` Kees Cook
@ 2019-09-24 19:51 ` Sami Tolvanen
2019-10-08 22:18 ` Sami Tolvanen
0 siblings, 1 reply; 5+ messages in thread
From: Sami Tolvanen @ 2019-09-24 19:51 UTC (permalink / raw)
To: Kees Cook
Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
X86 ML, LKML
On Mon, Sep 23, 2019 at 4:28 PM Kees Cook <keescook@chromium.org> wrote:
> Is it correct that pv_mmu_ops can't be changed since this is an external
> API?
Someone else probably knows better, but yes, we could also fix this by
changing set_fixmap to accept enum fixed_addresses as the first
parameter, and changing the type of xen_set_fixmap instead.
Sami
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] x86: use the correct function type for native_set_fixmap
2019-09-24 19:51 ` Sami Tolvanen
@ 2019-10-08 22:18 ` Sami Tolvanen
0 siblings, 0 replies; 5+ messages in thread
From: Sami Tolvanen @ 2019-10-08 22:18 UTC (permalink / raw)
To: Kees Cook
Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
X86 ML, LKML
On Tue, Sep 24, 2019 at 12:51 PM Sami Tolvanen <samitolvanen@google.com> wrote:
> Someone else probably knows better, but yes, we could also fix this by
> changing set_fixmap to accept enum fixed_addresses as the first
> parameter, and changing the type of xen_set_fixmap instead.
This approach is actually more problematic since we cannot forward
declare an enum in C and including <asm/fixmap.h> here results in a
ton of other missing dependencies. I assume this is why the callback
function accepts unsigned in the first place.
Sami
^ permalink raw reply [flat|nested] 5+ messages in thread
* [tip: x86/entry] x86/mm: Use the correct function type for native_set_fixmap()
2019-09-13 21:14 [PATCH] x86: use the correct function type for native_set_fixmap Sami Tolvanen
2019-09-23 23:27 ` Kees Cook
@ 2019-10-11 11:22 ` tip-bot2 for Sami Tolvanen
1 sibling, 0 replies; 5+ messages in thread
From: tip-bot2 for Sami Tolvanen @ 2019-10-11 11:22 UTC (permalink / raw)
To: linux-tip-commits
Cc: Sami Tolvanen, Kees Cook, Andy Lutomirski, Borislav Petkov,
Dave Hansen, H . Peter Anvin, Linus Torvalds, Peter Zijlstra,
Rik van Riel, Thomas Gleixner, Ingo Molnar, linux-kernel
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: f53e2cd0b8ab7d9e390414470bdbd830f660133f
Gitweb: https://git.kernel.org/tip/f53e2cd0b8ab7d9e390414470bdbd830f660133f
Author: Sami Tolvanen <samitolvanen@google.com>
AuthorDate: Fri, 13 Sep 2019 14:14:02 -07:00
Committer: Ingo Molnar <mingo@kernel.org>
CommitterDate: Fri, 11 Oct 2019 12:52:32 +02:00
x86/mm: Use the correct function type for native_set_fixmap()
We call native_set_fixmap indirectly through the function pointer
struct pv_mmu_ops::set_fixmap, which expects the first parameter to be
'unsigned' instead of 'enum fixed_addresses'. This patch changes the
function type for native_set_fixmap to match the pointer, which fixes
indirect call mismatches with Control-Flow Integrity (CFI) checking.
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: H . Peter Anvin <hpa@zytor.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@surriel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190913211402.193018-1-samitolvanen@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
arch/x86/include/asm/fixmap.h | 2 +-
arch/x86/mm/pgtable.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
index 0c47aa8..28183ee 100644
--- a/arch/x86/include/asm/fixmap.h
+++ b/arch/x86/include/asm/fixmap.h
@@ -156,7 +156,7 @@ extern pte_t *kmap_pte;
extern pte_t *pkmap_page_table;
void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
-void native_set_fixmap(enum fixed_addresses idx,
+void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
phys_addr_t phys, pgprot_t flags);
#ifndef CONFIG_PARAVIRT_XXL
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
index 3e4b903..7bd2c3a 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
@@ -643,8 +643,8 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
fixmaps_set++;
}
-void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys,
- pgprot_t flags)
+void native_set_fixmap(unsigned /* enum fixed_addresses */ idx,
+ phys_addr_t phys, pgprot_t flags)
{
/* Sanitize 'prot' against any unsupported bits: */
pgprot_val(flags) &= __default_kernel_pte_mask;
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-10-11 11:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-13 21:14 [PATCH] x86: use the correct function type for native_set_fixmap Sami Tolvanen
2019-09-23 23:27 ` Kees Cook
2019-09-24 19:51 ` Sami Tolvanen
2019-10-08 22:18 ` Sami Tolvanen
2019-10-11 11:22 ` [tip: x86/entry] x86/mm: Use the correct function type for native_set_fixmap() tip-bot2 for Sami Tolvanen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.