From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A82172 for ; Wed, 27 Oct 2021 14:38:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=/Z1LSjjxATuKspxn0VwS+AddSpEQQEMWAwB+9QtWo/A=; b=OkNK9AR8pr9DWcIIViUg3PoK7z ZN0B2w5boSWWwN6Pv2E3KJDa3jJmRoBxmD5N2OHm+fh3nbYsSC4m5xq6i0lYRXIcmtlHdD74xMx8d zC+Cu707kT1SV28DvUjI8isbTV4AflPhaCA1TdxQEgEQSRMhao1X4IEpc8dlw56AGJaSQmL4SOl/N NDE5rQddQjZdBy47v/LRWuw+f+Si9QvLNbzXPbenigugnR4niiVstnAlVj/OMAyxZI7bNKSV1um7E GJwoV3OzVI5ahq+eM2nzdXE6spkSb60F8NqA1pm/rkkgmOwg2RmvwFg1LQLir/g/mY9FnGHGxeYnc V4XvcUNg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1mfk2p-0006rV-7L; Wed, 27 Oct 2021 14:36:59 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id D41BF30018E; Wed, 27 Oct 2021 16:36:45 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 8B7762BF47876; Wed, 27 Oct 2021 16:36:45 +0200 (CEST) Date: Wed, 27 Oct 2021 16:36:45 +0200 From: Peter Zijlstra To: Ard Biesheuvel Cc: Mark Rutland , Sami Tolvanen , X86 ML , Kees Cook , Josh Poimboeuf , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , Steven Rostedt , linux-hardening@vger.kernel.org, Linux Kernel Mailing List , llvm@lists.linux.dev Subject: Re: [PATCH v5 00/15] x86: Add support for Clang CFI Message-ID: References: <20211013181658.1020262-1-samitolvanen@google.com> <20211026201622.GG174703@worktop.programming.kicks-ass.net> <20211027120515.GC54628@C02TD0UTHF1T.local> <20211027124852.GK174703@worktop.programming.kicks-ass.net> Precedence: bulk X-Mailing-List: llvm@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Wed, Oct 27, 2021 at 04:18:17PM +0200, Ard Biesheuvel wrote: > On Wed, 27 Oct 2021 at 16:03, Peter Zijlstra wrote: > > /* > > * Turns a Clang CFI jump-table entry into an actual function pointer. > > * These jump-table entries are simply jmp.d32 instruction with their > > * relative offset pointing to the actual function, therefore decode the > > * instruction to find the real function. > > */ > > static __always_inline void *nocfi_ptr(void *func) > > { > > union text_poke_insn insn = *(union text_poke_insn *)func; also, probably, for the paranoid amongst us: if (WARN_ON_ONCE(insn.opcode != JMP32_INSN_OPCODE)) return func; > > return func + sizeof(insn) + insn.disp; > > } > > > > But really, that wants to be a compiler intrinsic. > > Agreed. We could easily do something similar on arm64, but I'd prefer > to avoid that too. Right, because on x86 CET-IBT will force that entry to have a different form (and size), similar on arm64 with BTI. I was thinking the compiler really should implicitly do this conversion when a function pointer is cast to an integer type. But barring that, we really need an intrinsic to perform this. Also, perhaps the compiler should admit it's doing dodgy crap and introduce the notion of address spaces and use the type system to separate these two forms.