linux-pci.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Peter Collingbourne <pcc@google.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
	Kees Cook <keescook@chromium.org>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Will Deacon <will@kernel.org>, Jessica Yu <jeyu@kernel.org>,
	Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>,
	"Paul E. McKenney" <paulmck@kernel.org>,
	Christoph Hellwig <hch@infradead.org>,
	Peter Zijlstra <peterz@infradead.org>, bpf <bpf@vger.kernel.org>,
	linux-hardening@vger.kernel.org,
	linux-arch <linux-arch@vger.kernel.org>,
	linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
	linux-kbuild <linux-kbuild@vger.kernel.org>,
	PCI <linux-pci@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 12/17] arm64: implement __va_function
Date: Thu, 25 Mar 2021 17:03:08 -0700	[thread overview]
Message-ID: <CAMn1gO6EvzG0WtTyoARjuYhuPxPokVAMbqX-756XLOgRD6audw@mail.gmail.com> (raw)
In-Reply-To: <CABCJKud_VC_vAn_7PdZzDja0gpk5ych0CBJpBw45pvivFoePgQ@mail.gmail.com>

On Thu, Mar 25, 2021 at 4:28 PM Sami Tolvanen <samitolvanen@google.com> wrote:
>
> On Thu, Mar 25, 2021 at 3:38 AM Mark Rutland <mark.rutland@arm.com> wrote:
> >
> > On Tue, Mar 23, 2021 at 01:39:41PM -0700, Sami Tolvanen wrote:
> > > With CONFIG_CFI_CLANG, the compiler replaces function addresses in
> > > instrumented C code with jump table addresses. This change implements
> > > the __va_function() macro, which returns the actual function address
> > > instead.
> > >
> > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> > > Reviewed-by: Kees Cook <keescook@chromium.org>
> >
> > Is there really no attribute or builtin that can be used to do this
> > without assembly?
>
> I don't think the compiler currently offers anything that could help
> us here. Peter, can you think of another way to avoid the function
> address to jump table address conversion with
> -fno-sanitize-cfi-canonical-jump-tables?

No, the assembly seems like the best way at the moment.

> > IIUC from other patches the symbol tables will contain the "real"
> > non-cfi entry points (unless we explciitly asked to make the jump table
> > address canonical), so AFAICT here the compiler should have all the
> > necessary information to generate either the CFI or non-CFI entry point
> > addresses, even if it doesn't expose an interface for that today.
> >
> > It'd be a lot nicer if we could get the compiler to do this for us.
>
> I agree, that would be quite useful in the kernel.

Maybe. The kernel's requirements seem quite specialized here though. A
normal C or C++ program has little need for the actual entry point, so
if you need it you are probably doing something low level enough to
require assembly anyway.

Peter

  reply	other threads:[~2021-03-26  0:03 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-23 20:39 [PATCH v3 00/17] Add support for Clang CFI Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 01/17] add " Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 02/17] cfi: add __cficanonical Sami Tolvanen
2021-03-24 15:31   ` Rasmus Villemoes
2021-03-24 16:38     ` Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 03/17] mm: add generic __va_function and __pa_function macros Sami Tolvanen
2021-03-24  7:13   ` Christoph Hellwig
2021-03-24 15:54     ` Sami Tolvanen
2021-03-25 10:16       ` Mark Rutland
2021-03-25 23:17         ` Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 04/17] module: ensure __cfi_check alignment Sami Tolvanen
2021-03-26  4:34   ` Kees Cook
2021-03-29  9:26   ` Jessica Yu
2021-03-23 20:39 ` [PATCH v3 05/17] workqueue: use WARN_ON_FUNCTION_MISMATCH Sami Tolvanen
2021-03-26  4:34   ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 06/17] kthread: " Sami Tolvanen
2021-03-26  4:35   ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 07/17] kallsyms: strip ThinLTO hashes from static functions Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 08/17] bpf: disable CFI in dispatcher functions Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 09/17] treewide: Change list_sort to use const pointers Sami Tolvanen
2021-03-23 21:28   ` Nick Desaulniers
2021-03-24  7:10   ` Christoph Hellwig
2021-03-26  4:35   ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 10/17] lkdtm: use __va_function Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 11/17] psci: use __pa_function for cpu_resume Sami Tolvanen
2021-03-25 10:23   ` Mark Rutland
2021-03-23 20:39 ` [PATCH v3 12/17] arm64: implement __va_function Sami Tolvanen
2021-03-25 10:37   ` Mark Rutland
2021-03-25 23:27     ` Sami Tolvanen
2021-03-26  0:03       ` Peter Collingbourne [this message]
2021-03-23 20:39 ` [PATCH v3 13/17] arm64: use __pa_function Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 14/17] arm64: add __nocfi to functions that jump to a physical address Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 15/17] arm64: add __nocfi to __apply_alternatives Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 16/17] KVM: arm64: Disable CFI for nVHE Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 17/17] arm64: allow CONFIG_CFI_CLANG to be selected Sami Tolvanen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMn1gO6EvzG0WtTyoARjuYhuPxPokVAMbqX-756XLOgRD6audw@mail.gmail.com \
    --to=pcc@google.com \
    --cc=arnd@arndb.de \
    --cc=bpf@vger.kernel.org \
    --cc=hch@infradead.org \
    --cc=jeyu@kernel.org \
    --cc=keescook@chromium.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=masahiroy@kernel.org \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=paulmck@kernel.org \
    --cc=peterz@infradead.org \
    --cc=samitolvanen@google.com \
    --cc=tj@kernel.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).