From: Peter Collingbourne <pcc@google.com>
To: Sami Tolvanen <samitolvanen@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>,
Kees Cook <keescook@chromium.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Masahiro Yamada <masahiroy@kernel.org>,
Will Deacon <will@kernel.org>, Jessica Yu <jeyu@kernel.org>,
Arnd Bergmann <arnd@arndb.de>, Tejun Heo <tj@kernel.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Christoph Hellwig <hch@infradead.org>,
Peter Zijlstra <peterz@infradead.org>, bpf <bpf@vger.kernel.org>,
linux-hardening@vger.kernel.org,
linux-arch <linux-arch@vger.kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
linux-kbuild <linux-kbuild@vger.kernel.org>,
PCI <linux-pci@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 12/17] arm64: implement __va_function
Date: Thu, 25 Mar 2021 17:03:08 -0700 [thread overview]
Message-ID: <CAMn1gO6EvzG0WtTyoARjuYhuPxPokVAMbqX-756XLOgRD6audw@mail.gmail.com> (raw)
In-Reply-To: <CABCJKud_VC_vAn_7PdZzDja0gpk5ych0CBJpBw45pvivFoePgQ@mail.gmail.com>
On Thu, Mar 25, 2021 at 4:28 PM Sami Tolvanen <samitolvanen@google.com> wrote:
>
> On Thu, Mar 25, 2021 at 3:38 AM Mark Rutland <mark.rutland@arm.com> wrote:
> >
> > On Tue, Mar 23, 2021 at 01:39:41PM -0700, Sami Tolvanen wrote:
> > > With CONFIG_CFI_CLANG, the compiler replaces function addresses in
> > > instrumented C code with jump table addresses. This change implements
> > > the __va_function() macro, which returns the actual function address
> > > instead.
> > >
> > > Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
> > > Reviewed-by: Kees Cook <keescook@chromium.org>
> >
> > Is there really no attribute or builtin that can be used to do this
> > without assembly?
>
> I don't think the compiler currently offers anything that could help
> us here. Peter, can you think of another way to avoid the function
> address to jump table address conversion with
> -fno-sanitize-cfi-canonical-jump-tables?
No, the assembly seems like the best way at the moment.
> > IIUC from other patches the symbol tables will contain the "real"
> > non-cfi entry points (unless we explciitly asked to make the jump table
> > address canonical), so AFAICT here the compiler should have all the
> > necessary information to generate either the CFI or non-CFI entry point
> > addresses, even if it doesn't expose an interface for that today.
> >
> > It'd be a lot nicer if we could get the compiler to do this for us.
>
> I agree, that would be quite useful in the kernel.
Maybe. The kernel's requirements seem quite specialized here though. A
normal C or C++ program has little need for the actual entry point, so
if you need it you are probably doing something low level enough to
require assembly anyway.
Peter
next prev parent reply other threads:[~2021-03-26 0:03 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 20:39 [PATCH v3 00/17] Add support for Clang CFI Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 01/17] add " Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 02/17] cfi: add __cficanonical Sami Tolvanen
2021-03-24 15:31 ` Rasmus Villemoes
2021-03-24 16:38 ` Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 03/17] mm: add generic __va_function and __pa_function macros Sami Tolvanen
2021-03-24 7:13 ` Christoph Hellwig
2021-03-24 15:54 ` Sami Tolvanen
2021-03-25 10:16 ` Mark Rutland
2021-03-25 23:17 ` Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 04/17] module: ensure __cfi_check alignment Sami Tolvanen
2021-03-26 4:34 ` Kees Cook
2021-03-29 9:26 ` Jessica Yu
2021-03-23 20:39 ` [PATCH v3 05/17] workqueue: use WARN_ON_FUNCTION_MISMATCH Sami Tolvanen
2021-03-26 4:34 ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 06/17] kthread: " Sami Tolvanen
2021-03-26 4:35 ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 07/17] kallsyms: strip ThinLTO hashes from static functions Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 08/17] bpf: disable CFI in dispatcher functions Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 09/17] treewide: Change list_sort to use const pointers Sami Tolvanen
2021-03-23 21:28 ` Nick Desaulniers
2021-03-24 7:10 ` Christoph Hellwig
2021-03-26 4:35 ` Kees Cook
2021-03-23 20:39 ` [PATCH v3 10/17] lkdtm: use __va_function Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 11/17] psci: use __pa_function for cpu_resume Sami Tolvanen
2021-03-25 10:23 ` Mark Rutland
2021-03-23 20:39 ` [PATCH v3 12/17] arm64: implement __va_function Sami Tolvanen
2021-03-25 10:37 ` Mark Rutland
2021-03-25 23:27 ` Sami Tolvanen
2021-03-26 0:03 ` Peter Collingbourne [this message]
2021-03-23 20:39 ` [PATCH v3 13/17] arm64: use __pa_function Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 14/17] arm64: add __nocfi to functions that jump to a physical address Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 15/17] arm64: add __nocfi to __apply_alternatives Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 16/17] KVM: arm64: Disable CFI for nVHE Sami Tolvanen
2021-03-23 20:39 ` [PATCH v3 17/17] arm64: allow CONFIG_CFI_CLANG to be selected Sami Tolvanen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMn1gO6EvzG0WtTyoARjuYhuPxPokVAMbqX-756XLOgRD6audw@mail.gmail.com \
--to=pcc@google.com \
--cc=arnd@arndb.de \
--cc=bpf@vger.kernel.org \
--cc=hch@infradead.org \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=masahiroy@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
--cc=tj@kernel.org \
--cc=will@kernel.org \
--subject='Re: [PATCH v3 12/17] arm64: implement __va_function' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).