Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1567739ybh; Thu, 23 Jul 2020 12:08:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwj9bQ3lsTdtLVwtFM2M5L8uSmx+c2gNFAJHDom1VTwPtq7rGRB4PFynohA6Tze2OuAlIqq X-Received: by 2002:a17:906:1356:: with SMTP id x22mr5898348ejb.429.1595531303209; Thu, 23 Jul 2020 12:08:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595531303; cv=none; d=google.com; s=arc-20160816; b=BqQsGe3i0cGnRSnh7EqiLfAXenoN7+F8qK7dYwrSaylyob+EO2I1WvopEgtusrhOC1 p6NsWEgCfS8F9l5vrwlE70Ot8YSpcnSjdEDhUipfj4EhzCu+RI3sqw5x55nIWRxWt66n 16ymG7GbOtDbVI6ALzQo4gZJf+D2sKinVsRTy5TG8kilSfHSroVLMrLqnUziZxzfPZHB Sd9F3S17DOxBCaW4ZTMc/6G3aHwJmOFaAU8AGZc7R8Prqr/csIU+07ZVJVhAhZpSgqKM zRutted+yK/YW+r1oAgwiYC8Mbp3ijcrQ8Pev/E2OyTBux/HoBjHan7OMbzv/fDC8qBS jXiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=fmy4tO1tW/yB2p+/DBGuPfpuvcNIPQV/6jKnfwUymaM=; b=IjyINZNvVD+i2UO3dcAMfmDPdBKPqTPm0Zxl9Fexor9E5CfmHYv8UVbWzHYnTrUb+l dCyRjqO2tRtorFxB54tY4RWvYR4d1TSO9xRHWv6FaRHZbKkhgSIVijMcLSNzLwSTyWJn URVj+h2pOgFfFVzZJmm4snuMXKX8XrUqtxNtfIUBCGYcslcuXz0vZOUVlPPNX7G021EG dtTZkhizmo7ivBCOQE/hIJgSnhCiZHb2p5ISXWtaEMaSEiKZ9rn1BY1DOfjoJWfTnCuT ZR40COVM16al5+Uo8t4HacVFNqIxersgeJYUo4555TkEvVthVnYrILhHt9/f9EDG2JhS MBfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="uJ/LXXd4"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si2419194ejs.114.2020.07.23.12.08.00; Thu, 23 Jul 2020 12:08:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="uJ/LXXd4"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726617AbgGWTHe (ORCPT + 99 others); Thu, 23 Jul 2020 15:07:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726918AbgGWTHd (ORCPT ); Thu, 23 Jul 2020 15:07:33 -0400 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6724C0619E2 for ; Thu, 23 Jul 2020 12:07:32 -0700 (PDT) Received: by mail-pl1-x644.google.com with SMTP id p1so2999465pls.4 for ; Thu, 23 Jul 2020 12:07:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=fmy4tO1tW/yB2p+/DBGuPfpuvcNIPQV/6jKnfwUymaM=; b=uJ/LXXd4WW3t/V9uP1pvh2+w7xCfmHmmU2q2MX994uvmdMhyUpnBd6wtTkFWVeSiVn fni2Skynmv78aJ9rstIyOgTssb4uBzBQL6YPmxb5SzQaGZtm2sB0Ln7Qk9r6vt5a/SEE gYzQRW0K8FC5lX9W9+bz+gbIOgybElEHRuMxxBvv7T+TJKJnGfXHkIe/b2UFhfrjNnt8 hmvs/pCT8mt2wp6eGsvntxKg2m7zjG9IalAT3RXT7FCW3qu0zRZl84tHISI7JSF/JPwL M06pYkfoNbZamtdmUh5GU20hgxfU9YBtWQ50on6QDjz/h882N3ikL5uKYSp6UNdyl0GU 5IDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=fmy4tO1tW/yB2p+/DBGuPfpuvcNIPQV/6jKnfwUymaM=; b=MMAUDOJUPXdExt1HMQkWtJ40wDFTSt5VXJVz/+9tmdfFpTvCMOU9GVBS6u7TnEnX9t YYhzmVMu9vh0FscgeqZt/AY7O/6W5Z3yUSXRe/Q7QEdOZCvXaEOQXCXVwXTvULSbNLTA HUMk/0vG641yIkcWiVBoh98ddI37qrgNCTo3Zx9fTMAWxAy16NzTYIuRUZdax/xhjqeK YoTdNYJ4WbR2VyaT9+sP41trCj6gvcM0STG1d6BT3sNmBlEAekXz+j9Tnrdudtv85yUI 674NAqdzgDHgo2vBHnyIEKpwEU6SIXLeBM0/5KQ31yg8NUbYZMuCaO/v5DPFUcNUzX06 aOiQ== X-Gm-Message-State: AOAM530x4Ozd5RAUDI5IZmCs1YEMln17y8yD8R2jC02wFVEtU5vwsstH cGiQrVpyvwPbSOh1+GOBeYtLqA== X-Received: by 2002:a17:902:22:: with SMTP id 31mr4590106pla.120.1595531251889; Thu, 23 Jul 2020 12:07:31 -0700 (PDT) Received: from google.com ([2620:15c:201:2:f693:9fff:fef4:1b6d]) by smtp.gmail.com with ESMTPSA id h6sm3716298pfo.123.2020.07.23.12.07.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jul 2020 12:07:31 -0700 (PDT) Date: Thu, 23 Jul 2020 12:07:24 -0700 From: Sami Tolvanen To: Neal Liu Cc: "Rafael J. Wysocki" , "Rafael J. Wysocki" , Len Brown , Daniel Lezcano , Thierry Reding , Jonathan Hunter , Jacob Pan , Matthias Brugger , ACPI Devel Maling List , Linux PM , linux-tegra , Linux ARM , "moderated list:ARM/Mediatek SoC..." , lkml , wsd_upstream Subject: Re: [PATCH v2] cpuidle: change enter_s2idle() prototype Message-ID: <20200723190724.GA1339461@google.com> References: <1594005196-16327-1-git-send-email-neal.liu@mediatek.com> <1594005196-16327-2-git-send-email-neal.liu@mediatek.com> <1594350535.4670.13.camel@mtkswgap22> <1595233294.8055.0.camel@mtkswgap22> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1595233294.8055.0.camel@mtkswgap22> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 20, 2020 at 04:21:34PM +0800, Neal Liu wrote: > Gentle ping on this patch. > > > On Fri, 2020-07-10 at 11:08 +0800, Neal Liu wrote: > > On Thu, 2020-07-09 at 14:18 +0200, Rafael J. Wysocki wrote: > > > On Mon, Jul 6, 2020 at 5:13 AM Neal Liu wrote: > > > > > > > > Control Flow Integrity(CFI) is a security mechanism that disallows > > > > changes to the original control flow graph of a compiled binary, > > > > making it significantly harder to perform such attacks. > > > > > > > > init_state_node() assign same function callback to different > > > > function pointer declarations. > > > > > > > > static int init_state_node(struct cpuidle_state *idle_state, > > > > const struct of_device_id *matches, > > > > struct device_node *state_node) { ... > > > > idle_state->enter = match_id->data; ... > > > > idle_state->enter_s2idle = match_id->data; } > > > > > > > > Function declarations: > > > > > > > > struct cpuidle_state { ... > > > > int (*enter) (struct cpuidle_device *dev, > > > > struct cpuidle_driver *drv, > > > > int index); > > > > > > > > void (*enter_s2idle) (struct cpuidle_device *dev, > > > > struct cpuidle_driver *drv, > > > > int index); }; > > > > > > > > In this case, either enter() or enter_s2idle() would cause CFI check > > > > failed since they use same callee. > > > > > > Can you please explain this in a bit more detail? > > > > > > As it stands, I don't understand the problem statement enough to apply > > > the patch. > > > > > > > Okay, Let's me try to explain more details. > > Control Flow Integrity(CFI) is a security mechanism that disallows > > changes to the original control flow graph of a compiled binary, making > > it significantly harder to perform such attacks. > > > > There are multiple control flow instructions that could be manipulated > > by the attacker and subvert control flow. The target instructions that > > use data to determine the actual destination. > > - indirect jump > > - indirect call > > - return > > > > In this case, function prototype between caller and callee are mismatch. > > Caller: (type A)funcA > > Callee: (type A)funcB > > Callee: (type C)funcC > > > > funcA calls funcB -> no problem > > funcA calls funcC -> CFI check failed > > > > That's why we try to align function prototype. > > Please feel free to feedback if you have any questions. I think you should include a better explanation in the commit message. Perhaps something like this? init_state_node assigns the same callback function to both enter and enter_s2idle despite mismatching function types, which trips indirect call checking with Control-Flow Integrity (CFI). > > > > Align function prototype of enter() since it needs return value for > > > > some use cases. The return value of enter_s2idle() is no > > > > need currently. > > > > > > So last time I requested you to document why ->enter_s2idle needs to > > > return an int in the code, which has not been done. Please do that. Rafael, are you happy with the commit message documenting the reason, or would you prefer to also add a comment before enter_s2idle? Sami