Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp732635pxf; Thu, 8 Apr 2021 11:30:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJygfNvs3HjO4ZhnUxBlQH/8F3bJrFLCwgz92l0URdBZ1ar3NLbveP6SZYE6ka/L0SSNSfOj X-Received: by 2002:a17:902:b595:b029:e9:8c2:1d13 with SMTP id a21-20020a170902b595b02900e908c21d13mr9019998pls.81.1617906632232; Thu, 08 Apr 2021 11:30:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617906632; cv=none; d=google.com; s=arc-20160816; b=E2Bh8D89kPdkAuMceyxs5yroavuwR21P49Q4Cmgzpjh2Yy2wie0Tgv/Ly77QZc3wjy wGf8Ltf1g6oupnebhdWKKpCXqgK0t15cq7w+cB+supqqn4soPK0qjCKEIrIVOHgSCcdj RctVoGMPdzriixh9ipL+/Ro4CdfXdGTLJ01IkFokNuT7ExaDnbmYhV6FWzPgbYz9HXVl qMuupmsC4jTkJtydbTo1sK0xczuZQCAu0ZSDAtocDi3q+wo7gayYLo6/N97JR6RV6guk 2EWx+A3Uw30eWISTbhXOMh2tHSm0k5Ns83rzxXeoT/4batT2CDmIQzpRN53wDWxooUkK PKeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:references:mime-version :message-id:in-reply-to:date:dkim-signature; bh=T2ovzaB0NMgTSr/OQHoRsOuIMdugM8hNdn5wpYAlfF8=; b=ISSAvmH/Y8wL67U8EKUtsoRYHMiFD/mcroWfoIqDpAdXOINhfyKHwBc6py3zpS1NkI DIgc/9O5sELQfu+/A6YBmqXT+wlIJbc7SPJ7cTLUvOqLtjV+dp1uqwuYgn40tIdh7epB HGky77VatMs4ys6YJXTvo+fkNQ5jVYCliUpgb4cburg2SbfhCHcTitB45qMKsqoDPotc JNUtej8sy503/IHwoUf+JkRNqobYulselpYm4lxRzpwbCLbqdhpwOHGbB5vlTgFmZNtN 08qcWiygui66xt1c7H2MOL0+inwavY80FnSt1rZ0kdSwZcwVzSCcKlOB8JhCU7gFiuY6 2g/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="b/XnAFSz"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f1si15058pgs.307.2021.04.08.11.30.19; Thu, 08 Apr 2021 11:30:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="b/XnAFSz"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232947AbhDHS3v (ORCPT + 99 others); Thu, 8 Apr 2021 14:29:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232946AbhDHS3Z (ORCPT ); Thu, 8 Apr 2021 14:29:25 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C02E2C06178A for ; Thu, 8 Apr 2021 11:29:01 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id d1so2833388ybj.15 for ; Thu, 08 Apr 2021 11:29:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=T2ovzaB0NMgTSr/OQHoRsOuIMdugM8hNdn5wpYAlfF8=; b=b/XnAFSzIGeFZL5t4c3a08ji5ExjHKdf/SwND+STd8nJjKG2hFi8IK6+LIkx2BL1C9 wA58dA9Twv0RudfR+z0WKHeJHzBjE5MCPeNpBMSpRhTqgwMv1lMdb5OMvQvJs03AJdqF cvNhS4rRrIm5NEuMJcbOn0Qic4skZtQ7ODdDOjE+31zXh7wKiynNzNVauckEuvoTxUxC kDIa3FfiN8wZ72m0SiVMTOm77/X5XsJn517NuQnl/oz5AyexntdTHwnjiUme+uS7gPSa RYYiKdwwNKXeM2PUjRJWR//28taSyDm0VOQQzPOC2K3Pq3M24yOOt7lwowsUBlWOxQbw tw4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=T2ovzaB0NMgTSr/OQHoRsOuIMdugM8hNdn5wpYAlfF8=; b=MpaDfKxRlc1QtsOWALGGOBfpgHPSY7sWHIfyqw4NNPdmH9JK+pUEZWadZN2P7QHB/H HJVJucncu5AzruZ+QOWWSRpJXNupXLx0YpfeipuKtfUFJ6CRK68fwrNjN7W4YBV1mm/T QRvoPP0uhKzQSBAB+FlEEaB5x+kCeMYTWRj9Ba323I5RzmnnFs5bbdsCXIUAv0frn3FF dEx5VLsWalhGEO/I8rpbIngFl9QYXrOKdiqJmlT+bluoLoYrw0PgxCwbEI8N7QcnOKXV r3dhOdP3IEQdZvigUcWToMWyOTP5Iy99seRcDldaUwebqfEPhoRiC7iUQiKgOG+PcXrl CI6A== X-Gm-Message-State: AOAM530/to0EyfdK1FMmSK94CzvX8O6MUdD6QuJ/+HHIRT0aOyXsjmT2 DSK04CKLZ04fy1K0blXGZytAJaXFCOfiyCB9OPs= X-Received: from samitolvanen1.mtv.corp.google.com ([2620:15c:201:2:3560:8505:40a2:e021]) (user=samitolvanen job=sendgmr) by 2002:a25:fc05:: with SMTP id v5mr2410558ybd.192.1617906540963; Thu, 08 Apr 2021 11:29:00 -0700 (PDT) Date: Thu, 8 Apr 2021 11:28:33 -0700 In-Reply-To: <20210408182843.1754385-1-samitolvanen@google.com> Message-Id: <20210408182843.1754385-9-samitolvanen@google.com> Mime-Version: 1.0 References: <20210408182843.1754385-1-samitolvanen@google.com> X-Mailer: git-send-email 2.31.1.295.g9ea45b61b8-goog Subject: [PATCH v6 08/18] bpf: disable CFI in dispatcher functions From: Sami Tolvanen To: Kees Cook Cc: Nathan Chancellor , Nick Desaulniers , Masahiro Yamada , Will Deacon , Jessica Yu , Arnd Bergmann , Tejun Heo , "Paul E. McKenney" , Christoph Hellwig , Peter Zijlstra , Sedat Dilek , Mark Rutland , Catalin Marinas , bpf@vger.kernel.org, linux-hardening@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org, linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org BPF dispatcher functions are patched at runtime to perform direct instead of indirect calls. Disable CFI for the dispatcher functions to avoid conflicts. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Tested-by: Nathan Chancellor --- include/linux/bpf.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 3625f019767d..2f46f98479e1 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -650,7 +650,7 @@ struct bpf_dispatcher { struct bpf_ksym ksym; }; -static __always_inline unsigned int bpf_dispatcher_nop_func( +static __always_inline __nocfi unsigned int bpf_dispatcher_nop_func( const void *ctx, const struct bpf_insn *insnsi, unsigned int (*bpf_func)(const void *, @@ -678,7 +678,7 @@ void bpf_trampoline_put(struct bpf_trampoline *tr); } #define DEFINE_BPF_DISPATCHER(name) \ - noinline unsigned int bpf_dispatcher_##name##_func( \ + noinline __nocfi unsigned int bpf_dispatcher_##name##_func( \ const void *ctx, \ const struct bpf_insn *insnsi, \ unsigned int (*bpf_func)(const void *, \ -- 2.31.1.295.g9ea45b61b8-goog