Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp664301pxb; Fri, 16 Apr 2021 15:14:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy8NFqAq4O2R5kjovVF9XcbMGYlRLcjXNbFNsxoHfHrXN3Mlr4pCf7GlfuO3NVFKTswlXFm X-Received: by 2002:a05:6402:1a2b:: with SMTP id be11mr12532686edb.304.1618611245241; Fri, 16 Apr 2021 15:14:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618611245; cv=none; d=google.com; s=arc-20160816; b=nJXojBrIwWcaNQ9/7VjTyHWhRJt75HdrwOZBbv3SOHjWFc/U6q39haFw3wKIV3ZUJN c9FEarrZmR2gkgBvTGrQxJY+/ru1RgQaIn7CIoGkDXJRan5ut031LrK5ogfZ4Rfrw76p KZisfefMQLlVcGXmNikeaox+fBhGngcSE7ldsESqCCv42Tv8w++TiYiNoj/+toOCpmQd 0EF5XTWoF1WjueFr4cEx4uLqLNFsj54TDhXZhTQ+/xms0SpMEUjhPhrSPoh4o31l5kdY sY5fclD1EROA5W5TF/JRcTsBrbpAS23DdCkMgsVDhU3Mnjabz3EU1YG7SN33yWTntr0X mgXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=BHf4UvsT+tp1w5uysV23zNNg2+SFrSc3uh4pmNnApJ0=; b=EzXwdabGiqXV5T9aj1Kq0eU9KepEnBBZuX4WyEg0Ui31BqQez+ALUQRXLUKoI1F2YJ Xa4LONF1eV7UBdFU3Jz8x2/NAp3b60neTfFigl73OXYH8l4fb1W5z2axpLYte3z3jFI4 PeTEspghAflskocOL9ALSGany4i/s+bzYqgMW+AXP8w7gGrIeePIYstWoGTR5bmiS2zZ eq1mspCHAR9TJ1oQUkLSAMBgHjEA2XHov8IDixFnNdFLha5vNEJsW6Y3ZQWFD7LChPOQ frbyrxFqdc8ljhv8op6BWl/D9QjT4+jszxDGR8q2FWLBK0rWj/che5piXVg0khIPe0/9 x3Jw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y3R2rSFS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z25si5146163ejw.129.2021.04.16.15.13.42; Fri, 16 Apr 2021 15:14:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=Y3R2rSFS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235258AbhDPWG4 (ORCPT + 99 others); Fri, 16 Apr 2021 18:06:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:42608 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235608AbhDPWGz (ORCPT ); Fri, 16 Apr 2021 18:06:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 44E5A613B4 for ; Fri, 16 Apr 2021 22:06:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1618610790; bh=4Xl0tR28PauSIlcb3tBpyyEncZpSiEx2m3KQJDq5wWc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Y3R2rSFSUVZv99sZNOekR5WG9rg1NBv+7D3lqRSmSQLegp1N73pGA3rjjL+aMihDa +U9l6yWgBaWUjVT3OJy1Y+iofHd7i2Q0/ll0BVm0MccS1FE+Nknqs5c+hgjlvaaArL sjb+ZvfV8As2EmApjbI2hew3OkzRmKcrU3YS2mABR+EYPg4Q3yqL6cLnG1QQ06oSZU JfvqIouVR9zCa8lsM+5gu4VFAYH17k2RjBUUop+M7u3y7PFPf6Lt1pP36qyfLidiDy wrpGTLiHW9zXwckkTXILQjSspxTAxMOvLBM4+bkK8I5P+34lo3DxLfTfn8GmzX+Vy2 2jqN2u/39S1Ag== Received: by mail-ej1-f44.google.com with SMTP id g5so37494148ejx.0 for ; Fri, 16 Apr 2021 15:06:30 -0700 (PDT) X-Gm-Message-State: AOAM5314QKLnzm/AhSpGou8mW1pr2tFoc+uun6ZN7NzfOqil4emtozxo Af8+WpY64rhj9AWTi+8D9L1j9Vm9p3aIMSk5QJlajw== X-Received: by 2002:a17:906:c010:: with SMTP id e16mr10503154ejz.214.1618610788798; Fri, 16 Apr 2021 15:06:28 -0700 (PDT) MIME-Version: 1.0 References: <20210416203844.3803177-1-samitolvanen@google.com> <20210416203844.3803177-6-samitolvanen@google.com> <20210416211855.GD22348@zn.tnic> <20210416220251.GE22348@zn.tnic> In-Reply-To: <20210416220251.GE22348@zn.tnic> From: Andy Lutomirski Date: Fri, 16 Apr 2021 15:06:17 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 05/15] x86: Implement function_nocfi To: Borislav Petkov Cc: Sami Tolvanen , X86 ML , Kees Cook , Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , linux-hardening@vger.kernel.org, LKML , clang-built-linux Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 16, 2021 at 3:03 PM Borislav Petkov wrote: > > On Fri, Apr 16, 2021 at 02:49:23PM -0700, Sami Tolvanen wrote: > > __nocfi only disables CFI checking in a function, the compiler still > > changes function addresses to point to the CFI jump table, which is > > why we need function_nocfi(). > > So call it __func_addr() or get_function_addr() or so, so that at least > it is clear what this does. > This seems backwards to me. If I do: extern void foo(some signature); then I would, perhaps naively, expect foo to be the actual symbol that gets called and for the ABI to be changed to do the CFI checks. The foo symbol would point to whatever magic is needed. I assume I'm missing something.